SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Federal Assessments

Infosec Registered Assessors Program (IRAP)

For those providing—or wanting to provide—cyber security assessment services to the Australian government, you must undergo the Information Security Registered Assessors Program (IRAP), which involves a rigorous security assessment performed by an IRAP assessor. 

Contact a Specialist

What is IRAP?

In Australia, IRAP is the cornerstone of ensuring information and communication technology (ICT) systems across government agencies are secure and compliant with the Australian Government Information Security Manual (ISM).  

In providing a comprehensive framework for independent security assessments, IRAP plays a pivotal role in enhancing the protection of national data. Governed by the Australian Cyber Security Centre (ACSC), it sets the standard for cloud service security assessments and endorses skilled professionals to deliver top-tier cybersecurity evaluation services. 

Benefits of IRAP

Getting IRAP assessed offers a multitude of benefits for organizations handling government data or aiming to work with Australian government agencies, including: 

Our IRAP Process

As specialists in scrutinizing security measures against the Australian Government ISM standards, our IRAP assessors aim to help you enhance the protection of governmental data across ICT infrastructures for storage, processing, and communication. 

To do this, we begin each project with your end goals in mind as we prepare for future key project activities. Timely coordination of project planning activities, as well as effective communication throughout the engagement, are central to our methodology with our clients, which breaks down as follows: 

Image

Scope Definition

First, we’ll define the scope of your IRAP assessment, which involves identifying the specific systems, data, and operations that will be evaluated against the ISM standards before confirming that scope with our certified IRAP Assessor.

Image

Security Documentation Review

After compiling your organization's security documentation, policies, and procedures, we will review this necessary evidence to ensure everything aligns with ISM requirements.

Image

Assessment

The assessor will then conduct evaluations—including interviews with key personnel and physical inspections of your ICT infrastructure—so that you receive a comprehensive assessment of your security measures and practices.

Image

Remediation and Action Plans

Based on the assessment findings, your organization will document the actions required to implement security measures and to remediate identified vulnerabilities in your Plan Of Action And Milestones (POAM).

Image

Reporting

We will then compile a detailed IRAP Assessment Report that outlines the scope of the assessment, your current security status, identified risks, and recommendations for mitigating these risks, which will enable any reviewer of the report to make an informed risk-based decision about your system’s suitability for their security needs and risk appetite.

Image

Follow-up Assessment (Optional)

After you implement the recommended improvements, we can conduct a follow-up assessment to ensure that all changes are effectively mitigating risks and that your organization is aligned with ISM standards.

Don't see a service you're interested in? 

Talk to a Practice Leader