FREQUENTLY ASKED QUESTIONS

What is the Register of Infosec Assessors?

The Register of Infosec Assessors (RIA) is a source for identifying and locating assessors that have been endorsed by the Infosec - Registered Assessor Program (I-RAP) to carry out specific types of IT security assessments to Australian Government standards.

Assessors listed on the RIA have successfully completed the qualification requirements as specified in the I-RAP Policy and Procedures.

The RIA also contains useful information about the I-RAP, including details about application closing dates and the scheduling and venues of applicant training sessions. It has the associated documents available for download including the Program's Policy and Procedures as well as the Application Form.

What is the Infosec-Registered Assessor Program?

The Infosec - Registered Assessor Program is a program of activities sponsored by the Australian Government Department of Defence - Defence Signals Directorate (DSD) culminating in the endorsement and registration of individuals as competent to assess information security systems in accordance with Australian Government information security standards and policy documents.

Candidates qualifying as I-RAP registered assessors are endorsed to carry out the following types of assessment work:

Gateway certifications
Network/system assessments
Gatekeeper assessments
FedLink audits, and
FedLink connection assessments

The I-RAP is administered by Saltbush Training Pty Ltd (the I-RAP Administrator) on behalf of the DSD. The DSD I-RAP Manager, in consultation with the I-RAP Administrator, reviews I-RAP Policy periodically. The DSD I-RAP Manager also maintains DSD I-RAP Guides and other DSD support documents.

The policy and associated procedures governing the operation of the I-RAP are contained in the document entitled Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). Users of the program should familiarise themselves with the policy before utilizing the Program. It is available for download from the Documents page.

What are the Benefits of I-RAP?

I-RAP benefits IT security auditors, their employers, Australian Government departments and agencies as well as other organisations utilizing the RIA as a source of I-RAP registered assessors:

Assessors endorsed by the program will have tangible means of demonstrating that they are qualified to assess information security systems in accordance with I-RAP policy, opening up new work opportunities for themselves and their employers.
Australian Government departments and agencies will have a larger pool of assessors satisfying Australian Government requirements available to them.
Other organisations, with similar assessment needs, will be free to draw on this pool, giving them added confidence in the assessor's capabilities.
The Information Security Group (ISG) will be able to concentrate on the more crucial evaluations and the continuation of developing and reviewing the IT security policy documents published by DSD.

When does Registration Expire?

Registration of I-RAP endorsed assessors will be valid for a period of one year. After the one year registration I-RAP registered assessors will be required to undertake re-assessment to remain endorsed and registered. It includes three mandatory requirements:

Completion of update training presented by the I-RAP that will highlight any pertinent changes that have occurred since the initial training.
Review of the complaints and disputes records and any reviews of the assessor's work undertaken by the DSD during the period since the last assessment by the I-RAP administration in conjunction with the DSD.
Passing an assessment test presented by the I-RAP at the end of the training session.

The I-RAP Administrator will provide a notice that the registration is due to expire and advice of the scheduled update training sessions.

What are a Registered Assessor's Responsibilities

Registration as an I-RAP endorsed assessor requires that the assessor undertake the following responsibilities:

When interacting with the I-RAP:

To participate in the application and qualification processes specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP) and abide by the qualification assessment decision of the I-RAP (except where a dispute regarding the assessment arises).
To participate in the re-assessment process each 12 months where the candidate wishes to remain endorsed by the I-RAP and abide by the qualification re-assessment decision of the I-RAP (except where a dispute regarding the assessment arises).
To grant permission to the I-RAP to publish professional details of the candidate as specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP).
To notify the I-RAP administration of any change to the information provided with the application that occurs during the term of registration (e.g. address change, change of employment contact details etc.) within 14 days of the change occurring.
To abide by any dispute resolution rulings negotiated and agreed with the DSD via the I-RAP Administrator, DSD I-RAP Manager or arbitrated by the Assistant Secretary of the Information Security Group - DSD.

When conducting assignments within the scope of the Program, to comply with the conduct requirements as specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP), including:

To ensure the most recent versions of Australian Government policy and relevant documentation are used.
When entering into work for the Australian Government, to report according to the requirements of the Program.
Not represent himself or herself as an employee or agent of the DSD or the Australian Government.
If accessing, handling and/or storing Australian Government classified information, to comply with the requirements of the Protective Security Manual.
To report the results of an assessment carried out to DSD's and the Australian Government's policy standards for an Australian Government agency to the DSD I-RAP Manager.

