IRAP Assessment

Our consultants are endorsed by the Australian Signals Directorate to deliver independent IRAP assessments.

What is this?

An IRAP assessment is an independent security assessment performed by an Australia Signals Directorate (ASD) endorsed IRAP assessor. The output of the assessment is an IRAP report based on the template provided by the Australian Cyber Security Centre (ACSC) which you can share with your clients.

The IRAP report provides your customers confidence in how you have implemented controls from the Australian Government Information Security Manual (ISM). To produce the report, an IRAP assessor will independently verify each implemented ISM control and conclude on its effectiveness.

Information Security Registered Assessors Program (IRAP) assessors are industry experts endorsed by the Australian Signals Directorate (ASD) to provide IRAP assessment services. As part of this endorsement they are required to undergo a technical exam and maintain relevant industry security and audit certifications.

Icon - Elements Webflow Library - BRIX Templates

Why do I need this?

Customers who are looking to sell their cloud or managed services offerings to Australian Government Departments and Agencies may be asked whether their service has been IRAP assessed as an early procurement checkpoint. 

That’s because of Guidelines for Procurement and Outsourcing from the Information Security Manual, which mandates managed service providers, outsourced cloud service providers and their cloud services undergo a security assessment by an IRAP assessor at least every 24 months.

Icon - Elements Webflow Library - BRIX Templates

Who is this for?

This service is for customers who are ready for an IRAP assessment, or they are seeking a revalidation of a previous IRAP assessment.

Icon - Elements Webflow Library - BRIX Templates

How do I know if I'm ready?

There are two ways to find out if you are ready for an IRAP assessment.

  1. Perform your own self assessment

IRAP assessment materials are publicly available on the ACSC website. This includes the ISM controls we assess customers against, the cloud security control matrix and the IRAP assessment report template.

For an IRAP assessment, you will need at a minimum:

You can also contact us for a no-obligation discussion about the above items.

  1. Engage CanIComply for IRAP Advisory services

CanIComply will work with your governance, engineering and cyber security teams to identify the necessary controls and develop the documentation for your service to undergo an IRAP assessment.

Icon - Elements Webflow Library - BRIX Templates

What does it involve?

The IRAP assessment will systematically assess each control you have documented in your System Security Plan. The assessment involves determining whether the controls have been designed, implemented and are operating effectively in accordance with the requirements of the Information Security Manual.

Icon - Elements Webflow Library - BRIX Templates

What will you get?

Our IRAP assessment service will provide you with:

  • An IRAP Assessment Report
  • An IRAP Assessment Workbook providing information on the ISM controls we assessed and our conclusions.

The workbook can be used for future self assessments or by an IRAP assessor for re-validation assessments.

Icon - Elements Webflow Library - BRIX Templates

How much will this cost?

Our pricing for IRAP assessments start at $45,000 excl. GST

The pricing is influenced by:

  • The number of components in your system
  • The number of applicable ISM guidelines
  • Whether the system has undergone an IRAP assessment previously

Feel free to contact us for a detailed quotation.

Icon - Elements Webflow Library - BRIX Templates

Why CanIComply?

We are a specialised consulting practice focused on providing cyber security services to meet Australian Government requirements. Our team has experience on both sides of the fence including audit, assurance, risk management and advisory services.

We know what good looks like.

We know what information your federal government clients need to make informed purchasing decisions.

Icon - Elements Webflow Library - BRIX Templates

How do I get in touch?

By submitting this message, you agree to our privacy policy.
Check - Elements Webflow Library - BRIX Templates

Thank you

Thanks for reaching out. We will get back to you soon.
Oops! Something went wrong while submitting the form.
Please get into contact with us directly hello@canicomply.com.au

Want to reach out directly?