Frequently Asked Questions
Answers to common questions about our services and cybersecurity compliance.
IRAP Assessments
Q. What is an IRAP assessment?
An IRAP assessment is an independent security evaluation conducted by a government-endorsed assessor against the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). It's required for cloud services and systems that process Australian government data.
Q. How long does an IRAP assessment take?
Typical assessments take 6-8 weeks, depending on system complexity and documentation readiness. We work with you to establish realistic timelines during the scoping phase.
Q. What's the difference between OFFICIAL and PROTECTED?
OFFICIAL is for routine government information, while PROTECTED is for information that could cause damage to national interest, organisations, or individuals if compromised. PROTECTED assessments involve more stringent controls and testing.
Q. How often do we need to reassess?
The government recommends reassessment every 24 months or when significant changes occur to your system or security posture.
Essential Eight
Q. Is Essential Eight mandatory?
Essential Eight is mandatory for non-corporate Commonwealth entities under the PGPA Act. For other organisations, it's strongly recommended and increasingly expected by government clients and cyber insurers.
Q. What maturity level should we aim for?
Government entities should target Maturity Level 2 at minimum. For private organisations, the right level depends on your risk profile, industry, and client requirements.
vCISO Services
Q. What's the difference between a vCISO and a full-time CISO?
A vCISO provides part-time, fractional security leadership at a fraction of the cost of a full-time executive. You get strategic guidance and governance oversight without the full-time salary overhead.
Q. How many hours per month do I need?
Most organisations start with 8-16 hours per month for strategic oversight and board reporting. Organisations building security programs may need 24-40 hours monthly.