When it comes to personnel and IT, it’s a high-risk environment right now. How we can work with IRAP Assessors.
When it comes to personnel and IT, it’s a high-risk environment right now.
The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) services to government in support of Australia's security. IRAP services include providing advice for, and assessments of, gateways, specialised government network connections, government systems, system documentation, and risk mitigation.
We can assist IRAP Assessors provide risk mitigation advice to clients about moving personnel through to security cleared positions. The Cleard.life qualification allows the employer to anticipate an official outcome of a specific level of security clearance before the “e-Pack” is submitted. A sort of “dress rehearsal” which means it is not a short-cut to the official process. But it provides solid business information that allows the employer to make an informed decision about who of their personnel should be on the IT project … without wasting precious time (waiting for ‘unsuitable’ applicants to get through the backlogged vetting ecosystem) and money (some clearances cost around $10,000 each).
The ASD recommends seeking at least three quotes when engaging an IRAP Assessor. Note ASD does not recommend specific IRAP Assessors nor Cleard.life nor assists in selecting an IRAP Assessor for a particular task. The ASD also recommend not restricting engagement to those IRAP Assessors geographically located closest to you.
Ask your IRAP Assessor about risk mitigation methods that reduce your “security clearance” risks. As some IRAP Assessors are unfamiliar with our service, so let them know and ask them to get in touch with us.
Here is a recent case:
And a list detailing security clearances for Telstra staff with access to the register is "incomplete", the auditor reported.
An independent IRAP (ASD's information security registered assessors program) assessment will be undertaken before the register goes live, it said, and it already has "processes and controls" in place to restrict access to sensitive information.
You may also may find these articles interesting:
Manage your Third-Party Risks. Read more here.
Recruitment Agency: Improve your value proposition and your recommendations. Read more here and here.
DISP Members: Stop knee-jerk poaching. Read more here.
Existing Employees: Vet them to know if they can move in to a (higher) national security designation position (SECRET, TOP SECRET, TSPV). Read more here.