DISP / ISM / IRAP Readiness Checklist

DISP categories, roles and PSPF alignment.

0/0 answered

DISP scope & membership categories selected (Gov, Info, Personnel, Physical)?

Security officer & governance forums appointed with reporting to executives?

PSPF alignment assessed; gaps and remediation actions logged?

Screening/clearances and facility controls.

0/0 answered

Personnel screening/clearances completed for roles handling sensitive info?

Physical security/facility controls assessed (zones, alarms, storage, escorts)?

Hardening, patching, malware, baselines.

0/0 answered

ISM baseline controls selected per system classification & context?

ICT security: hardening, patching, malware protection and configuration baselines?

Centralised logging & monitoring with ISM-aligned retention?

System desc/diagrams, SSP, SRMP and threats.

0/0 answered

System boundary/topology documented (diagrams, data flows, dependencies)?

System Security Plan (SSP) completed with responsibilities and implementations?

Security Risk Management Plan (SRMP) with threat assessment and treatments?

Backups/BCP/DR aligned to classification with periodic restoration tests?

Assessment planning, evidence packs, POA&M.

0/0 answered

IRAP scope agreed (assets, sites, accounts, periods) with assessor engagement?

Evidence register prepared (samples, screenshots, exports, approvals)?

Plan of Actions & Milestones (POA&M) maintained and tracked to closure?

Security obligations and sovereign hosting.

0/0 answered

Contracts/subcontractors include security obligations and sovereign hosting (if required)?

Welcome to Country