Independent security assessment, IRAP-endorsed.
Formal assessment of your systems against the Information Security Manual and the Protective Security Policy Framework, delivered by IRAP-endorsed assessors.
Assessment that Defence and government recognise.
The Information Security Registered Assessors Program endorses qualified assessors to evaluate systems against the controls in the Information Security Manual. For organisations handling government or Defence information, an IRAP assessment provides independent assurance that security controls are implemented and effective.
We assess your system, document the control implementation against the ISM, identify residual risk, and produce the security assessment report your accreditation pathway requires.
A report built for an accreditation decision.
- Security assessment report aligned to the ISM.
- Control implementation summary against your system's classification.
- Residual risk register.
- Remediation roadmap to an accreditable state.
Systems that carry government information.
- Organisations seeking to host or handle government data at PROTECTED or above.
- Cloud and system providers pursuing government or Defence customers.
- DISP members whose systems require formal assessment beyond the corporate Essential Eight baseline.
IRAP, answered.
The Information Security Registered Assessors Program endorses qualified assessors to evaluate systems against the controls in the Information Security Manual. An IRAP assessment gives independent assurance that your security controls are implemented and effective, which supports the accreditation pathway for systems that handle government or Defence information.
Organisations seeking to host or handle government data at PROTECTED or above, cloud and system providers pursuing government or Defence customers, and DISP members whose systems require formal assessment beyond the corporate Essential Eight baseline. If a tender or contract names the ISM or asks for an IRAP assessment, you need one.
DISP is membership of the Defence Industry Security Program: it covers your organisation across governance, personnel, physical and ICT security. IRAP is a system-level security assessment against the ISM. They serve different purposes. A DISP member often still needs an IRAP assessment for a specific system, and we can carry both under one practice.
A security assessment report aligned to the ISM, a control implementation summary against your system's classification, a residual risk register, and a remediation roadmap to an accreditable state. The report is written so an authorising officer can make an informed accreditation decision.
Find out whether your system needs an IRAP assessment.
Tell us about the system and the requirement it has to meet. We will tell you the most direct path to an accreditable state.