TL;DRIRAP assessments are commonly required for Australian Government systems and for contractors/cloud providers that store or process Australian Government information. MSPs that can support IRAP readiness are well-positioned to win government and critical sector work with 6clicks.
The InfoSec Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) program that provides a framework for assessing the security of ICT systems against the requirements of the Australian Government Information Security Manual (ISM). IRAP assessments are required for cloud and technology services used by Australian government entities.
For technology vendors and managed service providers (MSPs) seeking to deliver services into the Australian government sector, IRAP is a critical credential — and supporting clients through IRAP readiness is a high-value capability.
Australian government agencies — federal, state, and local — are significant buyers of managed IT and security services. MSPs that can:
...have access to a client segment that competitors without GRC capability cannot serve.
An IRAP assessment evaluates a system against the ISM controls relevant to its classification level. Common areas of focus include:
Evidence of each control must be documented and made available to the IRAP assessor.
6clicks includes ISM-aligned framework content that MSPs can use to run IRAP readiness assessments. The platform's evidence management, risk register, and policy library provide the infrastructure needed to build and maintain the documentation required for an IRAP assessment.
The Hub & Spoke model allows MSPs to manage IRAP engagements for multiple government clients from a central console, with each client's data held in a separate, secure environment.
Ready to build an IRAP readiness practice? Become a 6clicks partner and serve the Australian government sector.