SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Ping identity
#
Data Protection
#
MFA
#
Cloud Security

Ping Identity wins PROTECTED IRAP nod in Australia

Wed, 11th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Ping Identity has secured a PROTECTED-level assessment for its PingOne Advanced Identity Cloud under the Australian Government's Information Security Registered Assessors Program (IRAP). The result could influence how government agencies and regulated organisations evaluate and procure cloud-based identity services.

The assessment indicates the service aligns with Australian Government expectations for systems handling sensitive information. It also confirms the platform's controls have been independently reviewed against benchmarks used across the public sector.

IRAP framework

IRAP, associated with the Australian Signals Directorate (ASD), uses ASD-endorsed assessors to evaluate ICT systems against the Australian Government Information Security Manual (ISM). Assessments review security controls and consider alignment with the Protective Security Policy Framework.

PROTECTED is a government classification describing the sensitivity of information and the safeguards expected for systems that store, process, or transmit it. In procurement, agencies often use IRAP outcomes as part of cloud risk reviews, alongside contractual and operational requirements.

PingOne Advanced Identity Cloud is part of Ping Identity's identity and access management portfolio. Identity systems sit at the centre of login, authentication, and access decisions across employee and customer applications. As a result, identity tooling is a key focus for cyber security and compliance teams, particularly in highly regulated sectors.

Public sector focus

Government agencies and critical industries in Australia and New Zealand have increased scrutiny of cloud services in recent years. Many organisations now require independent assurance that a supplier's cloud controls map to local standards, especially when services touch citizen data, health information, financial records, or sensitive operational systems.

Ping Identity positioned the outcome as part of its approach to operating in regulated environments across the region, linking it to expectations around data residency and assurance.

"This is a major milestone in our commitment to security, data residency, and trust," said Russ Kirby, CISO, Ping Identity. "Meeting the rigorous requirements of the Australian Government Information Security Manual reinforces our ability to support government and regulated industries with confidence, aligning our controls and infrastructure with the highest regional standards."

IRAP is not a blanket approval for all deployments or use cases. Agencies still apply their own security risk assessments and architecture reviews, including how a service will be implemented, how identities are governed, and how access policies are maintained over time.

Even so, assessed status can shorten early-stage evaluation for buyers that must demonstrate due diligence against the ISM. It can also simplify discussions between security and procurement teams when suppliers can present an independent assessment mapped to a known government framework.

That dynamic matters for identity providers because deployments often span multiple business units and external user groups. Identity services also integrate with directories, HR systems, customer platforms, and third-party applications, creating a broad security and compliance footprint that must withstand audit scrutiny.

Ping Identity described the assessment as strengthening its position in the Australian public sector and regulated industries, while highlighting the partnerships and ongoing operational responsibilities that come with hosting cloud services handling sensitive authentication and access data.

"In completing this IRAP assessment, we strengthen our position in the public sector, deepen our partnerships, and demonstrate that security is embedded in everything we do," said Ash Diffey, VP, ANZ, Ping Identity. "This milestone reflects our ongoing responsibility to protect data, manage risk proactively, and maintain the trust our customers place in us every day."

Across Australia and New Zealand, identity management has become a core part of broader cyber security strategies. Organisations are balancing tighter access controls with pressure to improve user experience, manage third-party access, and reduce reliance on passwords. Meanwhile, threats targeting credentials, session tokens, and account recovery have pushed identity systems further into the spotlight.

As cloud adoption grows in government, IRAP assessments have become more prominent. Agencies are also asking more detailed questions about logging, monitoring, incident response, and the segregation of customer environments. For suppliers, this increases the need to show how controls are designed and operated on an ongoing basis.

Ping Identity's PROTECTED-level IRAP assessment for PingOne Advanced Identity Cloud is likely to feature in future discussions with agencies and regulated enterprises that require an ISM-aligned assurance artefact for procurement and risk governance.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack