The classification of the information your system handles is set by the government agency that owns it, not by you as the provider, and it must be confirmed before scoping. The ISM control set is the same at OFFICIAL: Sensitive and PROTECTED. What changes are the physical, personnel and network obligations under the PSPF.
Information classification decides the shape of an IRAP assessment before a single control is tested. The classification of the information your system will handle is set by the government agency that owns it, not by you. Confirm it before you scope. The most expensive mistake in the first week is assuming a level: an assessment scoped at OFFICIAL: Sensitive for a system that should have been PROTECTED is redone, not adjusted.
Who decides the classification of your system?
The government agency that owns the information decides its classification, under the Protective Security Policy Framework. A service provider does not classify data on an agency’s behalf. If there is any uncertainty about the level, that conversation happens with the agency before an assessment is scoped, not after. The classifications that matter for an IRAP assessment are OFFICIAL: Sensitive, PROTECTED and SECRET; TOP SECRET sits outside the commercial cloud route. Each level and what it means is set out in Australian Government information classifications. Get the level right at the start and the scope holds. Get it wrong and the work is repeated at the assessed entity’s cost.
Do the ISM controls change between OFFICIAL: Sensitive and PROTECTED?
No. A common misconception is that a PROTECTED system is assessed against a larger or harder set of ISM controls than an OFFICIAL: Sensitive one. The control set applicable at both levels is the same, and ASD’s Cloud Controls Matrix confirms that controls applicable at OFFICIAL: Sensitive are equally applicable at PROTECTED. The difference is not in the control framework. It is in the physical, personnel and network obligations set by the PSPF, every one of which falls within the scope of an IRAP assessment. So the real question is rarely which controls apply. It is what the classification demands of your facilities, your people and your network.
What changes between OFFICIAL: Sensitive and PROTECTED?
The control set is constant; the obligations around it scale with the classification. The table sets out where the two levels diverge, and each row sits inside the assessment, not beside it.
| Obligation | OFFICIAL: Sensitive | PROTECTED |
|---|---|---|
| ISM control set | The same control set applies | The same control set applies (the Cloud Controls Matrix confirms it) |
| Physical security | Zone One or Zone Two security area with a standard lockable commercial cabinet | Zone Four or Zone Five security area with a SCEC endorsed Class C security container |
| Personnel | Employment screening check | Baseline security clearance from AGSVA for ongoing access |
| Network and transmission | Encryption of data in transit per the ISM | Transmitted over a PROTECTED or higher network, per the PSPF |
| Authorisation | Standard scrutiny of residual risk | Greater scrutiny of residual risk |
Why confirm the classification before scoping?
Because the classification sets the timeline, the cost and the physical work, not just the paperwork. Take Stackform, a SaaS provider preparing for an agency contract. The agency confirmed the information was classified OFFICIAL: Sensitive. Had it been PROTECTED, the preparation would have started with a facilities and staffing assessment before any ISM controls work began. Meeting PROTECTED physical security is a significant undertaking for a commercial provider without established government facility arrangements, and it should be scoped and costed before the assessment, not discovered mid way through.
Clearance requirements differ too and meaningfully impact IRAP timelines. A Baseline clearance through AGSVA can take weeks to months depending on personal circumstances and the backlog at the time, so the process starts early or it becomes the critical path.
Stackform’s assessment also had to cover its SaaS layer specifically, referencing the cloud provider’s existing assessment for the infrastructure beneath it. The provider’s report did not remove the obligation. It informed how the assessment was scoped. With the classification confirmed, the next decision is which parts of the environment the assessment includes, covered in how to define an IRAP assessment boundary, and whether you need an assessment at all is covered in do you need IRAP to sell to government.
Is authorisation harder at PROTECTED?
Yes, in practice, even though the framework and the process are identical. The ISM controls and the assessment stages do not change. What changes is the weight an authorising officer puts on residual risk. On a PROTECTED system, an unresolved finding carries more consequence, so officers apply greater scrutiny before they accept the risk and authorise the system to operate. The decision is harder to obtain at PROTECTED, which is another reason to confirm the level early and prepare to the obligations it brings. The full picture of how the pieces fit sits in the complete guide to IRAP assessment.
The names of the organisations and individuals have been changed to protect their privacy. The situations described are based on real patterns observed across Australian government and enterprise environments.
Frequently asked questions
The government agency that owns the data decides, under the PSPF. A service provider does not classify data on behalf of an agency. If there is any uncertainty, resolve it with the agency before scoping begins.
No. The ISM control set is the same at both levels. The differences are in the physical security, personnel clearance and network obligations set out in the PSPF, all of which fall within the scope of an IRAP assessment.
A Zone Four or Zone Five security area with a SCEC endorsed Class C security container. OFFICIAL: Sensitive systems require a Zone One or Zone Two security area with a standard lockable commercial cabinet. The gap is significant for commercial providers without established government facility arrangements.
Access to OFFICIAL: Sensitive information requires an employment screening check. Ongoing access to a PROTECTED system requires a Baseline security clearance issued by AGSVA. Clearances can take weeks to months, so start the process before the assessment begins.
Yes, in practice. The ISM framework and the assessment process are the same, but authorising officers apply greater scrutiny to residual risks on PROTECTED systems, and an unresolved finding carries more weight. The authorisation decision is harder to obtain at PROTECTED.
Written by Gaurav Vikash, an ASD endorsed IRAP assessor and senior cyber security leader with 18 years of experience across Australia, the UK and Asia, including CISO and senior security leadership roles. He holds CISSP, CISA, CISM and CRISC and is an ISO 27001 and ISO 42001 Lead Implementer, and speaks regularly at industry conferences.
Talk to us. We aren’t always chasing a transaction.
Sources:
- ASD IRAP, cyber.gov.au, IRAP Consumer Guide, July 2025
- Cloud assessment and authorisation, cyber.gov.au, Cloud Controls Matrix, 2024
- Australian Government security classifications, Style Manual, 2026
- Protective Security Policy Framework, requirement 0109, PSPF 2024
Last updated: 21 June, 2026