Securitribe provides expert guidance on implementing the Australian Signals Directorate’s (ASD) Information Security Manual (ISM) and Essential 8, ensuring businesses meet the stringent security requirements for federal government projects. We specialise in security architecture, risk management, and preparing security documentation to assist organisations in meeting IRAP assessment requirements.
While we are not an IRAP-certified assessor, we work closely with organisations to develop the required security documentation, implement ISM-compliant security controls, and prepare for IRAP assessments.
We help organisations assess and improve their Essential 8 maturity levels, ensuring their security posture aligns with federal government and IRAP expectations.
Key Areas:
Application Control
Patch Management
Microsoft Office Macro Hardening
User Application Hardening
Restrict Administrative Privileges
Multi-Factor Authentication (MFA)
Regular Backups & Data Protection
Security Monitoring & Logging
Use Cases: Organisations engaging with government contracts requiring Essential 8 compliance.
We assist in developing, reviewing, and maintaining ISM-aligned security documentation to support compliance with ASD and IRAP frameworks.
Key Documents:
System Security Plans (SSP)
Risk Management Plans (RMP)
Security Risk Assessments (SRA)
Incident Response & Business Continuity Plans
Security Control Implementation Guides
Statement of Applicability (SoA) for ISM controls
Use Cases: Businesses preparing for IRAP assessments or seeking compliance with federal security requirements.
We help organisations design and implement security architectures aligned with the ISM and Essential 8, ensuring that security measures meet IRAP expectations.
Key Focus Areas:
Secure network design & segmentation
Identity & access management (IAM) and privileged access control
Data classification & handling frameworks
Security monitoring & threat detection
Cloud security best practices (Azure, AWS, Microsoft 365)
Use Cases: Organisations delivering ICT services or SaaS solutions to government agencies.
We prepare organisations for IRAP assessments by ensuring their security documentation, controls, and processes align with ASD ISM requirements.
Key Activities:
Conducting pre-assessment readiness reviews
Mapping security controls to ISM & Essential 8 requirements
Identifying gaps and remediation strategies
Assisting in security governance & risk management
Use Cases: Businesses aiming to pass an IRAP assessment for government supply chain security.
Our team has extensive experience working with ASD Essential 8, ISM, and security frameworks used by federal agencies.
We assist in developing, implementing, and maintaining security documentation, ensuring organisations are prepared for IRAP assessments and government security requirements.
We help businesses understand what’s required, prioritise security controls, and implement an achievable roadmap for ASD ISM & IRAP compliance.
Our expertise in secure system design, cloud security, and federal security standards ensures organisations can confidently deliver compliant services to government clients.
The ASD ISM is a framework of security controls designed to help organisations protect government data and IT systems from cyber threats. It is a key requirement for businesses providing services to federal agencies.
The Infosec Registered Assessor Program (IRAP) is an ASD-managed program where IRAP assessors evaluate information systems against the ISM to determine compliance for working with government agencies. This is often an essential requirement for cloud and business systems being delivered into the Australian Government landscape.
We assist with security documentation, policy development, ISM control mapping, and pre-assessment gap analysis, ensuring your organisation is well-prepared for an IRAP assessment.
No, at this stage we are not an IRAP-certified assessor. However, we help organisations prepare for their IRAP assessment, ensuring they meet the security and documentation requirements needed to achieve compliance. We can suggest several leading IRAP assessors who we have worked with on our client’s projects who can assist you.
Our vCISO platform integrates directly with ISMS governance, helping businesses track risks, implement controls, and maintain compliance through structured onboarding and continuous security improvements.
The Australian Signals Directorate collaborates with industry to understand emerging and changing threat landscapes, and makes relevant changes to the ISM on a quarterly basis. This means organisations need to continuously monitor their compliance and ensure new controls are assessed for applicability and understand the risks associated with them.
