Home Page.
CONTENTS:
What is the Register of Infosec Assessors?
What is the Infosec-Registered Assessor Program?
What are the Benefits of I-RAP?
When does Registration Expire?
What are a Registered Assessor's Responsibilities?
How can I-RAP Registration be Withdrawn?
How much does Registration Cost?
What is the Register of Infosec Assessors?
The Register of Infosec Assessors (RIA) is a source for identifying and locating assessors that have been endorsed by the Infosec - Registered Assessor Program (I-RAP) to carry out specific types of IT security assessments to Australian Government standards.
Assessors listed on the RIA have successfully completed the qualification requirements as specified in the I-RAP Policy and Procedures.
The RIA also contains useful information about the I-RAP, including details about application closing dates and the scheduling and venues of applicant training sessions. It has the associated documents available for download including the Program's Policy and Procedures as well as the Application Form.
The Infosec - Registered Assessor Program is a program of activities sponsored by the Australian Government Department of Defence - Defence Signals Directorate (DSD) culminating in the endorsement and registration of individuals as competent to assess information security systems in accordance with Australian Government information security standards and policy documents.
Candidates qualifying as I-RAP registered assessors are endorsed to carry out the following types of assessment work:
- Gateway certifications
- Network/system assessments
- Gatekeeper assessments
- FedLink audits, and
- FedLink connection assessments
The I-RAP is administered by Securelink Pty Ltd (the I-RAP Administrator) on behalf of the DSD. The DSD I-RAP Manager, in consultation with the I-RAP Administrator, reviews I-RAP Policy periodically. The DSD I-RAP Manager also maintains DSD I-RAP Guides and other DSD support documents.
The policy and associated procedures governing the operation of the I-RAP are contained in the document entitled Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). Users of the program should familiarise themselves with the policy before utilizing the Program. It is available for download from the Documents page.
I-RAP benefits IT security auditors, their employers, Australian Government departments and agencies as well as other organisations utilizing the RIA as a source of I-RAP registered assessors:
- Assessors endorsed by the program will have tangible means of demonstrating that they are qualified to assess information security systems in accordance with I-RAP policy, opening up new work opportunities for themselves and their employers.
- Australian Government departments and agencies will have a larger pool of assessors satisfying Australian Government requirements available to them.
- Other organisations, with similar assessment needs, will be free to draw on this pool, giving them added confidence in the assessor's capabilities.
- The Information Security Group (ISG) will be able to concentrate on the more crucial evaluations and the continuation of developing and reviewing the IT security policy documents published by DSD.
When does Registration Expire?
Registration of I-RAP endorsed assessors will be valid for a period of one year. After the one year registration I-RAP registered assessors will be required to undertake re-assessment to remain endorsed and registered. It includes three mandatory requirements:
- Completion of update training presented by the I-RAP that will highlight any pertinent changes that have occurred since the initial training.
- Review of the complaints and disputes records and any reviews of the assessor's work undertaken by the DSD during the period since the last assessment by the I-RAP administration in conjunction with the DSD.
- Passing an assessment test presented by the I-RAP at the end of the training session.
The I-RAP Administrator will provide a notice that the registration is due to expire and advice of the scheduled update training sessions.
What are a Registered Assessor's Responsibilities?
Registration as an I-RAP endorsed assessor requires that the assessor undertake the following responsibilities:
When interacting with the I-RAP:
- To participate in the application and qualification processes specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP) and abide by the qualification assessment decision of the I-RAP (except where a dispute regarding the assessment arises).
- To participate in the re-assessment process each 12 months where the candidate wishes to remain endorsed by the I-RAP and abide by the qualification re-assessment decision of the I-RAP (except where a dispute regarding the assessment arises).
- To grant permission to the I-RAP to publish professional details of the candidate as specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP).
- To notify the I-RAP administration of any change to the information provided with the application that occurs during the term of registration (e.g. address change, change of employment contact details etc.) within 14 days of the change occurring.
- To abide by any dispute resolution rulings negotiated and agreed with the DSD via the I-RAP Administrator, DSD I-RAP Manager or arbitrated by the Assistant Secretary of the Information Security Group - DSD.
- To ensure the most recent versions of Australian Government policy and relevant documentation are used.
- When entering into work for the Australian Government, to report according to the requirements of the Program.
- Not represent himself or herself as an employee or agent of the DSD or the Australian Government.
- If accessing, handling and/or storing Australian Government classified information, to comply with the requirements of the Protective Security Manual.
- To report the results of an assessment carried out to DSD's and the Australian Government's policy standards for an Australian Government agency to the DSD I-RAP Manager.
How can I-RAP Registration be Withdrawn?
Withdrawal
The I-RAP incorporates the capacity for withdrawal of endorsement and registration of an I-RAP registered assessor in the following circumstances:
1.Withdrawal from the program by the I-RAP registered assessor.
2.Failure to meet the requirements of the annual re-assessment.
3.Failure to meet any of the assessor obligations specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP).
4.An unsatisfactory review of the I-RAP registered assessor's work within the scope of the Program carried out by the DSD I-RAP Manager, either independently or for the Australian Government.
5.Where a conflict of interest arises and cannot be satisfactorily resolved.
6.Misrepresentation or concealment of the facts by the I-RAP endorsed assessor.
7.Where a complaint is received concerning the assessor's qualifications and cannot be satisfactorily resolved.
8.Where I-RAP registered assessors represent themselves as an employee or agent of DSD or the Australian Government when conducting work within the scope of the Program.
9.Where I-RAP registered assessors who access, handle and/or store Australian Government classified information fail to comply with the requirements of the Protective Security Manual and the client has met their responsibility to ensure that these measures are in place.
Notice of Withdrawal
Where an approval is withdrawn the I-RAP Administrator shall advise the assessor of the reasons for withdrawal and what action is required for reinstatement.
Details of all registrations that are withdrawn in accordance with items 3 to 9 will be noted on the register for 12 months after the date of withdrawal, unless the approval is reinstated.
Details of the Withdrawal policy and associated procedures and requirements are contained in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). It is available for download from the Documents page of this register.
| Assessors |
A complete listing of the endorsed assessors, including access to their business contact details and registration information. |
| Certificates |
| DSD IT Security System Compliance Certificate. Create your certificate here. |
| Privacy |
Application details given to us will be treated as confidential - see our Privacy Statement. |