Who needs an IRAP assessment?
What is an IRAP Assessment? An IRAP Assessment is an Information Security Risk Assessment Process developed by the Australian Signals Directorate (ASD). It is designed to identify and assess information security risks associated with the development, implementation and operation of information systems used by Australian Government agencies. It is based on the Australian Government Information Security Manual (ISM) and related supporting publications.
Who Needs an IRAP Assessment? An IRAP Assessment is mandatory for all Australian Government agencies that use information systems to store, process, or transmit sensitive or classified information. It is also required for any information systems that are connected to the Australian Government's secure networks. In addition, any third-party contractors or vendors who provide services or products to Australian Government agencies must also undergo an IRAP Assessment. This includes cloud service providers, software developers, and other IT service providers.
Useful References
Official Guides
- What is an IRAP Assessment?
- What are the stages of an IRAP assessment?
- Do Australian government entities have to undertake security assessments themselves?
- What are the different levels of IRAP assessment?
Blogs & Thought Leadership
- ASD IRAP vs ISO 27001
- ASD IRAP vs Right Fit For Risk (RFFR)
- ASD IRAP vs PCI-DSS
- ASD IRAP vs NIST Cybersecurity Framework (CSF)
- ASD IRAP vs ASD Essential 8
Answers
Hear from world-renowned GRC analyst Michael Rasmussen about 6clicks and why it's breakthrough approach is winning
Get up and running with 6clicks in just a matter of hours.

'Push-down' standards to teams
'Push' your standard templates, controls, and risk libraries to your teams.

'Roll up' analytics for reporting
Roll-up analytics for consolidated reporting across your teams.
Our customers have spoken.
They genuinely love 6clicks.
"The best cyber GRC platform for businesses and advisors."
David Simpson | CyberCX
"We chose 6clicks not only for our clients, but also our internal use”
Chief Risk Officer | Publically Listed
"We use Hub & Spoke globally for our cyber compliance program. Love it."
Head of Compliance | Fortune 500






"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."
Michael Rasmussen
GRC 20/20 Research LLC
6clicks is powered by AI and includes all the content you need.
Our unique 6clicks Hub & Spoke architecture makes it simple to use and deploy.
.png)

.png)

.png)
.png)