Individuals can apply to become IRAP Assessors if they can:
-
demonstrate Australian citizenship
-
demonstrate a minimum of five years of technical ICT experience with at least two years of information security experience on systems using the Australian Government Information Security Manual (ISM) and supporting publications
-
show evidence of relevant ICT and auditing qualifications, one from Category A and one from Category B
-
complete an IRAP new starter training course through an ASD approved IRAP training provider, and
-
undertake the ASD new starter examination.
Category A
Category B
-
ISO 27001 Lead Auditor
When ASD has confirmed that the above requirements have been met, the individual can:
-
attain a minimum NV1 security clearance (ASD will sponsor this if necessary), and
-
submit a conflict of interest declaration, and
-
submit a confidentiality deed.
If the candidate successfully meets all of the above criteria they are added to the list of registered IRAP Assessors.
In accordance with the IRAP Policy and Procedures, IRAP Assessors maintain their skills by:
-
maintaining IRAP prerequisite qualifications in ICT and auditing disciplines
-
Annually, demonstrate maintenance of ISM and IRAP assessment knowledge through completion of either:
-
Submission of an IRAP assessment report - identifying assessments completed within the previous 12 months, OR
-
IRAP examination.
-
-
attending ASD-endorsed workshops, forums and conferences, and
-
participating in information-sharing activities across the IRAP and information security communities.
IRAP Assessors make a valuable contribution to Australia's national security objectives by assisting government agencies to improve their security posture by providing ICT security advice and assessment services.
