OakAttest Request access

Australian IRAP & ISM assessment · scoping to certification

Every oak starts with an acorn.
Every assessment starts with evidence.

OakAttest takes an Australian IRAP or ISM assessment from scoping to defensible certification, with evidence chain of custody, role-aware access, and a full audit trail. One hosted platform for the ASD ISM, Essential Eight, NIST 800-53, SOC 2 and ISO 27001 — with Australian data residency.

Request access See it in action

Hosted by us · Invite-based access · Australian data residency · Append-only audit

One platform, three jobs

  • Every framework

    Assess against the ISM, NIST 800-53, SOC 2 or ISO 27001, scoped the right way per engagement.

    Frameworks →

  • Built for MSPs

    One instance, many MSPs, many isolated client tenants. Provision, invite, and drop in.

    For MSPs →

  • Collaboration

    Internal threads with @mentions and notifications, plus watch engagements for changes.

    Collaboration →

The whole lifecycle, in order

  1. 1ScopingBoundary, applicability, Statement of Applicability.
  2. 2EvidenceRequests, uploads, chain of custody.
  3. 3FieldworkInterviews, assessment notes, methods.
  4. 4FindingsSeverity, remediation, sign-off.
  5. 5CertificationSigned, defensible certification records.

A working assessment instrument

Calm, dense, built for repeated work. Click any screen to view it full size.

OakAttest engagement dashboard
Dashboard
Scope, boundary and applicability worksheet
Scope and applicability
Findings register
Findings
Certification record
Certification
Assessment coverage blockers
Coverage
Burl AI assistant answering engagement questions
Burl, your AI helper

Bring every assessment into one place.

From a single IRAP engagement to a full MSP practice across frameworks.

Request access