Compliance365 Compliance365

DISP, ISM & IRAP

Defence security uplift and Australian Government ISM alignment, delivered alongside IRAP assessment support. We build controls that fit your tenant, automate evidence inside Microsoft 365, and prepare you for assessor review.

DISP uplift ISM alignment IRAP assessment Evidence packs Continuous monitoring
Plan DISP / ISM / IRAP See results
DISP / ISM / IRAP visual

Why this program

Defence-ready controls

Policies, tech hardening and governance aligned to ISM expectations.

Evidence by design

Repeatable exports from Entra, Defender, Intune, Purview & Azure filed to SharePoint.

IRAP guidance

Scoping, sample requests, assessor liaison and remediation support.

Scope & Deliverables

Gap & plan

DISP/ISM gap analysis, risk profile and prioritised remediation roadmap.

  • Boundary & classification model
  • Risk register & control matrix
  • Quick wins & dependency chart

Control build

Pragmatic control implementation with evidence mapping and runbooks.

  • Identity & access, endpoint, data, logging
  • M365/Defender/Intune/Purview hardening
  • Operating procedures & approvals

IRAP support

Assessment coordination, evidence packs and remediation sprints.

  • System Security Plan (SSP) inputs
  • Assessor sample requests (PBC)
  • Findings tracking to closure

How we work

Aligned to the ISM

We right-size requirements from the Australian Government Information Security Manual (ISM) to your risk profile and hosting model (M365, Azure, hybrid).

  • Control intent & acceptable artefacts
  • Role-based responsibilities & cadence
  • Change control and approvals flow

Evidence inside Microsoft 365

Power Automate/Graph pull monthly snapshots; SharePoint applies retention & versioning.

  • Entra ID: privileged roles, MFA posture, app consents
  • Defender/Intune: device encryption & compliance
  • Purview: DLP, labels, audit exports

Typical timeline

Weeks 1–2: Gap analysis, boundary & risk, roadmap • Weeks 3–6: Control build & hardening; evidence cadence • Weeks 7–8: IRAP readiness review; evidence packs • Ongoing: Remediation sprints & assessor liaison

Need Defence-ready security?

We’ll align to the ISM, automate evidence, and guide your IRAP.

Book a roadmap call
Related services: ISO 27001 ISO 27701 ISO 42001 SOC 2 Essential Eight NIST CSF DISP / ISM / IRAP