The I‑RAP is a program of activities sponsored by the Australian Government Department of Defence – Defence Signals Directorate (DSD) culminating in the endorsement and registration of individuals as competent to assess information security systems in accordance with Australian Government information security standards and policy documents.
Candidates qualifying as I-RAP registered assessors are endorsed to carry out the following types of assessment work:
- Gateway certifications
- Network/system assessments
- Gatekeeper assessments
- FedLink audits, and
- FedLink connection assessments
The Register of Infosec Assessors is maintained in conjunction with the Program and details candidates on who meet the Program criteria and therefore are familiar with the specific requirements for carrying out security audits within the scope of the program.
The Register of Infosec Assessors is used by Australian Government agencies (and others) as a means of sourcing assessors, with confidence that those assessors satisfy DSD’s requirements to carry out the types of operations within the scope of the Program. The Register of Infosec Assessors will provide the Infosec-Registered Assessor’s business contact details.
Assessors endorsed by the program will have tangible means of demonstrating to potential Australian Government agency clients (and others) that they are endorsed to assess information system’s security in accordance with I‑RAP policy.
I‑RAP registered assessors undertake refresher training and are reassessed every 12 months. This is done through a maintenance program that provides assurance that assessors have satisfactorily completed any mandatory training maintenance requirements throughout the 12 months of their registration and are up to date with ISM/policy changes. The performance of work within the scope of the Program carried out by assessors will also be subject to review at the time of re-registration.
The I-RAP is administered by Saltbush Training Pty Ltd (the I-RAP Administrator) on behalf of the DSD. The DSD I-RAP Manager, in consultation with the I-RAP Administrator, reviews I-RAP Policy periodically. The DSD I-RAP Manager also maintains DSD I-RAP Guides and other DSD support documents.
The policy and associated procedures governing the operation of the I-RAP are contained in the document entitled Policy and Procedures for the Infosec – Registered Assessor Program (I-RAP). Users of the program should familiarise themselves with the policy before utilizing the Program. It is available for download from the Documents page.