IRAP Assessment and Preparation Services

Empowering Your Cybersecurity Journey Through Rigorous Assessment and Certification.

IRAP, the Information Security Registered Assessors Program, stands as Australia's cornerstone for robust cybersecurity.

It goes beyond compliance, offering comprehensive assessment and demonstration of an organisations capacity to manage risk. Mercury’s IRAP services comprises both Preparation and Assessment. Preparatory services align your organisation’s security posture to the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF), while assessment services meticulously evaluate your cybersecurity posture through a risk, ISM and PSPF lens.

IRAP Preparation Services

Mercury’s IRAP Preparation Services are focused on equipping you for successful IRAP assessment and accreditation. Through a phased approach, we align stakeholders, assess documentation, and ensure readiness. Our dedicated guidance primes your organisation for the IRAP journey, empowering you to confidently face cybersecurity evaluation. 

Every document undergoes rigorous internal quality assurance processes before distribution to key stakeholders. With Mercury’s IRAP Preparation Services, your journey towards assessment and accreditation is structured for assured success.


Initiate assessment with clear scope definition. Align stakeholders, confirm information requirements, and incorporate applicability statements.


Understanding your system's core. Analyse assets and begin documentation including System Overview Documents (SODs) for transparency.

Threat and Risk Assessment

Shape robust cybersecurity. Identify vulnerabilities, analyse threats, and dissect risks, providing vital insights for informed decisions.

Systems Documentation Generation

Culmination of expertise - generate comprehensive documentation. From Risk Assessment to Recovery Plans, receive up to 11 comprehensive reports.

Navigating your IRAP Journey: A
Pre-Engagement Checklist for Security Leaders

Mercury’s Pre-Engagement Checklist is an essential tool that aligns with ACSC’s framework, helping you understand the key controls and protocols involved. This checklist serves as a comprehensive planning guide, identifying gaps and areas for improvement. With Mercury’s expertise, gain the readiness you need for a successful IRAP assessment.

Thank you for downloading our IRAP Pre-Engagement Checklist. Begin your comprehensive preparation now and contact us for further expert guidance on your IRAP journey.

IRAP Assessment Services

Mercury’s IRAP Assessment Services bolster your cybersecurity stature. Our methodical approach ensures comprehensive evaluation and certification aligned with IRAP standards. We meticulously review and evaluate your cybersecurity measures, equipping your organisation with actionable insights and fortified defence strategies.


Begin by defining evaluation scope. Mercury identifies stakeholders, incorporates applicability statements, and ensures information requirements clarity.


Conduct a comprehensive review of vital documents such as TRA, SOD, SSP, SRMP, SOA, IRP, SOPs, PMP, and all supporting artefacts, ensuring robust cybersecurity.


Evaluate security control implementation. Interviews, process demos, and possible technical assessments affirm robust cybersecurity measures.

Reporting &

Comprehensive reporting covers compliance, non-compliance areas, and actionable remediation recommendations, alongside aiding Certification Authority decisions.

Elevated Assurance Through Our Precise Engagement Framework

Dedicated Point of Contact

Experience seamless communication with a dedicated manager, ensuring efficient engagement oversight and issue resolution.

Engagement Planning

Efficiently plan, schedule resources, formalise engagement rules, and co-ordinate transparently for impeccable execution.

Project Close Out

Gain final deliverables, participate in debrief, and formally close the project. Secure data retention, systematic reporting, and documentation.

Risk Minimisation

Proactively manage risks: secure systems, data handling, advanced tools. Prudent measures prevent adverse events, ensuring stability.

Why choose Mercury for your next IRAP Assessment

Certified IRAP Assessor

Our CEO, Edward Farrell, is a long-standing ASD Endorsed IRAP Assessor, highlighting our commitment to excellence.

Extensive Experience

With over 900 successful assessments, including penetration tests and incident responses, we possess a proven track record.

CREST Accredited Methodology

Accredited by CREST, our rigorous test methodology ensures comprehensive and reliable testing services.

Thorough Reporting

We deliver comprehensive insights through detailed reporting on findings, remediations, along with an interactive assessment document.

Robust Governance Support

Comprehensive support for IRAP assessments, covering networks, systems, and cloud environments, ensuring compliance.

Authentically Australian

Our pragmatic, distinctly Australian perspective sets us apart in the industry, reflecting local excellence in cybersecurity.

We’re here to help

Let Mercury safeguard your business while you focus on growing it.

Reach out to us for a tailored cyber security consultation that aligns with your unique business needs.