LastPass Completes IRAP Assessment: Strengthening Our Commitment to Australian Government Security Standards

Today we’re proud to announce that LastPass has successfully completed an independent assessment under the Australian Signals Directorate’s Infosec Registered Assessors Program (IRAP).  

This milestone marks a significant step forward in our commitment to supporting Australian government agencies with secure, compliant, and locally hosted identity and access management solutions. 

What Is IRAP and Why It Matters 

IRAP is Australia’s highest standard for evaluating the cybersecurity posture of ICT systems, cloud services, and gateways. It provides organisations with access to accredited assessors who independently evaluate systems against the Australian Government Information Security Manual (ISM).  

Developed by the Australian Signals Directorate (ASD), the ISM reflects expert insights and national security priorities. Regularly updated to reflect emerging threats, the ISM includes cybersecurity principles, practical guidelines, and terminology to ensure clarity and consistency across different sectors. Whether securing national infrastructure or corporate networks, the ISM is a foundational tool for building resilient cybersecurity defences. 

 

Completing an IRAP assessment demonstrates alignment with stringent security controls and best practices, especially critical for handling sensitive government data. This assessment reviewed LastPass cloud architecture, data protection mechanisms, access controls, and operational security practices to ensure alignment with the ISM’s stringent requirements. 

For LastPass, this assessment validates our ongoing investment in security, privacy, and compliance in Australia:  

• Local infrastructure: LastPass data residency in Australia ensures sensitive information remains within national borders, supporting compliance with data sovereignty requirements. 

• Dedicated expertise: Our regional team includes security professionals who understand the unique needs of Australian government agencies and enterprises. 

• Security best practices: From zero-knowledge encryption to continuous monitoring and threat detection, LastPass is built to meet global and local security expectations. 

What This Means for Our Customers 

For Australian government agencies, selecting an IRAP-assessed solution is essential to meeting regulatory requirements and protecting sensitive data. Here’s why: 

• Enhanced trust for Australian government and enterprises: Government agencies and regulated industries in Australia can now confidently consider LastPass as part of their security ecosystem, knowing it has met the rigorous standards of an IRAP assessment. 

• Independent validation of security posture: The IRAP assessment provides third-party validation of our security controls, reinforcing our commitment to transparency and continuous improvement. 

• Alignment with Australian cybersecurity standards: By aligning with the ISM, LastPass demonstrates its dedication to meeting local compliance requirements and supporting sovereign cybersecurity initiatives. 

Built for Security, Designed for People 

Trusted by millions of users and thousands of organisations worldwide, with IRAP now complete, we’re proud to extend that trust to Australian government agencies and critical infrastructure providers. 

And as threats evolve, so do we. We’ll continue to invest in local infrastructure, compliance initiatives, and partnerships that help our customers stay ahead of risk while keeping their data safe, accessible, and under control. 

Whether you’re a government agency, critical infrastructure, SMB, or enterprise organisation, LastPass is ready to support your mission with the tools and trust you need. 

 

To learn more about how LastPass supports Australian government agencies, reach out to our team.