Individuals can apply to become IRAP Assessors if they can: demonstrate Australian citizenship demonstrate a minimum of five years of technical ICT experience with at least two years of information security experience on systems using the Information Security Manual (ISM) (ISM) and supporting publications show evidence of relevant ICT and auditing qualifications, one from Category A and one from Category B complete an IRAP new starter training course through an ASD approved IRAP training provider, and undertake the ASD new starter examination. Category A CISM - Certified Information Security Manager CISSP - Certified Information Systems Security Professional GSLC - GIAC Security Leadership Certificate Category B CISA - Certified Information Systems Auditor CRISC GSNA - GIAC Systems and Network Auditor ISO 27001 Lead Auditor PCI QSA When ASD has confirmed that the above requirements have been met, the individual can: attain a minimum NV1 security clearance (ASD will sponsor this if necessary), and submit a conflict of interest declaration, and submit a confidentiality deed. If the candidate successfully meets all of the above criteria they are added to the list of registered IRAP Assessors. In accordance with the IRAP Policy and Procedures, IRAP Assessors maintain their skills by: maintaining IRAP prerequisite qualifications in ICT and auditing disciplines Annually, demonstrate maintenance of ISM and IRAP assessment knowledge through completion of either: Submission of an IRAP assessment report - identifying assessments completed within the previous 12 months, OR IRAP examination. attending ASD-endorsed workshops, forums and conferences, and participating in information-sharing activities across the IRAP and information security communities. IRAP Assessors make a valuable contribution to Australia's national security objectives by assisting government agencies to improve their security posture by providing ICT security advice and assessment services. Apply to become an IRAP assessor
