On 6 July 2015, APRA released an Information Paper1 on outsourcing of shared computer services including cloud computing.
APRA is of the view that cloud computing is not secure or mature enough to manage the risks involved, such as breach of confidentiality or an inability to access information. However it expects the use of shared computing services to continue to evolve, as the maturity of risk management also evolves.
Where shared services are being used for highly sensitive or highly critical IT assets APRA encourages regulated entities to approach these services with caution and consult with APRA prior to entering into the agreement, even if offshoring is not involved.
APRA’s media release2 contains further information.
This article is part of a series on Global Money and Payment Services Privacy and Security Issues.
- Outsourcing involved shared computing services (including cloud).
- APRA releases information paper on outsourcing involving shared computing services, including cloud.