(The following is a quote from the AdminPARTNERS "A-Lock" security document.)
APRA have developed a Prudential Practice Guide (PPG234) to assist APRA regulated institutions and their outsourced service providers in managing IT security risk. PG234 recommends a risk based approach whereby risk management controls are developed to respond to existing and emerging IT security risks.
APRA – Prudential Practice Guide: PPG234 – Management of security risk in information and information technology can be found here:- PPG234 and at http://www.apra.gov.au/Super/PrudentialFramework/Documents/PPG_PPG234_MSRIT_012010_v7.pdf.
AdminPARTNERS have responded to this document (PPG234) and describes the policy, standards, guidelines and procedures that it (AdminPARTNERS) employs to manage security threats to its business, systems and the respective sensitive client data mastered on these systems.
This document outlines the security measures in place as well as roles and responsibilities of all staff to achieve effective security management. This document is formally reviewed by the AdminPARTNERS security committee on an annual basis or immediately after the identification of a new threat or security breach.
The A-Lock framework governs the behaviour, architecture, configuration or appropriate controls that AdminPARTNERS apply to its IT assets and people to mitigate against security threats to sensitive data and business. This governance applies to any asset or person that may access AdminPARTNERS systems, or data kept within AdminPARTNERS systems.
The A-Lock framework is underpinned by a cyclic process of risk identification, assessment and mitigation, as well as continual and dynamic review of the A-Lock framework:
A-Lock defines the following ...
An amended version of the A-Lock document can be found here.