The Information Security Registered Assessors Program is the Australian Government's framework for assessing systems that store, process, or communicate government information. CypherLeap delivers both the preparation and the formal assessment under one roof, with ASD-endorsed IRAP assessors on the team.
For organisations whose systems are ready, our in-house ASD-endorsed assessors deliver the formal Stage 1 and Stage 2 assessment against the ISM and PSPF, end to end.
For organisations not yet ready, we run the program against ISM controls, build the System Security Plan, harden the environment, and stay engaged through to assessment.
Many clients engage both pathways with us. That removes the prep-to-assessor hand-off that fragments most IRAP engagements and adds time and cost to the timeline.
If you provide services to Australian Government agencies, whether cloud hosting, SaaS, managed services, or consulting, you may need to demonstrate your systems meet the requirements of the Australian Government's Information Security Manual (ISM). IRAP assessments are conducted by ASD-endorsed assessors and are required for systems handling PROTECTED and OFFICIAL:Sensitive classified information.
Assessment of your systems against relevant ISM controls for your target classification. Clear gap register and remediation roadmap.
Implementation of required security controls. Network segmentation, encryption, access controls, logging, endpoint hardening, and administrative procedures.
System Security Plan (SSP), Standard Operating Procedures, and all supporting documentation required for IRAP assessment.
Whether the formal assessment is delivered by our in-house IRAP assessors or by a third party, we coordinate the handover, prepare evidence, brief your team, and stay engaged through Stage 1 and Stage 2.