Our consultants are endorsed by the Australian Signals Directorate to deliver independent IRAP assessments.
An IRAP assessment is an independent security assessment performed by an Australia Signals Directorate (ASD) endorsed IRAP assessor. The output of the assessment is an IRAP report based on the template provided by the Australian Cyber Security Centre (ACSC) which you can share with your clients.
The IRAP report provides your customers confidence in how you have implemented controls from the Australian Government Information Security Manual (ISM). To produce the report, an IRAP assessor will independently verify each implemented ISM control and conclude on its effectiveness.
Information Security Registered Assessors Program (IRAP) assessors are industry experts endorsed by the Australian Signals Directorate (ASD) to provide IRAP assessment services. As part of this endorsement they are required to undergo a technical exam and maintain relevant industry security and audit certifications.
Customers who are looking to sell their cloud or managed services offerings to Australian Government Departments and Agencies may be asked whether their service has been IRAP assessed as an early procurement checkpoint.
That’s because of Guidelines for Procurement and Outsourcing from the Information Security Manual, which mandates managed service providers, outsourced cloud service providers and their cloud services undergo a security assessment by an IRAP assessor at least every 24 months.
This service is for customers who are ready for an IRAP assessment, or they are seeking a revalidation of a previous IRAP assessment.
There are two ways to find out if you are ready for an IRAP assessment.
IRAP assessment materials are publicly available on the ACSC website. This includes the ISM controls we assess customers against, the cloud security control matrix and the IRAP assessment report template.
For an IRAP assessment, you will need at a minimum:
You can also contact us for a no-obligation discussion about the above items.
CanIComply will work with your governance, engineering and cyber security teams to identify the necessary controls and develop the documentation for your service to undergo an IRAP assessment.
The IRAP assessment will systematically assess each control you have documented in your System Security Plan. The assessment involves determining whether the controls have been designed, implemented and are operating effectively in accordance with the requirements of the Information Security Manual.
Our IRAP assessment service will provide you with:
The workbook can be used for future self assessments or by an IRAP assessor for re-validation assessments.
Our pricing for IRAP assessments start at $45,000 excl. GST
The pricing is influenced by:
Feel free to contact us for a detailed quotation.
We are a specialised consulting practice focused on providing cyber security services to meet Australian Government requirements. Our team has experience on both sides of the fence including audit, assurance, risk management and advisory services.
We know what good looks like.
We know what information your federal government clients need to make informed purchasing decisions.