SecBoost

IRAP workflow

Give your assessor organised evidence, clear scope and assessor-ready outputs.

SecBoost reduces the time and cost of preparing for IRAP by keeping system context, ISM controls, evidence and generated documentation in one secure workspace.

Assessment workflow
Assessment status, implementation detail and assessor activity are managed per control.

Why it matters

The value is in the outputs, not another place to type notes.

SecBoost is useful because the information you enter becomes the material needed for governance, assessment preparation and assessor review.

Less time documenting

Turn control decisions, implementation notes and system context into ISM-aligned documents, reports and matrices.

Reduced consultant spend

Prepare clearer source material before the assessor or consultant starts billable review work.

Better information for assessors

Keep scope, evidence, implementation claims, contacts and assessment outcomes in one structured workspace.

Secure offsite hosting

Use SecBoost-hosted single-tenant customer environments inside SecBoost AWS Australia PROTECTED tenancy.

Outputs

What SecBoost produces for the assessment process.

Before thinking about the workflow, it helps to be clear on the end state: a better organised assessment package and fewer loose documents, screenshots and spreadsheets.

System Security Plan and supporting Documentation Suite

SSP Annex: ISM Control Implementation Matrix

Cloud Controls Matrix

Essential Eight progress and executive reports

Control evidence records and assessment history

OSCAL System Security Plan and Assessment Results exports

Step by step

From system context to assessor-ready evidence.

The workflow is designed to meet teams where they are. Import existing assessment material if you have it, or run the wizard if you are starting from a blank page.

01

Describe the organisation and system

Capture the system context, classification, hosting model, stakeholders, data profile and assessment boundary.

Context profile wizard
02

Import the SSP Annex or CCM, or run the wizard

Bring in an existing SSP Annex or Cloud Controls Matrix, or use the guided project wizard to initialise the control scope.

New project wizard
03

Record control implementation

Maintain applicability, responsibility, implementation notes, workflow state and supporting records against each ISM control.

Control list
04

Attach evidence where the assessor needs it

Upload screenshots, PDFs, exports and other files directly to the relevant control record.

Control evidence attachments
05

Run the assessment workflow

Give the assessor access to review evidence, record observations and update outcomes. If more information is needed, the assessor can return the control to editing so the clarification stays inside SecBoost.

Assessment workflow
06

Finalise the assessment package

SecBoost produces the key artefacts your organisation and assessor need to keep using after the assessment.

Completed CCM (Cloud Controls Matrix)

OSCAL System Security Plan and Assessment Results exports

Completed Documentation Suite

Up-to-date, living registers

Documentation reports

Tier fit

Standard is the key tier when assessment is performed inside SecBoost.

Starter is suitable when you only need to manage stakeholder contacts, documentation and reports. Standard adds the assessor workflow: assessment records, roles, permissions, registers, completed CCM and OSCAL SSP and Assessment Results exports.

Assessment clarification happens inside SecBoost. Assessors can return controls to editing when evidence or implementation detail is incomplete, avoiding email threads that contain confidential assessment material.

Enterprise adds Teams, tasks, workflow gates, multiple organisations and multiple systems for assessors, service providers and government assurance programmes.

Compare tiers
SecBoost dashboard
Standard and Enterprise keep assessor activity, control progress and evidence status visible.

FAQ

IRAP workflow questions

Common questions from teams preparing assessment material and assessor-ready evidence in SecBoost.

Does SecBoost replace an IRAP assessor?

No. SecBoost is an assessment preparation and workflow platform. It helps organisations and assessors organise scope, implementation detail, evidence, assessment activity and outputs, but it does not replace an independent assessor.

Can assessors work inside SecBoost?

Yes. Standard and Enterprise include assessor workflow features so assessors or internal reviewers can review controls, record outcomes and return controls for more information when evidence or implementation detail is incomplete.

Can we import an SSP Annex or Cloud Controls Matrix?

Yes. SecBoost supports starting from an SSP Annex or Cloud Controls Matrix, or using the guided project wizard when the team is starting from a blank page.

What outputs does SecBoost support for IRAP preparation?

SecBoost supports ISM-aligned documentation, SSP Annex and Control Matrix workflows, control evidence records, assessment history, Essential Eight reports and OSCAL exports for System Security Plan and Assessment Results data.