Organisations that manage or store Australian Government information are expected to align with the security principles outlined in the Information Security Manual (ISM) and the Protective Security Policy Framework (PSPF). The Information Security Registered Assessors Program (IRAP), administered by the Australian Signals Directorate (ASD), endorses individuals to perform independent assessments of systems against these frameworks.

At Trustwave, our assessments are conducted by ASD-endorsed IRAP assessors who provide impartial evaluations of your system’s security posture. These assessments can help you understand how your current controls align with the ISM and PSPF and provide guidance for addressing identified risks or gaps.

🛎️IRAP Assessment Service

Whether you’re preparing to support government-related initiatives or aiming to enhance your organisation’s alignment with Australian security frameworks, Trustwave’s IRAP-related services can assist. Our ASD-endorsed IRAP assessors deliver independent assessments and advisory support across a range of areas:

• Cloud Services Review – Assess your cloud environments against the control objectives outlined in the ISM.
• Gateway Assessments – Evaluate the architecture and security of internet gateways in line with ASD-relevant guidance.
• Information Systems Assessments – Identify potential control gaps and risks within your broader ICT environment.
• IRAP Readiness Reviews – Conduct a pre-assessment review to help you prepare for a formal IRAP assessment.
• System Documentation Analysis – Review security documentation, policies, and procedures for ISM alignment.
• Risk Advisory & Remediation Guidance – Receive expert recommendations to address assessment findings and improve security posture.

🗂️What to Expect During an IRAP Assessment 

An IRAP assessment provides an independent, risk-informed evaluation of a system’s implementation of security controls against the Information Security Manual (ISM) and the Protective Security Policy Framework (PSPF). Assessments conducted by ASD-endorsed IRAP assessors can help organisations identify whether their systems are aligned with the expectations outlined in these frameworks.

Trustwave’s typical IRAP assessment process includes:

1. Scoping & Planning
   Define the system boundaries, assessment objectives, and applicable ISM/PSPF control sets in consultation with your team.
2. Security Control Assessment
   Review the design and effectiveness of implemented security controls, identifying areas where improvements may be needed.
3. Reporting & Recommendations
   Receive a Security Assessment Report detailing observed control gaps and guidance to support uplift activities.

While IRAP assessments do not result in certification or formal approval by ASD, they provide critical input for risk owners and authorising officers making decisions about the suitability of a system—particularly those intended to process, store, or manage government information.

Interested in discussing an IRAP Assessment?
Fill out the form and speak with a Trustwave advisor today.

Why Trustwave is Different! 

 ASD-Endorsed IRAP Assessors

Our assessments are delivered by experienced individuals who have been endorsed under the Australian Signals Directorate’s IRAP program. They bring a strong understanding of the ISM, PSPF, and relevant security requirements for systems handling government information.

Comprehensive Support

We offer a full range of services—from readiness reviews and documentation analysis to formal IRAP assessments—designed to meet your organisation’s specific needs at each stage of the process.

Cross-Sector Expertise

Our team has supported a variety of organisations across federal and state governments, critical infrastructure, and highly regulated industries. This experience enables us to navigate complex technical and policy environments with confidence.