IRAP Compliance
QuantAssure helps you prepare for IRAP assessment by connecting your security tools, mapping findings to ISM controls, and tracking readiness.
How It Works
The compliance workflow has four phases:
- Connect — Set up systems with integrations to collect security data (learn more)
- Assess — AI maps findings to ISM controls and suggests compliance status
- Evidence — Automated and manual evidence is collected against controls
- Readiness — Track your compliance posture and export your SOA for assessors
Setting Up a Compliance Target
- Navigate to Compliance → Add Target
- Select your framework (e.g., ISM OFFICIAL: Sensitive)
- Set your target certification date
- Define scope (full or partial) with scope notes
- Optionally enter auditor information and audit dates
You can track multiple frameworks simultaneously.
What's Automated vs Manual
| Automated | Manual |
|---|---|
| Findings from pipeline scans | Implementation notes per control |
| Policy sync from Google Drive | Evidence for physical/procedural controls |
| AI compliance status suggestions | Applicability determinations |
| Asset inventory from integrations | Custom evidence uploads |
| Finding-to-control mapping | Assessor review via SOA import |
System Boundaries
- Evidence is scoped to registered systems and assets
- Register all systems in scope for your assessment
- Configure integrations for each system
- Run scans regularly to keep evidence fresh
- Assets not registered won't have automated evidence
If a system or asset isn't registered in QuantAssure,
its security data won't appear in your compliance view. Register everything
in scope before starting your assessment.
Learn more about asset registration
Guides in This Section
- ISM Controls — Browse and manage ISM controls
- Evidence Collection — Automated and manual evidence
- Statement of Applicability — Export/import workflow for assessors
- Readiness Dashboard — Monitor compliance readiness
- Essential Eight — Maturity assessment
- Asset Registration — Register and classify assets