qantas group cyber security policy qantas group cyber security policy

The Group Policies apply to Qantas Group entities and employees in line with the Groups Corporate Governance Framework. We remain committed to minimising the risk of workplace injuries, including those associated with mental health risks. In order to provide greater transparency for customers, the OAIC suggests that the policy clearly identify this information as sensitive information.. CIOs and CSOs who need to present security issues to their board need to leave acronyms at the door, use PowerPoint presentations and tell stories, according to GPT Group CIO Greg Baster. fieldwork, which included interviewing key members of staff and reviewing further documentation, at the QFF offices in Mascot on 25 May and 1 June 2017. These are some of the factors we use to calculate the overall score: Discover open access points, insecure or misconfigured SSL certificates, or database vulnerabilities. Credit: Qantas Airways Limited. 1.2 The scope of this assessment was limited to the consideration of QFFs handling of personal information under Australian Privacy Principle (APP) 1 (open and transparent management of personal information) and APP 5 (notification of collection of personal information). Protection from these attacks and the potential financial and public reputation implications associated with unauthorised access to the information we hold is key. Londons Heathrow airport last year outlined plans for a 50m project to implement Qantas urges govt to chip in for cyber incident interventions Law 'may not achieve objective without funding'. There are multiple safeguards to prevent and detect this activity and on several occasions over the years we have worked closely with law enforcement to apprehend those involved. Privacy related matters will also be raised during short stand-up meetings, where staff consult each other or offer suggestions on different matters and projects. 4.87 Based on the OAICs review of documents and interviews with QFF staff, there appears to be effective privacy safeguards in place for QFFs marketing and data analytics activities. Access to QFF data requires specific authorisation. qantas group cyber security policy - darmoweszablonycanva.pl A Qantas 747-438(ER) VH-OEH departs runway 16 at YMML bound for the Antarctic (Victor Pody) Qantas has pushed back its plan to restart international flying from 31 October to late December 2021 following the news that borders are unlikely to open until mid-2022. Qantas Frequent Flyer and Qantas could also consider using graphics, videos and other digital formats as a way of clearly communicating to its members how it handles personal information. Some complaints were caused by operator error, for example, passing on details to the wrong recipient. Welcome to Qantas Group Travel. Legal also provides more tailored face-to-face privacy training to various QFF units on an ad hoc basis. TPG Telecom announced on Tuesday it has picked up a five-year deal to handle fixed and mobile voice services for Qantas. Matt Biber has been working as a Group of Qantas Cyber Security Centre Head (Gcsc) at Qantas for 8 years. During the pandemic, our Wellbeing program expanded from a focus on traditional areas of health and wellbeing physical health, nutrition, sleep, exercise and mental health to include financial wellbeing, healthy relationships and digital wellbeing. However, as with the privacy policy, the language used in the notice is complex, and may be difficult for some readers, who are younger or with a lower literacy level, to understand. Qantas has ordered 20 Airbus A321XLRs and 20 A220-300s narrow jets. 4.44 The Group-wide crisis management plan is comprised of a series of procedures that enable staff to respond to the various kinds of crises that may arise across the Group. 4.22 QFF staff have a good awareness of privacy issues. Our Fraud and Scams teams are monitoring 24/7 for any suspicious activity across the Westpac Group, using industry best practice security and fraud detection techniques. The time taken to resolve complaints depends on their complexity. The OAIC is of the view that the clarification and formalisation of the existing cybersecurity arrangements to explicitly include privacy would adequately provide good privacy governance. The Group Policies apply to Qantas Group entities and employees in line with the Groups Corporate Governance Framework. The security chief said foreign spy agencies posed a major threat to the privacy of the 40 million passengers flying Qantas each year. "For Qantas, doing business responsibly isn't just the right thing to do it's also the smart thing to do. Staff are encouraged to clarify the members exact needs before proceeding with an access request. Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. The OAIC understands that data privacy and security is marked as one of the top three risks in this document. Staff must complete the test with a 100% pass rate. Continuing Qantas collaboration with the Australian Government on cyber security to proactively monitor emerging threats, and to enhance the protection of our people, customers and assets. 4.47 QFF maintains a cyber incident register, which includes data breaches and online fraud. Iron Mountain Horizon, 3.8 QFF stores data in a separate, partitioned section of the Qantas Group IT Environment. How to access Australian Government information, Privacy management framework: enabling compliance and encouraging good practice, Privacy impact assessments and security impact assessments, Guide to undertaking privacy impact assessments, De-identification Decision-Making Framework, Guide to Data Analytics and the Australian Privacy Principles. 