Wednesday, 6 February 2008

APRA and protecting Finacial Records.

APRA in 2004 stated:
19. The technical resources that a [licensed superannuation fund trustee] is required to maintain, or have access to, at an adequate level include, but are not limited to: …
(b)adequate systems and resources to ensure protection, security and privacy of confidential, personal and sensitive material; and …
(d) evidence of the inclusion in the risk management framework of processes to ensure security of records and compliance with statutory privacy laws
.” (pp. 8-9)
APRA Guidance Notes and Circulars, July 2004, Superannuation guidance note SGN 140.1 - http://www.apra.gov.au/Superannuation/upload/SGN-140-1-Adequacy-of-resources.pdf

APRA also advise that security should be specifically addressed in any ‘outsourcing’ contracts
APRA Guidance Notes and Circulars, July 2004, Superannuation guidance note SGN 130.1 - http://www.apra.gov.au/Superannuation/upload/SGN-130-1-Outsourcing.pdf, and Prudential Standard APS 231- Outsourcing - http://www.apra.gov.au/policy/final_adi_standards/APS231.pdf

So what does this mean? If yoiu are running a licensed superannuation fund you do not get to hand the need for securing your system to somebody else.

No comments: