On 6 July 2015, APRA released an Information Paper1 on outsourcing of shared computer services including cloud computing.
APRA is of the view that cloud computing is not secure or mature enough to manage the risks involved, such as breach of confidentiality or an inability to access information. However it expects the use of shared computing services to continue to evolve, as the maturity of risk management also evolves.
Where shared services are being used for highly sensitive or highly critical IT assets APRA encourages regulated entities to approach these services with caution and consult with APRA prior to entering into the agreement, even if offshoring is not involved.
APRA’s media release2 contains further information.
This article is part of a series on Global Money and Payment Services Privacy and Security Issues.
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2020