The Infosec Registered Assessors Program (IRAP) provides a comprehensive process for the assessment of systems security against the security controls provided by the Australian Government Information Security Manual (ISM). The ISM, along with the IRAP program, are governed by the Australian Cyber Security Centre (ACSC), which forms part of the Australian Signals Directorate (ASD). 

The ISM describes the security control mechanisms that cloud services providers require for providing services to the government. IRAP assessments involve independent ACSC endorsed IRAP assessors evaluating the implementation, appropriateness and effectiveness of a system’s security controls. The IRAP assessment outcomes are documented within IRAP security assessment reports. Government customers use these reports to evaluate the security of cloud services/systems, any associated risks; before authorizing a system’s suitability for usage inline with their risk appetite and specific security requirements.

Please note some of the reports below require a password to be opened. Customers are requested to contact their Salesforce Account team to request for the password to access these reports.