Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 12 Jun 2019
Last updated: 05 May 2026

Content written for

Small & medium business
Large organisations & infrastructure
Government

ASD partners with ICT training providers to deliver the IRAP Training Course and Assessment.

IRAP 2.0 Training Course and Assessment

ASD is proud to partner with the following IRAP 2.0 Training Course and Assessment training delivery providers. These providers work closely with ASD and engage facilitators who have high-level experience in ICT security and the delivery of information security training.

Australian Cyber Collaboration Centre
Aus ISA logo - back and orange

 

The IRAP 2.0 Training Course has been designed to prepare the next generation of ASD-endorsed IRAP assessors through hands-on, interactive scenario-based training.

The IRAP assessment process tests participants’ knowledge, critical thinking skills and experience against those expected of an IRAP assessor. To enrol, participants are required to have extensive information security implementation or assessment experience, using Australian Government Frameworks such as the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF).

The course content follows the IRAP assessment methodologies, program policy, and best practice security guidance outlined by ASD.

The course format includes:

  • Practical, hands-on assessment of ISM controls within a lab-based simulated Government environment to support gathering of evidence, determining control effectiveness, and applying ASD's IRAP assessment framework.
  • Theory fundamentals on the IRAP Policy and Procedures, the IRAP Common Assessment Framework and quality assurance standards, and the assessor's obligations under the ISM and PSPF.
  • Interpreting architecture diagrams, defining system and assessment boundaries, considering the attack surface, and understanding how scoping drives assessment depth and focus.
  • Applying governance and independence requirements, including navigating conflicts of interest, assessment integrity requirements, and the governance and reporting obligations that underpin every IRAP engagement.
  • Producing IRAP-style assessment reports based on your control testing – documenting findings, justifying control outcomes, and providing actionable recommendations – to support informed decision-making by authorising officers.
  • Validating acquired knowledge and experience, covering control interpretation, contemporary technical knowledge, analytical reasoning, IRAP requirements, and assessment methodology.

This course is aimed at experienced information security professionals, and takes an assumed-knowledge approach to the ISM and PSPF. To ensure the best chance of success, course participants should be familiar with the following publications and documents.

After successful completion of the course and assessment, participants can apply to become an IRAP Assessor.

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?