Infosec Registered Assessors Program (IRAP)
IRAP is a program of activities sponsored by the Australian Signals Directorate (ASD) culminating in the endorsement and registration of individuals as competent to assess information security systems in accordance with Australian Government information security standards and policy documents.
IRAP provides the framework to endorse individuals from the private and public sectors to provide cyber security assessment services to Australian governments. Endorsed IRAP Assessors can provide an independent assessment of ICT security, suggest mitigations and highlight residual risks. IRAP Assessors may provide assessment up to the TOP SECRET level for:
Candidates qualifying as IRAP registered assessors are endorsed to carry out the following types of assessment work:
- Gateway certifications
- Cloud services
- Network/system assessments
- Gatekeeper assessments
- FedLink audits, and
- FedLink connection assessments
IRAP Application Form
To be eligible for IRAP Assessor training and examinations you must provide:
- An up to date CV indicating the dates for each engagement or project
- minimum of a Baseline security clearance (Australian citizenship required) - see Australian Government Security Vetting Agency for further details
- two certifications - one from Category A and one from Category B.
Category A
- CISM
- CISSP
- GSLC
Category B
- CISA
- CRISC
- CSNA
- ISO 27001 Lead Auditor
- PCI QSA
Infosec Registered Mandatory Annual Training Assessor Program (IRAP MAT)
Find out more about the IRAP Program
IRAP registered assessors undertake Mandatory Annual Training. This is done through a maintenance program that provides assurance that assessors have satisfactorily completed any mandatory training maintenance requirements throughout the 12 months of their registration and are up to date with ISM/policy changes. The performance of work within the scope of the Program carried out by assessors will also be subject to review at the time of re-registration.