Details of the I-RAP policy are contained in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). It is available for download from the Documents page.

How can I-RAP Registration be Withdrawn?

Withdrawal

The I-RAP incorporates the capacity for withdrawal of endorsement and registration of an I-RAP registered assessor in the following circumstances:

1.Withdrawal from the program by the I-RAP registered assessor.

2.Failure to meet the requirements of the annual re-assessment.

3.Failure to meet any of the assessor obligations specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP).

4.An unsatisfactory review of the I-RAP registered assessor's work within the scope of the Program carried out by the DSD I-RAP Manager, either independently or for the Australian Government.

5.Where a conflict of interest arises and cannot be satisfactorily resolved.

6.Misrepresentation or concealment of the facts by the I-RAP endorsed assessor.

7.Where a complaint is received concerning the assessor's qualifications and cannot be satisfactorily resolved.

8.Where I-RAP registered assessors represent themselves as an employee or agent of DSD or the Australian Government when conducting work within the scope of the Program.

9.Where I-RAP registered assessors who access, handle and/or store Australian Government classified information fail to comply with the requirements of the Protective Security Manual and the client has met their responsibility to ensure that these measures are in place.

Notice of Withdrawal

Where an approval is withdrawn the I-RAP Administrator shall advise the assessor of the reasons for withdrawal and what action is required for reinstatement.

Details of all registrations that are withdrawn in accordance with items 3 to 9 will be noted on the register for 12 months after the date of withdrawal, unless the approval is reinstated.

Details of the Withdrawal policy and associated procedures and requirements are contained in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). It is available for download from the Documents page of this register.

How much does Registration Cost?

