Skyhigh Security Renews IRAP Assessment at PROTECTED Level for 2026

By Sarang Warudkar and Stuart Bayliss -

May 21, 2026 5 Minute Read

As Australian government agencies and regulated enterprises accelerate cloud adoption, the need for independently assessed, government-endorsed cloud security has never been greater. We are pleased to announce that Skyhigh Security has successfully completed its Information Security Registered Assessors Program (IRAP) assessment at the PROTECTED security classification level for 2026.

This renewal confirms that the Skyhigh Security Service Edge (SSE) Portfolio continues to align the Australian Government’s stringent security requirements, providing public sector agencies and regulated enterprises with the assurance they need to handle sensitive and classified workloads in the cloud.

What is IRAP?

The Information Security Registered Assessors Program (IRAP) is a security compliance framework developed by the Australian Signals Directorate (ASD) and administered by the Australian Cyber Security Centre (ACSC). IRAP provides Australian Commonwealth government entities with a framework to:

• Assess the security controls of cloud service providers against the Australian Government Information Security Manual (ISM)
• Identify risks associated with adopting cloud services for sensitive and classified workloads
• Provide independent assurance that vendors have appropriate controls in place before being entrusted with government data

The PROTECTED classification level is one of the highest levels assessed under IRAP, covering information whose compromise could cause significant damage to national interests, organisations, or individuals. Cloud service providers assessed at PROTECTED level have demonstrated that their security controls are appropriate for handling the most sensitive categories of Australian government data.

Skyhigh Security’s IRAP Journey

Skyhigh Security’s IRAP credentials span several years, demonstrating sustained investment in Australian government compliance:

• 2020 —> Skyhigh CASB assessed at IRAP PROTECTED level
• 2023 —> Skyhigh SSE Platform assessed at IRAP PROTECTED level
• 2026 —> IRAP PROTECTED assessment renewed, covering the complete Skyhigh SSE Portfolio

Each cycle reinforces Skyhigh’s commitment not just to achieving compliance, but to maintaining it, ensuring that the controls we have in place continue to operate effectively as the threat landscape and regulatory requirements evolve.

What This Means for Australian Government Agencies

With the 2026 IRAP renewal, Australian government agencies and regulated enterprises can confidently deploy the full Skyhigh SSE Portfolio; including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Advanced Data Loss Prevention (DLP), knowing that:

• Security controls have been independently assessed against the Australian Government ISM at PROTECTED level
• The platform provides a single Data Loss Prevention (DLP) engine with centralised management, unified policy framework, and multi-layered security technologies suited to sensitive government environments
• Skyhigh SSE provides visibility and control of data in the cloud regardless of where it resides; in use, at rest, or in motion
• The platform supports sovereign data requirements and can be deployed in configurations meeting Australian data residency expectations

“Achieving IRAP PROTECTED classification across our unified SSE platform provides Australian government agencies with independently validated assurance to adopt advanced security capabilities. This includes Data Security Posture Management (DSPM) and AI security, enabling secure visibility, governance, and protection of sensitive data while supporting the adoption of AI technologies within regulated environments” – Karthik Viswanathan, VP & GM APJ, Skyhigh Security

The Significance of PROTECTED Level Assessment

Many cloud security vendors operate only at lower classification levels. Achieving and renewing an IRAP assessment at PROTECTED level places Skyhigh Security in an exclusive group of providers that have demonstrated the capability and controls to support Australia’s most sensitive government workloads.

For security and procurement teams, an IRAP PROTECTED assessment simplifies the vendor evaluation process; providing independent assurance that reduces assessment overhead and accelerates the path to secure cloud adoption for government agencies.

A Comprehensive Compliance Portfolio for the APJ Region

The IRAP 2026 renewal is part of Skyhigh Security’s broader commitment to help in supporting regulated industries across the Asia Pacific and Japan (APJ) region. Our portfolio aligns with key regulatory frameworks and supports organizations in their compliance efforts, including:

• IRAP PROTECTED (2026) —> Australian Government cloud security
• DPDPA —> India’s Data Protection and Digital Privacy Act
• ISO/IEC 27001 —> International information security management
• SOC 2 Type II —> AICPA Trust Services Criteria
• CSA STAR Level 1 —> Cloud Security Alliance global benchmark

For a full view of our certifications and compliance posture, visit the Skyhigh Security Trust Center: skyhighsecurity.com/about/certification.html

نبذة عن IRAP

The Information Security Registered Assessors Program (IRAP) is administered by the Australian Cyber Security Centre (ACSC) within the Australian Signals Directorate (ASD). IRAP endorses individuals from the private and public sectors to provide independent security assessment services, ensuring that cloud service providers meet the Australian Government’s security requirements before being entrusted with government data.

For more information about the IRAP framework, visit: cyber.gov.au/acsc/view-all-content/programs/irap

Skyhigh Security was recognized in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE), published May 20, 2025, which evaluates vendors based on their Ability to Execute and Completeness of Vision. This report, which evaluates industry leaders based on their Ability to Execute and Completeness of Vision, serves as a testament to our ongoing innovation and market leadership. In the companion 2025 Gartner® Critical Capabilities for Security Service Edge report, Skyhigh Security achieved the highest score in the Data Security Use Case, once again reaffirming our multi-year leadership in data protection as a core differentiator of the Skyhigh SSE Portfolio. This recognition reflects our sustained investment in a unified, data-first SSE platform purpose-built for highly regulated industries, combining Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA) through a single cloud-native console, with advanced Data Loss Prevention (DLP) at its core.

The information contained in this document reflects Skyhigh Security’s views and opinions on the subject matter and is provided for informational purposes only. Nothing in this document constitutes or should be construed as legal advice. Customers are solely responsible for assessing their own compliance obligations under applicable laws and regulations. The use of Skyhigh Security products or services does not guarantee, warrant, or ensure that customers will achieve or maintain compliance with any local, national, or international legal or regulatory requirements. We recommend consulting qualified legal counsel for guidance specific to your organization’s compliance needs.

العودة إلى المدونات