What is an IRAP Assessment?
Cybersecurity and information security are a top national security priority for government; to prevent cyber intrusions on government systems, critical infrastructure and other information networks that could threaten Australia’s national security interests.
The Australian Signals Directorate (ASD), through the Australian Cyber Security Centre (ACSC), provides cybersecurity advice and assistance to Australian Government, businesses and individuals.
The ACSC produces programs, strategies and standards including the ISM, IRAP and guidance on fortifying security technologies.
Experienced IRAP Assessors
Scope of the Service
An IRAP scope definition focusses on clearly identifying and categorising the technologies and operations that are within scope for a given system. This scope is used to build a Statement of Applicability (SOA) for the system(s). The SOA will then be used as the foundation for PSPF/ISM compliance activities as well as the IRAP assessment process for the system(s).
PSPF/ISM Compliance Preparation
Often defined by a gap analysis, PSPF/ISM Compliance Preparation may include writing or updating documentation, conducting risk assessments, architectural reviews, control implementation and other activities that may be necessary to prepare for an IRAP Assessment.
IRAP Assessments for Cloud Providers
Cloud providers wishing to engage with Australian Government clients, are also recommended to undergo an IRAP Assessment.
The process is the same as other ICT providers follow.
Undergoing the IRAP process is beneficial. Once you achieve certification with one Government department or agency, it can be leveraged to open the way for you to work with other departments and agencies.