AutogenAI has achieved Information Security Registered Assessors Program (IRAP) assessment – the Gold Standard for security assurance in Australia’s public sector. According to AutogenAI, this has made them AutogenAI the only AI-powered bid and grant writing software in Australia to have secured this.
“We are pleased to announce our successful IRAP assessment at the 'official sensitive' level earlier this week. This achievement underscores our commitment to strong security standards and evolving governance needs. IRAP is an Australian Signals Directorate initiative for ASD-endorsed assessors to evaluate security against frameworks like the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF),” APAC Operations, AutogenAI, Raf Garcia-Krailing, stated.
AutogenAI’s defence prime clients across Australia, the UK, and the USA require this level of security.
“This investment by AutogenAI to achieve this reinforces our commitment to delivering the most secure solutions that meet the stringent demands of high-security environments," Garcia-Krailing said.
“Aligned with the Defence Directive 01/25 and the 2025 Protective Security Policy Framework, our focus remains on protecting sensitive data, ensuring confidentiality, and fostering trust with stakeholders.”
The IRAP is an Australian Signals Directorate (ASD) initiative that has provided organisations with access to accredited cybersecurity professionals for independent security assessments. Under IRAP, qualified assessors evaluate an organisation’s systems against the Australian Government Information Security Manual (ISM) – a comprehensive framework of 22 security domains covering everything from risk management and access control to physical security.
IRAP has ensured that an organisation’s security controls and practices meet the stringent standards outlined by the ASD and Australian Cyber Security Centre (ACSC). These assessments are particularly critical for any company handling government or sensitive data, as they validate that the organisation’s cloud services, software, and infrastructure comply with national cyber defence guidelines.
Importantly, IRAP itself does not “certify” or accredit systems directly – instead, it produces detailed assessment reports and recommendations, which government agencies use in their own risk approvals.