The Australian Government Information Security Manual (ISM) is a commonly adopted cybersecurity framework for organizations operating in Australia. The cybersecurity guidelines within the Australian ISM provide practical guidance on how organizations can protect their systems and information from cyberthreats. These cybersecurity guidelines cover governance, physical security, personnel security, and information and communications technology security matters.
The Australian ISM is often referenced with IRAP (Information Security Registered Assessors Program). IRAP endorses individuals from the private and public sectors to provide an independent assessment of a system’s security against the Australian ISM requirements. An IRAP assessment is the first stage in the accreditation process to determine suitability to process, store, or communicate government or sensitive information. Organizations can leverage the pre-defined Australian ISM guidelines in Risk Cloud to support the maturity evaluation of each guideline ahead of internal or external assessments.
Guidelines from the Australian ISM are often linked to SCF Standards and Regulations, Controls Management, Issues Management, Policy Management, and IT Security Risk to further strengthen your governance, risk, and compliance programs. The ISM guidelines can be mapped to other control frameworks via the Secure Controls Framework in Risk Cloud.