On 6 July 2015, APRA released an Information Paper1 on outsourcing of shared computer services including cloud computing.
APRA is of the view that cloud computing is not secure or mature enough to manage the risks involved, such as breach of confidentiality or an inability to access information. However it expects the use of shared computing services to continue to evolve, as the maturity of risk management also evolves.
Where shared services are being used for highly sensitive or highly critical IT assets APRA encourages regulated entities to approach these services with caution and consult with APRA prior to entering into the agreement, even if offshoring is not involved.
APRA’s media release2 contains further information.
This article is part of a series on Global Money and Payment Services Privacy and Security Issues.
The contents of this publication, current at the date of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2019