APRA releases guidance on the management of security risk in information and information technology
The Australian Prudential Regulation Authority (APRA) has today published a prudential practice guide (PPG) on the management of security risk in information and information technology (IT) by institutions supervised by APRA.
A draft PPG and discussion paper on this topic were released for public consultation on 8 May 2009 as Prudential Practice Guide PPG 234 Management of IT Security Risk. Response to the consultation package was positive and no material issues were raised.
The final PPG aims to target areas where APRA’s ongoing supervisory activities continue to identify weaknesses. Topics addressed include the importance of an overarching framework, systematic IT asset life-cycle management, effective monitoring processes and robust IT security reporting and assurance mechanisms.
The PPG is designed to provide guidance to senior management, risk management and IT security specialists (management and operational). It does not seek to provide an all-encompassing framework nor to replace or endorse existing industry standards and guidelines.
The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, mutuals, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding around $9 trillion in assets for Australian depositors, policyholders and superannuation fund members.