Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

PwC review lauds ATO's security practices

Tax office a bastion of secure information, review finds.
Page:

The Australian Taxation Office is on top of its game when it comes to information security, an independent investigation has found.

PricewaterhouseCoopers was commissioned last December to do a comprehensive four-month long review of the security practices at the Tax Office.

In his summary notes, PwC partner Mark Ridley, said that as an organisation, "the Tax Office is highly conscious of information security and considers the security of the information with which it is entrusted as a serious business issue."

Furthermore, "the Tax Office compares favourably with other organisations - particularly with regard to security culture - and a strong sense of responsibility for security exists amongst Tax Officers."

The ATO undertook the review as a preventative measure after high profile cases overseas such as in the US and UK that resulted in the loss or disclosure of sensitive information.

"It was clear during the course of this review with meetings with Senior Executives and Management from across the organisation, that the Tax Office generally has a lower appetite for risk in relation to stewardship of client information than many other organizations which we see," the report reads.

"While this evidently stems from the large volumes of personal and corporate sensitive information which the Tax Office processes on a daily basis, the Tax Office appears more security conscious when compared to other organisations with large customer and financial databases."

The ATO came up trumps in many areas. The investigation, titled Information Security Practices Review, also found the ATO's information security governance structures are "generally sound"; it has a clear corporate stance on security matters; has effective education and awareness programs; has a well defined security classification framework; has a range of effective security monitoring mechanisms; and has incident response mechanisms in place.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Australian Taxation Office, PricewaterhouseCoopers, PriceWaterHouseCoopers, PwC
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Why Two Thirds of Enterprise Architecture Projects Fail
    This is the conclusion of a study for the R otterdam U niversity carried out by J onathan B roer in the summer of 2008, ordered by BPM and E A software vendor IDS S cheer. B roer questioned 161 respondents from 89 organizations representing a range of industries about their vision and implementation of the enterprise architecture concept.
    Learn more »
  • Web 2.0 in the Workplace Today
    More than a decade after the term ‘Web 2.0’ was coined, many businesses are still nowhere near to taking full advantage of the collaborative technologies the term refers to. Undoubtedly, confidence is growing in relation to using tools such as Facebook, Skype, Twitter, and indeed many more organisations are using such technology now compared to even just a couple of years ago. But the fact remains that a worrying amount of businesses seem to be operating a ‘lockdown’ approach – an approach that I’m sure many Board-level staff know is simply not good for business in the long-term.
    Learn more »
  • Fixing Your Dropbox Problem - How the Right Data Protection Strategy Can Help
    It’s estimated that more than 50 million people have used public cloud storage services such as Dropbox to share and exchange files. Public cloud services are so easy to use that their openness can undermine existing IT policies regarding the transmission of confidential data. With data volumes threatening to overwhelm onsite storage, IT managers are looking to find a solution that’s affordable and secure. This paper details a simple three-step approach to helping users manage access to the public cloud without placing your data or your business at risk. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.