The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.
IRAP
The Australian Signals Directorate (ASD), via the Infosec Registered Assessors Program (IRAP), provides organisations with access to cyber security professionals to conduct high-quality, independent security assessment services.
An IRAP security assessment helps organisations understand their system’s security strengths and weaknesses and provides recommendations that can be utilised as part of their organisational security program.
What IRAP does
ASD endorses individuals from the private and public sectors to provide security assessment services with the aim of enhancing the security of broader industry and Australian Government systems and data.
Endorsed IRAP Assessors assist organisations to secure their systems and data by independently assessing their cyber security posture, identifying security risks and suggesting mitigation measures.
IRAP Assessors can provide security assessments of SECRET and below for:
- ICT systems
- Cloud services
- Gateways
- Gatekeeper
- FedLink
What IRAP does not do
IRAP Assessors do not accredit, certify, endorse or register systems on behalf of ASD. The scope of a security assessment will generally not cover all ISM security controls and a completed security assessment does not inherently imply that a system is compliant with the tested security controls. As such, it is integral for customers to read and understand security assessment reports or letters of completion to determine what a system has been tested against and if it meets their cyber security requirements.
How to become an IRAP Assessor
IRAP Assessors are ASD-endorsed ICT professionals from across Australia who have the necessary experience and qualifications in ICT security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.
IRAP Consumer Guide
An IRAP Assessor will assist you by helping you to understand and implement security controls and recommendations to protect your systems and data.
IRAP Assessors List
ASD's IRAP endorses qualified security professionals to provide information security services.
Who are ASD's training providers?
ASD endorses ICT training providers to develop and facilitate IRAP New Starter Training.
Gateway hardening
This page lists publications on the hardening of gateway services.
Cloud Services
The Cloud Services Certification Program (CSCP) ceased on 2 March 2020.
IRAP resources
IRAP application form
Register to become an endorsed ASD IRAP Assessor.
IRAP assessment feedback form
Provide feedback for a recent IRAP assessment.
IRAP community feedback form
IRAP community members can provide comment on a range of topics about the course.