Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 12 Jun 2019
Last updated: 15 Aug 2024

Content written for

Small & medium business
Large organisations & infrastructure
Government

IRAP Assessors are ASD-endorsed ICT professionals from across Australia who have the necessary experience and qualifications in ICT security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.

Individuals can apply to become IRAP Assessors if they can:

  • demonstrate Australian citizenship
  • demonstrate a minimum of five years of technical ICT experience with at least two years of information security experience on systems using the Information Security Manual (ISM) and supporting publications
  • show evidence of relevant ICT and auditing qualifications, one from Category A and one from Category B
  • complete an IRAP new starter training course through an ASD approved IRAP training provider, and
  • undertake the ASD new starter examination.

Category A

Category B

When ASD has confirmed that the above requirements have been met, the individual can:

  • attain a minimum NV1 security clearance (ASD will sponsor this if necessary), and
  • submit a confidentiality deed.

If the candidate successfully meets all of the above criteria and the professional and integrity standards required for ASD endorsement, they are added to the list of registered IRAP Assessors.

In accordance with the IRAP Policy and Procedures, IRAP Assessors maintain their skills and endorsement by:

  • maintaining IRAP prerequisite qualifications in ICT and auditing disciplines.
  • annually, demonstrating maintenance of contemporary ISM and IRAP assessment knowledge through completion of either:
    • submission of an IRAP assessment report - identifying assessments completed within the previous 12 months, OR
    • IRAP examination.
  • ensuring a conflict of interest declaration at the beginning of each IRAP assessment.
  • attending ASD-endorsed workshops, forums and conferences.
  • participating in information-sharing activities across the IRAP and information security communities, and
  • demonstrating behaviours of professionalism and integrity consistent with ASD Values. 

IRAP Assessors make a valuable contribution to Australia's national security objectives by assisting government agencies to improve their security posture by providing ICT security advice and assessment services.

IRAP Assessor training includes a five-day IRAP training course and exam, which covers both IRAP and Information Security Manual (ISM) fundamentals.

Apply to become an IRAP Assessor through CIT Solutions Pty Ltd or the Australian Cyber Collaboration Centre.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it