INFOSEC Assurance Training and Rating Program

We realize that many students have not had their name added to the IATRP certified list, or information updated. We apologize for the delays and any inconvenience. The website is in the process of being reworked without any change to what you should see. Please contact iatrp@iatrp.com if you feel your information is not correct or needs updating. Thank you for your patience and we apologize for any inconvenience.

The IEM consists of a standard set of activities required to perform an INFOSEC evaluation. In other words, the methodology explains the depth and breadth of the evaluation activities that must be performed to be acceptable within the IATRP. The IEM "sets the bar" for what needs to be done for an activity to be considered a complete INFOSEC Evaluation. Providers who advertise an INFOSEC evaluation capability and consumers seeking assistance in performing INFOSEC Evaluations should use the IEM as the baseline for their discussions. Because the IEM is a baseline, providers can expand upon it to further meet the needs of the customers. However, any "expansion" must not reduce or interfere with the original intent of any IEM activity.

The IEM baseline activities include:

On-site customer coordination Information criticality analysis Identifying customer concerns Documented INFOSEC Evaluation Plan

On-site information gathering of the IEM minimal information categories Documented final report findings and recommendations Diagnostic Tool Output