I-RAP: Infosec Registered Assessor Program
IRAP is a combination of activities to endorse and register IT security assessors as competent to assess up to PROTECTED level information security systems in accordance with Commonwealth information security standards and policy documents.
Registered assessors are endorsed to conduct specific information security assessments to Commonwealth best practice policy standards.
What is I-RAP?
The Infosec-Registered Assessor Program (I-RAP) is an initiative of the Defence Signals Directorate and is designed to register suitably qualified information security assessors to conduct work to Commonwealth best practice standards. The program has been developed to the Commonwealth's strict requirements, and is administered by, Securelink Pty. Ltd.
I-RAP registration can only occur once an individual has successfully completed the registration process. This process involves the following requirements:
1. Demonstration of relevant industry education, certification and experience;
2. Attending the I-RAP course; and
3. Passing the I-RAP exam.
In order to pass the I-RAP exam applicants need to have a very good understanding of Commonwealth information security policy, including the Commonwealth Protective Security Manual (PSM) and the Australian Communications-Electronic Security Instruction 33 (ACSI 33). Applicants also need to have a good understanding of I-RAP policy and procedural requirements, aspects of Commonwealth information security requirements including those for FedLink, and an understanding of information system audit principles.
Individuals who have qualified as I-RAP assessors are endorsed to carry out information security work to Commonwealth best practice standards up to PROTECTED level, including:
- Gateway certifications
- Information System Reviews (Commonwealth policy compliance reviews)
- FedLink connection assessments, and
- FedLink audits.
An Internet based register of I-RAP assessors has been established as part of the program and is managed by Securelink Pty.Ltd.: www.irap.securelink.com.au. The register contains endorsement and business contact details for I-RAP assessors. It also contains helpful information about I-RAP including application closing dates, applicant training session schedules and venue details.
It is envisaged that Commonwealth agencies (and other organisations with similar needs), that would normally request the DSD to assess up to PROTECTED level systems, will use the Program and its associated Register as a means of selecting qualified assessors to carry out the assessments using I-RAP endorsement as a reference of competency. The selection of assessors registered in the Program would be on a commercial competitive basis.
Program Operation
Securelink Pty. Ltd. has been appointed as the Program administrator. All the details of I-RAP operation, including requirements, administration procedures, administrator contact details and fees are contained in the I-RAP Policy and Procedures (www.irap.securelink.com.au).
I-RAP Documents
Gateway Certification Guide*
(Links to Gateway Certification Guide webpage)
| I-RAP FedLink Audit Checklist | [PDF, 108KB] | ||
| Gateway Certification Checklist V3.0.0 | [PDF, 459KB] | [DOC, 271KB] | |
| Gateway Certification Checklist V2.2.3 | [PDF, 200KB] | [DOC, 208KB] | |
| Information System Review Checklist V3.1.3 | [PDF, 1.43MB] | [RTF, 1.04MB] | |
| Gatekeeper Guidelines and Checklist V2.0.1 | [PDF, 694KB] | [RTF, 897KB] | |
| I-RAP Gateway Certification Report Template | [PDF, 234KB] | [RTF, 458KB] |
Having trouble viewing the PDFs then see PDF troubleshooting