Skip to main content
Media Releases

APRA releases discussion paper on IT security risk management

Friday 8 May 2009



The Australian Prudential Regulation Authority (APRA) has today released for consultation a discussion paper and draft prudential practice guide (PPG) on the management of information technology (IT) security risks by institutions regulated by APRA.

The draft PPG outlines the measures that APRA regards as sound practice in managing security risks associated with IT, and addresses areas where IT security risk management weaknesses continue to be identified as part of APRA’s ongoing supervision activities.

The PPG is not intended to replace existing industry standards and guidelines on IT security. Instead, it provides a set of sound principles for safeguarding IT assets by managing risks and implementing appropriate controls. It is intended for use by senior management, risk management and security specialists (management and operational). These multiple audiences reflect the pervasive nature of IT security management and the need for sound risk management disciplines and solid business understanding to evaluate and manage an institution’s security risk profile.

APRA has consulted with industry and professional associations in preparing the draft PPG and seeks written submissions on the proposed guidance from interested parties by5 June 2009.

The discussion paper and accompanying draft Prudential Practice Guide PPG 234 Management of IT Security Risk are available on the APRA website. 

Media enquiries

Contact Ben McLean, APRA Media Unit, on +61 2 9210 3024

All other enquiries

For more information contact APRA on 1300 558 849.

The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding $6.5 trillion in assets for Australian depositors, policyholders and superannuation fund members.