LastPass progresses IRAP assessment


LastPass by LogMeIn has announced it has progressed to the second stage of assessments for the Information Security Registered Assessors Program (IRAP).

Consistent with the approach documented in the ACSC Anatomy of a Cloud Assessment and Authorisation document, LastPass will undergo a Phase 1a IRAP assessment in line with the updated framework. Changes to the assessment were made by the Australian Cyber Security Centre (ACSC) to allow government agencies and departments to have greater choice when it comes to cloud vendors while ensuring that those departments clearly understand any risks and suitability of those solutions to store, process and communicate data.

This development follows the achievement of the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) certification in May this year. The certification is built on the nine principles and 50 program requirements of the APEC Privacy Framework, which was ratified by all 21 APEC economies. The Organisation for Economic Co-operation and Development’s (OECD) “Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data” underpin many of the principles in leading data protection regimes throughout the world, including APEC’s Privacy Framework and the GDPR.

“Our investments around both the IRAP and APEC CBPR certifications prove our commitment to our customers in the Asia Pacific region, said Lindsay Brown, Vice President, Asia Pacific, at LogMeIn. “We continue to see interest in our password and identity management offerings in the region, particularly amongst regulated industries. These investments bring greater assurance to our customers in those spaces.”