See the Guide for details on the structure of fees.
top

home I contact


Saltbush Home Company Structure Saltbush Assurance Security Testing Code Audits Saltbush Consulting Information Security Enterprise Management Solutions General ICT Services Business Improvement Services Physical Security Services Research & Development Saltbush Development Enterprise Applications Desktop Applications Portable Devices Saltbush Solutions Enterprise Support ICT Projects Business Modernisation Saltbush Training Training Services and Schedule Security / Quality Certification Services Course Details Training Application Form I-RAP I-RAP Home Register of Infosec Assessors FAQs Guide Next Intake Documents Our People Our Clients Our Achievements Current News Document Downloads Useful Links Contact Saltbush Related Sites	FREQUENTLY ASKED QUESTIONS What is the Register of Infosec Assessors? The Register of Infosec Assessors (RIA) is a source for identifying and locating assessors that have been endorsed by the Infosec - Registered Assessor Program (I-RAP) to carry out specific types of IT security assessments to Australian Government standards. Assessors listed on the RIA have successfully completed the qualification requirements as specified in the I-RAP Policy and Procedures. The RIA also contains useful information about the I-RAP, including details about application closing dates and the scheduling and venues of applicant training sessions. It has the associated documents available for download including the Program's Policy and Procedures as well as the Application Form. What is the Infosec-Registered Assessor Program? The Infosec - Registered Assessor Program is a program of activities sponsored by the Australian Government Department of Defence - Defence Signals Directorate (DSD) culminating in the endorsement and registration of individuals as competent to assess information security systems in accordance with Australian Government information security standards and policy documents. Candidates qualifying as I-RAP registered assessors are endorsed to carry out the following types of assessment work: Gateway certifications Network/system assessments Gatekeeper assessments FedLink audits, and FedLink connection assessments The I-RAP is administered by Saltbush Training Pty Ltd (the I-RAP Administrator) on behalf of the DSD. The DSD I-RAP Manager, in consultation with the I-RAP Administrator, reviews I-RAP Policy periodically. The DSD I-RAP Manager also maintains DSD I-RAP Guides and other DSD support documents. The policy and associated procedures governing the operation of the I-RAP are contained in the document entitled Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). Users of the program should familiarise themselves with the policy before utilizing the Program. It is available for download from the Documents page. What are the Benefits of I-RAP? I-RAP benefits IT security auditors, their employers, Australian Government departments and agencies as well as other organisations utilizing the RIA as a source of I-RAP registered assessors: Assessors endorsed by the program will have tangible means of demonstrating that they are qualified to assess information security systems in accordance with I-RAP policy, opening up new work opportunities for themselves and their employers. Australian Government departments and agencies will have a larger pool of assessors satisfying Australian Government requirements available to them. Other organisations, with similar assessment needs, will be free to draw on this pool, giving them added confidence in the assessor's capabilities. The Information Security Group (ISG) will be able to concentrate on the more crucial evaluations and the continuation of developing and reviewing the IT security policy documents published by DSD. When does Registration Expire? Registration of I-RAP endorsed assessors will be valid for a period of one year. After the one year registration I-RAP registered assessors will be required to undertake re-assessment to remain endorsed and registered. It includes three mandatory requirements: Completion of update training presented by the I-RAP that will highlight any pertinent changes that have occurred since the initial training. Review of the complaints and disputes records and any reviews of the assessor's work undertaken by the DSD during the period since the last assessment by the I-RAP administration in conjunction with the DSD. Passing an assessment test presented by the I-RAP at the end of the training session. The I-RAP Administrator will provide a notice that the registration is due to expire and advice of the scheduled update training sessions. What are a Registered Assessor's Responsibilities Registration as an I-RAP endorsed assessor requires that the assessor undertake the following responsibilities: When interacting with the I-RAP: To participate in the application and qualification processes specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP) and abide by the qualification assessment decision of the I-RAP (except where a dispute regarding the assessment arises). To participate in the re-assessment process each 12 months where the candidate wishes to remain endorsed by the I-RAP and abide by the qualification re-assessment decision of the I-RAP (except where a dispute regarding the assessment arises). To grant permission to the I-RAP to publish professional details of the candidate as specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). To notify the I-RAP administration of any change to the information provided with the application that occurs during the term of registration (e.g. address change, change of employment contact details etc.) within 14 days of the change occurring. To abide by any dispute resolution rulings negotiated and agreed with the DSD via the I-RAP Administrator, DSD I-RAP Manager or arbitrated by the Assistant Secretary of the Information Security Group - DSD. When conducting assignments within the scope of the Program, to comply with the conduct requirements as specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP), including: To ensure the most recent versions of Australian Government policy and relevant documentation are used. When entering into work for the Australian Government, to report according to the requirements of the Program. Not represent himself or herself as an employee or agent of the DSD or the Australian Government. If accessing, handling and/or storing Australian Government classified information, to comply with the requirements of the Protective Security Manual. To report the results of an assessment carried out to DSD's and the Australian Government's policy standards for an Australian Government agency to the DSD I-RAP Manager. Details of the I-RAP policy are contained in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). It is available for download from the Documents page. How can I-RAP Registration be Withdrawn? Withdrawal The I-RAP incorporates the capacity for withdrawal of endorsement and registration of an I-RAP registered assessor in the following circumstances: 1.Withdrawal from the program by the I-RAP registered assessor. 2.Failure to meet the requirements of the annual re-assessment. 3.Failure to meet any of the assessor obligations specified in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). 4.An unsatisfactory review of the I-RAP registered assessor's work within the scope of the Program carried out by the DSD I-RAP Manager, either independently or for the Australian Government. 5.Where a conflict of interest arises and cannot be satisfactorily resolved. 6.Misrepresentation or concealment of the facts by the I-RAP endorsed assessor. 7.Where a complaint is received concerning the assessor's qualifications and cannot be satisfactorily resolved. 8.Where I-RAP registered assessors represent themselves as an employee or agent of DSD or the Australian Government when conducting work within the scope of the Program. 9.Where I-RAP registered assessors who access, handle and/or store Australian Government classified information fail to comply with the requirements of the Protective Security Manual and the client has met their responsibility to ensure that these measures are in place. Notice of Withdrawal Where an approval is withdrawn the I-RAP Administrator shall advise the assessor of the reasons for withdrawal and what action is required for reinstatement. Details of all registrations that are withdrawn in accordance with items 3 to 9 will be noted on the register for 12 months after the date of withdrawal, unless the approval is reinstated. Details of the Withdrawal policy and associated procedures and requirements are contained in the Policy and Procedures for the Infosec - Registered Assessor Program (I-RAP). It is available for download from the Documents page of this register. How much does Registration Cost? See the Guide for details on the structure of fees. top

saltbush group origins I company structure I our people I our clients I current newsI our achievements I information security I document downloads enterprise management solutions I general ict services I business improvement services I physical security services I research & development I training and services schedule security/quality certification services I security testing I code audits I enterprise applications I desktop applications I portable devices enterprise support I ict projects I business modernisation I useful links I contact saltbush group Saltbush Group Pty Ltd - PO Box 9368, Deakin, ACT 2600 Australia Australia Phone 1300 853 970 I Australia Fax 1300 853 975 I International Phone +61 2 6282 4351 I International Fax +61 2 6282 0013 I Privacy Policy Web maintenance by Sozo

Related Sites