IRAP Assessments

Assurance Bureau delivers independent Information Security Registered Assessors Program (IRAP) assessments as an accredited IRAP assessor endorsed by the Australian Signals Directorate (ASD).

IRAP assessments evaluate the security controls of systems and environments against the Australian Government Information Security Manual (ISM), providing the independent evidence base required to support system authorisation decisions by an Authorising Official.

Typical assessment activities include:

·        Assessment of security controls against applicable ISM requirements

·        Identification and documentation of findings, including nonconformities and observations

·        Review of policies, procedures, and supporting control evidence

·        Production of an IRAP assessment report suitable for submission to the Authorising Official

·        Post-assessment advisory support where required

This service is suited to Australian Government agencies, government-adjacent organisations, and suppliers handling government data who require independent ISM assessment to support authorisation or demonstrate security posture.

Note on independence: Where Assurance Bureau has previously provided advisory or uplift services to an organisation, independence obligations under the IRAP program will be considered prior to undertaking an assessment engagement. Contact us to discuss your specific circumstances.

IRAP Preparation (Advisory)

Advisory support is available to help organisations prepare for an IRAP assessment, separate from the assessment engagement itself.

This service is appropriate for organisations that are not yet assessment-ready or wish to reduce findings prior to engaging an IRAP assessor.

Typical advisory activities include:

·        Gap assessment against the ISM prior to formal assessment

·        Review of control implementation evidence and documentation

·        Governance, risk, and accountability uplift aligned to IRAP expectations

·        Preparation support for assessment engagement

Advisory and assessment services are scoped separately to preserve assessment independence. Contact us to discuss sequencing.

RFFR / DEWR ISMS Scheme

Support is provided to organisations participating in, or preparing for, the Department of Employment and Workplace Relations (DEWR) Information Security Management System (ISMS) Scheme under the Raising the Bar for Fraud Reduction (RFFR) framework.

Typical activities include:

·        ISMS design or uplift aligned to scheme requirements

·        Mapping of ISO/IEC 27001 controls to DEWR ISMS Scheme expectations

·        Governance and accountability alignment

·        Support for internal and external assurance activities under the scheme

Essential Eight Maturity Assessment

Assessment services are provided to evaluate an organisation’s alignment with the Australian Cyber Security Centre (ACSC) Essential Eight maturity model.

Typical activities include:

·        Assessment of Essential Eight controls against maturity level criteria

·        Review of policies, procedures, and supporting evidence

·        Identification of gaps and areas for improvement

·        Clear assessment reporting aligned to ACSC guidance

This service is assessment-focused and does not include technical implementation or remediation.

ISM-Aligned Governance Uplift

Governance advisory support is provided to help organisations align policies, risk management practices, and accountability structures with the Australian Government ISM.

Typical activities include:

·        ISM control mapping and applicability analysis

·        Governance and policy framework uplift

·        Risk management alignment to ISM expectations

·        Support for scheme-specific assurance or assessment activities

Contact
Contact