BeyondTrust cloud security completes IRAP PROTECTED review by CyberCX

BeyondTrust has announced that four of its security solutions have completed an Information Security Registered Assessors Program (IRAP) assessment at the PROTECTED classification level through a review conducted by CyberCX.

The IRAP assessment, required by Australian government departments before adopting external security platforms, was conducted in line with Phase 1A of the Australian Cyber Security Centre's (ACSC) Cloud Assessment and Authorisation Framework. The assessment covered compliance against the controls set out in the March 2025 version of the Australian Information Security Manual (ISM).

Four BeyondTrust solutions were included in the assessment: Endpoint Privilege Management, Password Safe, Privileged Remote Access, and Remote Support. The assessment process involved a documentation review and technical configuration checks by CyberCX to ensure operational effectiveness at the PROTECTED classification level. This enables government agencies and public sector organisations to make risk-informed decisions about cloud adoption and the use of BeyondTrust's offerings.

The IRAP program is designed to provide assurance that vendor solutions meet strict cybersecurity control requirements for government information that needs protection at higher sensitivity levels. It allows departments to evaluate both the security posture and the compliance of external solutions prior to deployment in their environments.

The assessment period began in March 2025 and was completed in July 2025. CyberCX conducted a technical and procedural evaluation to confirm BeyondTrust's alignment with IRAP and Australian ISM requirements. This verification included an examination of how the company's solutions address the cloud controls matrix, which is instrumental for agencies to assess their own risk when using Software as a Service (SaaS) products and platforms for sensitive information.

Roshi Balendran, Regional Sales Director at BeyondTrust, said the successful assessment enhances BeyondTrust's capacity to serve the public sector and commercial enterprises handling data at the PROTECTED level.

"We are delighted to have successfully completed the IRAP assessment, which now allows BeyondTrust to expand our ability to work with both public sector organisations and commercial businesses that require information to be stored, processed, and communicated at the 'Protected' classification level," said Roshi Balendran. "The IRAP assessment reflects our commitment to our Australian government customers in providing them with industry-leading identity security solutions that help to secure their Paths to Privilege."

Balendran also noted the effect on the company's partners in Australia, specifically referencing potential benefits to the broader market and public sector cyber defences.

"In addition, our Australian channel partners also now have more market opportunities to strengthen the cyber defences of Australian government agencies with a suite of BeyondTrust identity security solutions, which facilitate faster and more informed decision-making processes," Balendran added.

BeyondTrust stated that details of the IRAP assessment are available for customers to review as part of their own due diligence when considering the company's solutions for adoption.

The IRAP assessment and the associated compliance reporting are aimed at helping public sector organisations adopt cloud-based security solutions with confidence that they have undergone rigorous third-party evaluation, confirming alignment with the Australian Government's standards for the protection of sensitive information.