5.6 Prior to the OAIC assessment in May/June 2017, the Qantas Group was already expanding its cyber security governance processes and materials to include increased focus on privacy. 4.92 Under APP 1.3, APP entities must have a clearly expressed and up to date APP privacy policy that explains the entitys handling of personal information. [12] See paragraphs 1.33 and 1.34 of the APP Guidelines. All SIAs are recorded in the system and can be recalled or examined as needed. How can I be sure my Frequent Flyer account details are secure? There are less than ten users with administrative access privileges, and these accounts are also logged, as are any data changes in the data warehouse. 1.5 The OAIC identified two medium risks regarding QFFs privacy governance and evaluation of the continued effectiveness and appropriateness of its privacy practices, procedures and systems, and made two recommendations to address the risks identified. [3] See Qantas Annual Report 2016 at Annual Reports. 4.53 Formal PIAs are generally only undertaken for major projects. However, based on practices at the time of the assessment, there is a medium risk that privacy issues from the various business units will not be communicated effectively through the existing channels. alfa romeo mito maserati usata; firehouse bakersfield bowling prices; keith winter fife council; cartel's cartel stallion Qantas Domestic has a growing margin advantage over competitors, with a brand, network and product offering targeted at business and premium leisure customers who value Qantas has joined other sectors in asking the government to at least partially cover the cost of complying with proposed laws aimed at better defending the countrys critical infrastructure networks and systems from cyber attacks. ProStarSolar > Blog Classic > Uncategorized > qantas group cyber security policy. 4.14 Requests to access personal information and privacy queries are also handled through the Customer Care Centre. QFF, as a business unit, would have the opportunity to share its learnings, as well as to learn from the experiences of other business units. Matt Biber Email & Phone Number - Qantas | ZoomInfo Once notified, incidents are escalated as appropriate. Staff are required to undertake a SIA at the beginning of a new project to identity any privacy and security risks. CHESS also has oversight of risks associated with regulatory compliance. As part of this review, the OAIC applied a Flesch-Kincaid test to provide a general indication of the complexity and readability of the policy. We brought grounded aircraft back into service, our employees came back to work after being stood down, and we opened or reopened flying to ports that we had not flown to in over a year and to some that had not seen an aircraft in that time. We are continually working to expand employee awareness of evolving data security risks, including through no notice simulations and structured training. By continuing to use this system you confirm your acceptance of the above. The safety and wellbeing of our customers and people is our highest priority. 4.32 Whilst QFF has numerous governance mechanisms and structures in place to facilitate privacy management, the OAIC notes that there are no specific, dedicated privacy roles within Qantas or QFF (with the exception of the recently appointed Group Privacy Officer). Qantas Location 10 Bourke Rd, Mascot, New South Wales, 2020, Australia Description Industry Airlines, Airports & Air Services Transportation The most important thing is clarity. 4.94 The OAIC reviewed this privacy policy against the requirements of APP 1. [4] Qantas Points may then be redeemed for products or services. Contester Contravention Repentigny, Paula Searle - Qantas Group Cyber Security Awareness and - LinkedIn Legal generally relies on deductive reasoning rather than a formal document or checklist to identify any privacy issues. We take active, quality measures to help you keep safe online and we also encourage our members to do what's possible to protect their account and personal information. QFF regards personal information as its chief business asset and has invested multiple resources to safeguard it. 4.99 APP 5 requires APP entities that collect personal information about an individual to take reasonable steps either to notify the individual of certain matters (listed in APP 5.2) or to ensure the individual is aware of those matters. At the time, the airline said its new cyber security chief would identify and lead programs to "monitor the emergence of new threats and vulnerabilities, assess business impacts, and drive rapid responses to cyber security events." These controls include: 4.72 Overall, QFF has established robust ICT and user access policies, procedures and practices governing the security of personal information. 4.88 Additionally, given the amount of personal information that QFF handles and the extent of its use in marketing and data analytics projects (whether in identified or de-identified forms), the OAIC also suggests that QFF continue to monitor and assess the risks of these projects as they progress, including any risk surrounding re-identification or the creation of new data sets.