First published: 12 Jun 2019
Last updated: 15 Aug 2024

Content written for

Small & medium business
Large organisations & infrastructure
Government

The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.

IRAP

The Australian Signals Directorate (ASD), via the Infosec Registered Assessors Program (IRAP), provides organisations with access to cyber security professionals to conduct high-quality, independent security assessment services.

An IRAP security assessment helps organisations understand their system’s security strengths and weaknesses and provides recommendations that can be utilised as part of their organisational security program.

What IRAP does

ASD endorses individuals from the private and public sectors to provide security assessment services with the aim of enhancing the security of broader industry and Australian Government systems and data.

Endorsed IRAP Assessors assist organisations to secure their systems and data by independently assessing their cyber security posture, identifying security risks and suggesting mitigation measures.

IRAP Assessors can provide security assessments of SECRET and below for:

What IRAP does not do

IRAP Assessors do not accredit, certify, endorse or register systems on behalf of ASD. The scope of a security assessment will generally not cover all ISM security controls and a completed security assessment does not inherently imply that a system is compliant with the tested security controls. As such, it is integral for customers to read and understand security assessment reports or letters of completion to determine what a system has been tested against and if it meets their cyber security requirements.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it