Skip to main content

APRA Connect information security and technical specifications

Last updated: 16 May 2023

APRA Connect information security

All information collected through APRA Connect is encrypted in transit and at rest in both the test and production environments. This applies to all interactions with and functions of APRA Connect including user authentication and access.

Data storage

APRA Connect is hosted in APRA’s data centre in Australia and data provided by entities will remain within Australia.

Information Security Registered Assessors Program (IRAP) assessment

APRA engaged with an independent party to conduct an Information Security Registered Assessors Program (IRAP) assessment, to ensure compliance with the Australian Government Information Security Manual. This process ensured that APRA Connect’s security controls are appropriate and effective. Vulnerability assessment and penetration tests have also been conducted.

Security standards and guidance

APRA requires reporting entities to comply with the Prudential Standard CPS 234 Information Security, and take the necessary measures to be resilient against information security incidents. This includes protecting sensitive data in non-production environments. Entities are responsible for maintaining a secure environment when accessing the new solution from their own environment.

Draft data is stored in APRA’s database

Once return data is uploaded into APRA Connect, it is visible to APRA. This means that draft data uploaded, or data partially completed and saved in APRA Connect is accessible by APRA.

APRA Connect technical specifications

The following table outlines the technical specifications for APRA Connect.

Subject

Specification

Operating system

APRA Connect does not depend on the operating system, provided the web browser is supported.

Web browsers

 

APRA Connect is compatible with major web browsers. The most recent three versions of each of these browsers are recommended:

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Safari

Screen resolution

1920 x 1080 pixels or higher

Adobe Acrobat DC

Version 7.0 or above

Accepted file submission formats

Manual entry, XML, XBRL, and Excel. The appropriate file formats will be defined for each new collection as part of the industry consultation process.

Accepted file formats for supporting document uploads

.xls, .xlsx, .csv, .doc, .docx, .pdf, .ppt, .pptx, .jpeg, .jpg, .png, .bmp, .tif, .gif, .zip

File size upload – for ad hoc

30 MB maximum

URL

Production environment: https://connect.apra.gov.au

Test environment: https://connect-test.apra.gov.au

API technical specification

To be provided when this functionality is available

Authentication

APRA Connect is integrated with the Australian Government Digital Identity System:

  • Using myGovID as identity provider; and
  • Relationship Authorisation Manager (RAM) as the authentication solution.

All users need to use myGovID to verify their identity and be linked to their organisation using RAM to access APRA services on its behalf.

Using APRA Connect

Refer to the APRA Connect support material which includes the Guide and frequently asked questions. Contact the team at dataanalytics@apra.gov.au.

Technical issues?
 

Log a support request with the Service Desk at support@apra.gov.au and ensure that you include the ABN of the entity the issue relates to.

For urgent issues call +61 2 9210 3400 between 9am and 5pm AEST weekdays.

Need help with Digital Identity?
 

Please refer to published material for help with  the Australian Government , myGovID and RAM