Skip to main content

IRAP Assessors are ASD-certified ICT professionals from across Australia who have the necessary experience and qualifications in ICT, security assessment and risk management, and a detailed knowledge of Australian Government information security compliance requirements.

Individuals can apply to become IRAP Assessors if they can:

  • attain a minimum Baseline security clearance

  • demonstrate a minimum of five years of technical ICT experience with at least two years of information security experience on systems using the Australian Government Information Security Manual (ISM) and supporting publications

  • provide two current and relevant professional referees who can attest to the applicant's character, competence and ICT experience

  • provide two external customers who can directly attest to the applican't technical ICT understanding, knowledge of the ISM and security assessment experience, and

  • show evidence of relevant ICT and auditing qualifications, one from Category A and one from Category B.

Category A

Category B

When ASD has confirmed that the above requirements have been met, the individual can:

If the candidate successfully passes the examination they are added to the list of registered IRAP Assessors.

In accordance with the IRAP Policy and Procedures, IRAP Assessors maintain their skills by:

  • maintaining IRAP prerequisite qualifications in ICT and auditing disciplines

  • completing annual online Australian Government Information Security Manual (ISM) refresher training

  • attending ASD-endorsed workshops, forums and conferences, and

  • participating in information-sharing activities across the IRAP and information security communities.

IRAP Assessors make a valuable contribution to Australia's national security objectives by assisting government agencies to improve their security posture by providing ICT security advice and assessment services.

Apply to become an IRAP assessor