Pricing

Simple plans for IRAP readiness

Get in touch to start your trial. We will match you to the right plan for your assessment timeline.

Starter

Connect your tools and explore 992 ISM controls

Contact Sales
  • 1 monitored system
  • Full ISM control catalog — 992 controls from ASD's OSCAL source
  • All integrations (GitHub, AWS, Mosyle, Google Workspace)
  • Manual compliance status tracking per control
  • Findings dashboard with AI-adjusted severity
Request a Trial
For IRAP Assessment

Pro

AI-powered ISM mapping, SOA generation, and assessment readiness

Contact Sales
  • Everything in Starter, plus:
  • Unlimited monitored scopes
  • AI-powered ISM control mapping with reasoning
  • Auto-generated Statement of Applicability
  • Essential Eight maturity scoring (ML1-ML3)
  • IRAP readiness dashboard with control effectiveness tracking
  • Evidence management with freshness indicators
  • SOA export (CSV) — hand directly to your assessor
  • Team collaboration and action item assignment
  • Priority support
Talk to Sales

Pro plans include a monthly AI analysis allowance. Usage beyond the included allowance is billed at standard rates. Details provided during sales consultation.

IRAP preparation typically means months of spreadsheet work, mapping findings to ISM controls by hand, and chasing evidence across teams.

QuantAssure automates the mapping, generates your SOA, and shows your assessor current evidence — not stale screenshots.

Frequently Asked Questions

IRAP is the Information Security Registered Assessors Program, run by the Australian Signals Directorate (ASD). IRAP assessors independently evaluate an organisation's security posture against the Information Security Manual (ISM). QuantAssure helps you prepare for that assessment by mapping your security data to ISM controls, generating your Statement of Applicability, and tracking control effectiveness.
All 992 controls from ASD's official OSCAL (Open Security Controls Assessment Language) publication. When ASD publishes an ISM update, the catalog is synced so you are always working with the current revision.
The AI analyses your connected environment data — vulnerability scans, device compliance, cloud configuration — and evaluates it against each applicable ISM control. It returns a compliance determination with written reasoning, which you review and refine before generating your SOA.
Yes. Export your Statement of Applicability as CSV, share evidence trails for each control, and give your assessor a clear view of your compliance posture. The platform is built for both the organisation preparing and the assessor reviewing.
Contact our team to request trial access. We will walk you through the platform with your actual ISM control requirements and set up your organisation with the right plan for your assessment timeline.
All plans include the full integration suite: GitHub (Dependabot vulnerabilities), AWS SecurityHub, Mosyle device management, and Google Workspace. New integrations are added based on customer needs — let us know what you run.

Ready for your IRAP assessment?

Get in touch for a guided demo and trial access. We will walk you through the platform using your actual ISM requirements.

Request a Trial Sign In