IRAP Preparation (Advisory Only)

Advisory support is provided to help organisations prepare for assessments under the Australian Government Information Security Registered Assessors Program (IRAP).

This service focuses on readiness and governance uplift prior to an independent IRAP assessment and does not include acting as an IRAP assessor.

Typical activities include:

  • Gap assessment against the Australian Government Information Security Manual (ISM)

  • Review of control implementation evidence and documentation

  • Governance, risk, and accountability uplift aligned to IRAP expectations

  • Preparation support for engagement with an independent IRAP assessor

IRAP assessments themselves are conducted by accredited IRAP assessors engaged separately.

RFFR / DEWR ISMS Scheme

Support is provided to organisations participating in, or preparing for, the Department of Employment and Workplace Relations (DEWR) Information Security Management System (ISMS) Scheme under the Raising the Bar for Fraud Reduction (RFFR) framework.

This service focuses on helping organisations establish or uplift an ISMS that meets scheme requirements and supports ongoing compliance.

Typical activities include:

  • ISMS design or uplift aligned to scheme requirements

  • Mapping of ISO/IEC 27001 controls to DEWR ISMS Scheme expectations

  • Governance and accountability alignment

  • Support for internal and external assurance activities under the scheme

Essential Eight Maturity Assessment

Assessment services are provided to evaluate an organisation’s alignment with the Australian Cyber Security Centre (ACSC) Essential Eight maturity model.

This service is assessment-focused and does not include technical implementation or remediation.

Typical activities include:

  • Assessment of Essential Eight controls against maturity level criteria

  • Review of policies, procedures, and supporting evidence

  • Identification of gaps and areas of improvement

  • Clear assessment reporting aligned to ACSC guidance

Organisations may engage separate providers for technical uplift or control implementation where required.

ISM-Aligned Governance Uplift

Governance advisory support is provided to help organisations align policies, risk management practices, and accountability structures with the Australian Government ISM.

This service is suitable for organisations operating in regulated or government-adjacent environments where ISM alignment is required or expected.

Typical activities include:

  • ISM control mapping and applicability analysis

  • Governance and policy framework uplift

  • Risk management alignment to ISM expectations

  • Support for scheme-specific assurance or assessment activities

Engagement Model

Government and regulatory scheme engagements are typically delivered as fixed-scope advisory or assessment activities aligned to defined scheme requirements.

Services may be delivered directly to organisations or through partners, depending on scheme context and delivery arrangements.

Professional Boundaries

Services are delivered with appropriate professional boundaries to preserve objectivity, scheme integrity, and assessment independence.

Assurance Bureau does not act as an assessor for schemes requiring independent accreditation and does not provide technical implementation services such as system configuration or tooling deployment.

Contact