gbrain: sync converted org-mode brain files

ideas/compliance/irap.org

@@ -0,0 +1,23 @@
+:PROPERTIES:
+:ID:       auto-irap
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: 
+#+filetags: :passepartout:compliance:framework:irap:
+
+
+** IRAP (Infosec Registered Assessors Program)
+
+Australian government's cloud security assessment program — analogous to
+FedRAMP. Cloud services used by Australian government agencies must have an
+IRAP assessment. Managed by the Australian Cyber Security Centre (ACSC).
+Assessment levels: Protected (highest), Secret (top secret), Unclassified DLM.
+
+Who must comply: Cloud providers selling to Australian federal, state, and
+local government agencies. Also critical infrastructure providers.
+
+Why it matters: Like FedRAMP and ISMAP, IRAP is a procurement gate. An IRAP
+Protected-level assessment is expensive and takes 6-12 months. First-mover
+advantage: the gate stack's deterministic audit trail can be the primary
+evidence artifact, reducing assessment scope/cost.
+