Sorry, you need to enable JavaScript to visit this website.
Skip to main content

IRAP Tool Kit

Jul 1, 2018 - The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to government. ASD endorses suitably-qualified ICT professionals to provide relevant security services which aim to secure broader industry and Australian Government information (and associated) systems. IRAP Assessors assist in securing your ICT networks by assessing your security compliance and highlighting the information security risks facing your organisation.


Jul 1, 2018 - Why Achieve Accreditation? Achieving system accreditation will: identify the strengths and weaknesses of your system allow you to focus your resources on the areas most at risk, and highlight your system's security non-compliance and any associated residual risks. Determining the authorities in your system accreditation framework will identify clear lines of accountability. Segregating these authorities will provide you with an impartial framework with which to assess the security of your system.

IRAP Application Form

To be eligible for IRAP Assessor training and examinations you must provide: current Curriculum Vitae (CV), clearly indicating the dates for each engagement or project minimum of a Baseline security clearance (Australian citizenship required) - see Australian Government Security Vetting Agency for further details two certifications - one from Category A and one from Category B.

IRAP Assessors

The Australian Signals Directorate's (ASD) Information Security Registered Assessors Program (IRAP) endorses qualified ICT security professionals to provide information security services.

ASD Certified Services

The Australian Signals Directorate (ASD) has certified gateway services for use by multiple government agencies for many years, and in 2015 commenced certifying cloud services too. Learn more about: ASD-certified cloud services ASD-certified gateway services. Should you wish to procure an ASD-certified service, please discuss the details with one of the listed providers. ASD only certifies selected services, not the entire provider.

Why Engage an IRAP Assessor?

An IRAP Assessor will assist you to navigate through the accreditation framework, by helping you to understand and implement Australian Government security: standards requirements controls, and recommendations. Any Australian organisation can engage an IRAP Assessor, not just Australian government agencies. IRAP Assessors provide assessment services based on:

ASD Certified Gateways

Gateway services that are used by multiple government agencies must be IRAP assessed and certified by the Australian Signals Directorate (ASD), with agencies using the service awarding accreditation. The following providers maintain a PROTECTED gateway environment for government use. This environment has been IRAP assessed and ASD certified.

ASD Certified Cloud Services

ASD has awarded ASD Certification to the listed cloud service providers for specified cloud services. ASD has issued the providers with a, Certification Letter outlining the details of the certification and describing the conditions of holding certification and when re-certification may be triggered and Certification Report which provides customers with an overview of the security aspects which should be considered prior to accreditation.