Home Page.
Guide for I-RAP Applicants
CONTENTS:
Introduction
How the Endorsement System Works
Application Guidance
Fees
Lodging the Application
Getting Support or Advice
The Australian Government Department of Defence - Defence Signals Directorate (DSD) has established the Infosec - Registered Assessor Program (I-RAP) that includes, as part of the program operation, the Register of Infosec Assessors (RIA). The RIA has been established to inform Australian Government departments and agencies (and other organisations) that an Information Technology (IT) system security auditor is qualified to carry out Gateway certifications, Network/system assessments, FedLink audits, FedLink connection assessments up to PROTECTED level and Gatekeeper assessments up to HIGHLY PROTECTED level to Australian Government standards. The RIA is a source for identifying IT system security assessors that have been endorsed in accordance with requirements set out in the I-RAP Policy and Procedures.
How the Endorsement System Works
To qualify for I-RAP endorsement and registration, the candidate must meet two qualification criteria:
An application process that includes demonstration of a pre-qualification requirement to be eligible to undertake I-RAP training and assessment, and
A training process, including sitting and passing an associated examination.
Details of the endorsement policy and associated application and training procedures and requirements are contained in the Policy and Procedures for I-RAP. This document and DSD I-RAP IT system assessment guides required for the training course are available for download from the Documents page.
(i) Application
The I-RAP administrator will periodically announce the next submission of applications on the register to align with the training and assessment schedule. It includes an application closing date approximately one month prior to the scheduled qualification training and assessment to allow adequate time for the I-RAP Administrator to assess the pre-qualification criteria. See the Next Intake page for details.
(ii) Training and Testing
Training sessions will be held approximately four times a year. The locations of venues will be rotated to provide the opportunity to attend training locally. See the Next Intake page for details of the next training venues.
The I-RAP Administrator will advise successful applicants with confirmation of the time, date, venue and identity of the I-RAP trainer for the training session. This information will also be available on the Register. In addition the I-RAP Administrator will supply the candidate with training course requirements.
Training takes place over 2 days:
Training taking 1.5 days.
The examination component on the last half day. The examination will be approximately three hours in duration.
In order to successfully complete the training and assessment components, candidates are required to be familiar with auditing techniques, risk assessment application and the relevant Standards and reference documents, including the Australian Communications-Electronic Security Instructions 33 (ACSI 33), that provide the background knowledge required for qualification. The I-RAP training program will not provide in depth instruction in these topics.
Links to DSD I-RAP IT system assessment guides required for the training course and sites containing reference documents are available for download from the Documents page.
The Applicant should fill in the application form (available for download from the Documents page) and send it to the IRAP Administrator, with the supporting documents itemised below and the combined Application and Qualification training and assessment fees.
The supporting documentation includes:
Evidence of the pre-qualification criteria detailing the appropriate certification, academic qualifications and IT experience,
Two photos suitable for use in Australian passports, and
Evidence of personal identification equalling 100 EOI points with at least one of the documents chosen containing a photograph that can be matched to the person named.
The application form includes a checklist of support evidence to assist its preparation. Details of the supporting evidence and how it can be presented are contained in the endorsement policy and associated application procedures included in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP) - available for download from the Documents page.
The I-RAP Administrator will assess the application. The Applicant will be notified with either a request for further information if the application is not complete, advice if the applicant does not meet the technical pre-qualification criteria, or confirmation of the time, date, venue and identity of the I-RAP trainer for the training session.
The I-RAP Administrator should be able to clarify requirements if you need Help with this Application.
Note: Application details given to us will be confidential - see our Privacy Statement
Fees
The I-RAP fee structure is aimed at cost recovery and comprises:
APPLICATION FEE
Training and Assessment Fee (includes initial qualification and subsequent update training components)
REGISTRATION FEE
Details of the fee policy and associated payment methods and requirements are contained in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). It is available for download from the Documents page.
1. Application Fee
The application fee is a once only fee payable at the time an applicant that is not I-RAP endorsed and registered on the RIA lodges an application. Payment of the fee is part of the application process.
2. Training and Assessment Fees
(i) Qualification Training and Assessment Fee:
The qualification training and assessment fee is a once only fee payable at the time an applicant that is not I-RAP endorsed and registered on the RIA lodges an application. Payment of the fee is part of the application process.
(ii) Maintenance Training and Assessment Fee:
The maintenance training and assessment fee is an annual fee payable when the assessor confirms their attendance for re-assessment to remain endorsed and registered. The I-RAP administration will issue an invoice for each maintenance training and assessment fee as part of the renewal fee each time the candidate confirms their attendance for refresher training.
3. Registration Fee
The registration fee is an annual fee. It is initially payable when the candidate successfully completes the qualification criteria of the Program. Thereafter it is payable when the assessor confirms their attendance for re-assessment to remain endorsed and registered.
The I-RAP administration will issue an invoice for the initial registration fees when the candidate successfully completes the qualification criteria of the Program.
The I-RAP administration will issue an invoice for each subsequent registration fee as part of the renewal fee each time the candidate confirms their attendance for refresher training.
SCHEDULE OF FEES (inclusive of GST) |
|
Joining Fees |
|
Application Fee |
$275.00 |
Applicant Training Fee |
$3,300.00 |
1st Year Annual License Fee |
$2,200.00 |
| Renewal Fees | |
| Assessor Annual Training Fee | $1,650.00 |
| Assessor Annual License Fee | $2,200.00 |
Note: Australian IT&T Security Forum (AITSF) Discount
From 2 June 2003, individuals who are permanent employees of AITSF member companies are eligible to receive a 10% discount on all aspects of the I-RAP: application, training and registration fees.
The individual must be an employee of the company and the company must be a fully paid current member at the time the fee applies.
Discounts will not be automatically applied. Individuals wishing to claim the discount are required to indicate to the I-RAP administrator their wish to do so with their application or confirmation of annual update training, along with an employer contact to confirm their eligibility for the discount.
Application forms and accompanying documentation should be lodged at the following address:
Postal Address |
Infosec - Registered Assessor Program Administrator |
C/o Securelink Pty Ltd |
P O Box 208 |
Erindale Centre Canberra ACT 2903 |
Please contact the I-RAP Administrator for any help or advice.
| Assessors |
| A complete listing of the endorsed assessors, including access to their business contact details and registration information. |
| Certificates |
| DSD IT Security System Compliance Certificate. Create your certificate here. |
| Privacy |
Application details given to us will be treated as confidential - see our Privacy Statement. |