RAP Assessors are ASD-certified ICT professionals from across Australia who have:
- the necessary experience and qualifications in ICT, security assessment and risk management, and
- a detailed knowledge of Australian Government information security compliance requirements.
Individuals can apply to become IRAP Assessors if they can:
- attain a minimum Baseline security clearance
- demonstrate a minimum of five years of technical ICT experience with at least two years of information security experience on systems using the Australian Government Information Security Manual (ISM) and supporting publications
- provide two current and relevant professional referees who can attest to the applicant's character, competence and ICT experience
- provide two external customers who can directly attest to the applican't technical ICT understanding, knowledge of the ISM and security assessment experience, and
- show evidence of relevant ICT and auditing qualifications, one from Category A and one from Category B.
- CISM - Certified Information Security Manager
- CISSP - Certified Information Systems Security Professional
- GSLC - GIAC Security Leadership Certificate
- CISA - Certified Information Systems Auditor
- GSNA - GIAC Systems and Network Auditor
- ISO 27001 Lead Auditor
- PCI QSA
When ASD has confirmed that the above requirements have been met, the individual can:
- complete an IRAP New Starter Training Course through an ASD-approved IRAP Training Provider
- undertake the ASD New Starter Examination. For an example, see IRAP Entry Examination Practice Questions.
If the candidate successfully passes the examination they are added to the list of registered IRAP Assessors.
In accordance with the IRAP Policy and Procedures, IRAP Assessors maintain their skills by:
- maintaining IRAP prerequisite qualifications in ICT and auditing disciplines
- completing annual online Australian Government Information Security Manual (ISM) refresher training
- attending ASD-endorsed workshops, forums and conferences, and
- participating in information-sharing activities across the IRAP and information security communities.
IRAP Assessors make a valuable contribution to Australia's national security objectives by assisting government agencies to improve their security posture by providing ICT security advice and assessment services.