Skip to main content

Technical information - technical specifications and information security

Technical information - technical specifications

Last updated: 30 July 2019

The following table outlines the technical specifications for the new solution. Further specifications will be provided as APRA finalises the solution design.

You can download a copy of the technical specifications: 

Last updated 30 July 2019


Subject Specification

Web browsers

The new solution is compatible with selected web browsers and versions (as at July 2019)

Google Chrome

  • V75.0.3770 (current version) 
  • V74.0.3729
  • V73.0.3683

Microsoft Internet Explorer

  • Internet Explorer 11

Microsoft Edge

  • V44.18362.1.0 (current version)
  • V44.17763

Mozilla Firefox

  • 67.0.4 (current version)
  • 67.0.3


  • 12.1.1 (current version)
  • 11.1.2
  • 10.1.2
Operating system The new solution does not depend on the operating system, provided the web browser is supported.
Screen resolution 1920 x 1080 pixels or higher
Adobe Acrobat Reader Version 7.0 or above
Accepted file submission formats Manual entry, XML and XBRL
Accepted file formats for supporting document uploads XLS, XLSX, CSV, DOC, DOCX, PDF, PPT, PPTX and ZIP
File size update 30 MB (existing channels will continue for larger files)
Domain Name System (DNS) DNS for the new solution to enable entities to configure firewalls will be provided at a later date
API technical specification This will be provided when available

Technical information - information security

Last updated: 30 July 2019

All information collected through the new Data Collection Solution will be encrypted in transit and at rest in both the test and production environments. This applies to all interactions with, and functions of the new solution including user authentication and access, transmission of entity returns and storage of submitted data. 

Data storage 

Data provided by entities will remain within Australia and the new solution will be hosted within APRA’s data centres in Australia.

Information Security Registered Assessors Program (IRAP) assessment

APRA is engaging with an independent party to conduct an Information Security Registered Assessors Program (IRAP) assessment, to ensure compliance with the Australian Government Information Security Manual. This process will assess whether the new solution’s security controls are appropriate and effective, and will identify if any security deficiencies exist. Identified deficiencies will be remediated prior to go-live. APRA will also ensure the new solution successfully passes a vulnerability assessment and penetration test.

Security standards and guidance 

APRA requires reporting entities to comply with the Prudential Standard CPS 234 Information Security, and take the necessary measures to be resilient against information security incidents. This includes protecting sensitive data in non-production environments (i.e. test environment). Entities are responsible for maintaining a secure environment when accessing the new solution from their own environment. 

Draft data is stored in APRA’s database

Once data is uploaded into the new solution, it is visible to APRA. This means that draft data uploaded, or data partially completed and saved in APRA’s database (as part of the solution) is accessible by APRA. However, this data will not be readily viewed by APRA and APRA will not use any data or information saved as draft for supervisory purposes.