This Australian government owned organisation provides safety critical services, many of which are reliant on a wide range of ICT and OT systems. The organisation required all ICT system to be IRAP assessed.
These assessments covered a navigational system, a communications system and a network management system.
The assessments needed to be pragmatic and take into consideration such factors as isolation of critical systems for the corporate network and the Internet and the legacy systems required to support these essential services.
In some cases, this required recommending compensating controls where the standard ISM controls were either not possible or not practical.