IRAP and Its Role in Securing Sensitive Government Data

iManage’s Commitment to Security, Compliance, and Ongoing Assurance

As Australia continues to respond to a growing number of high-impact data breaches, the need for verified, independently assessed security practices has never been greater. In response to this evolving landscape, iManage has undergone the IRAP assessment at the PROTECTED level—twice—reinforcing our commitment to meeting the highest standards in information security.

In this panel discussion, iManage hosts 3 Guests, providing a clear overview of the Information Security Registered Assessors Program (IRAP), its significance in the context of managing and securing government data, and the implications for both government agencies and the organisations that work alongside them.

We will also outline why iManage continues to invest in this process, the internal controls and governance mechanisms we have in place, and how we maintain a continuous cycle of improvement—including remediation planning and reassessment.

The session will also explore key trends shaping today’s risk environment, such as the rising threshold for compliance, the evolution of technical controls, and the implications of AI on data security frameworks.

Key topics include:

• An introduction to IRAP: scope, relevance, and current regulatory context
• What the IRAP assessment involves and why it is essential for handling government-related data
• iManage’s experience undergoing multiple IRAP assessments, and the operational benefits of doing so
• The organisational practices that underpin our security posture, including internal audits and remediation planning
• How expectations for data protection have shifted in recent years, particularly following major security incidents
• The rising standards in compliance and technical governance
• Who needs to comply with IRAP, and the implications of falling short
• Emerging technologies—including AI—and their impact on regulatory and security requirements