IRAP assessment highlights the company's alignment with Australia's cybersecurity standards and reinforces its high standards for trust, safety, and security.
Sydney, Australia – September (September 18, 2025) – LastPass today announced that it has successfully completed the Information Security Registered Assessors Program (IRAP) assessment at the PROTECTED level, reinforcing its commitment to meeting the rigorous security and compliance standards required by the Australian Government.
The IRAP assessment, governed by the Australian Cyber Security Centre (ACSC) and completed by an independent assessor, provides assurance that cloud services meet strict security controls aligned to the Australian Government Information Security Manual (ISM). Achieving PROTECTED status affirms that LastPass platform is suitable for use by Australian Government agencies and other regulated industries handling sensitive information.
"Undergoing the IRAP assessment has sharpened our visibility and governance posture across systems and validated the strength of our overall security program," said Mario Platt, CISO at LastPass. "This reinforces our ability to meet evolving regulatory requirements while reassuring organis ations and individuals that our security approach is both proactive and globally aligned."
Strengthening Security for Australia's Digital Future
By completing IRAP assessment, LastPass demonstrates that its identity and access management solutions align to some of the highest standards of security and governance expected within Australia. This is particularly relevant as government agencies and enterprises navigate heightened requirements under APRA CPS 234, the soon-to-be-updated Security of Critical Infrastructure (SOCI) Act, and the Federal Government's 2023–2030 Cyber Security Strategy.
The successfully completed IRAP assessment enables LastPass to:
- Support Australian Government agencies and partners seeking secure identity and access management services.
- Expand into regulated sectors such as financial services, healthcare, and critical infrastructure.
- Provide assurance to enterprise customers that their data is safeguarded under Australia's most recognised cybersecurity framework.
Commitment to Ongoing Security Excellence
This achievement follows LastPass broader global investment in security, transparency, and compliance, including ongoing advancements in Secure Access Experiences, an evolving framework that unifies visibility, credential hygiene, and access control into one intuitive experience. It's built for organis ations that need to move fast, stay secure, and manage access based on their own policies—not just passwords. Available in Business Max, Secure Access Experiences from LastPass includes SaaS Monitoring and SaaS Protect capabilities that enable businesses with a consolidated view and control of application usage and credential hygiene.
Visit the LastPass Trust Center to view the report and additional completed attestations including ISO 27001, SOC2, and others, as well as policies and security documentation.
About LastPass
