qantas group cyber security policy qantas group cyber security policy

Security Policy. That is, our observations and opinions are only applicable to the time period during which the assessment was undertaken. Qantas Risk Assessment Report COLLEGE OF BUSINESS, LAW & GOVERNANCE GROUP TASK COVER SHEET Subject code: BX3011 Subject title: Company Furthermore, human resource and other policies exist at entity or business unit level, which also outline the minimum expected standards for our people in the context of their employment. Cha c sn phm trong gi hng. This includes the development and implementation of a privacy management plan (PMP). 4.25 Qantas cyber security governance is the responsibility of the Group Cyber Security Committee (GCSC), who monitors, reviews and ensures the effectiveness of cyber risk strategy, systems, policies and procedures. Case Studies - Qantas Customer Story. Therefore, the OAIC recommends that QFF, along with Qantas, formalises the current cyber security governance material, such as the GCSC charter documents, to specifically encompass privacy. Possible adverse regulatory impacts, such as Commissioner Initiated Investigation (CII), public sanctions (CII report) or follow up assessment activities. name, email address, phone number). Safely returning to our ports: Many of the ports we fly to had no or limited activity during the pandemic. 4.80 Qantas Frequent Flyer does not permit access to, or disclosure of, members personal information to any of its program partners and is solely responsible for all communication with its members in relation to program partner products and benefits. Enjoy a choice of fares to match your customers budget in Economy, Premium Economy, Business and First; with flexible conditions unique to group travel. 6.2 The objective of the assessment was to examine whether personal information collected by QFF is handled in accordance with the Privacy Act. The economic contribution of the Qantas Group to Australia in FY 2017. taylor farms lemon garlic vinaigrette recipe; hakchi nes classic game list. Qantas Group also holds monthly direct reporting meetings, and risk is a regular agenda item. The OAIC also notes that Qantas Group intends to create a network of privacy champions, co-ordinated through the Group Privacy Officer. Qantas and its related bodies corporate are referred to as Qantas Group in this report. It operates through five segments: Qantas Domestic, Qantas International, Jetstar Group, Qantas Loyalty, and Corporate. 6.1 This assessment was conducted under s 33C(1)(a) of the Privacy Act, which allows the OAIC to assess whether an entity maintains and handles the personal information it holds in accordance with the APPs. The General Counsel receives weekly briefings on key issues (including privacy matters) from QFF and on an ad hoc basis as needed. If a query relates to a QFF membership, then the call is referred to the QFF specific customer care team. Cyber Security Policy; 5. When a members accumulated Status Credits reach a designated level, their membership tier level increases (for example from Silver to Gold) and they can receive additional membership benefits, including earning higher rates of Qantas Points. This process is documented in a Qantas privacy procedure document, which is a high-level internal document that sets out broad privacy obligations. [10] The Flesch-Kincaid test used to assess the readability of Qantas privacy policy can be accessed at The Readability Test Tool. The CHESS has responsibility for strategy, policy, systems oversight, monitoring and corporate governance over operational risks of the Qantas Group. Qantas works closely with the Australian Government and overseas agencies, regulators, law enforcement and its global partners across the industry to proactively monitor and manage threats and risks. Iron Mountain Horizon, Doniz served as Qantas group CIO from January 2017, and at Boeing will the CIO and senior VP of information technology and data analytics. At the time, the airline said its new cyber security chief would identify and lead programs to "monitor the emergence of new threats and vulnerabilities, assess business impacts, and drive rapid responses to cyber security events." Some complaints were caused by operator error, for example, passing on details to the wrong recipient. QFFSC staff verify a customers identity before assisting the member with their query, including making any corrections. Cyberspace and its underlying infrastructure are vulnerable to a wide range of risks stemming from both physical and cyber threats and hazards. Qantas Airways Limited ABN 16 009 661 901. This is discussed later in this report in the section titled risk management. A select team within QFF have sole access to QFF member information (e.g. Protection from these attacks and the potential financial and public reputation implications associated with unauthorised access to the information we hold is key. Is Okra Good For Fibroid, Security teams are able to react quickly to digital criminals, respond to Zero-Day incidents faster, and reduce the risk exposure timeline. CIOs and CSOs who need to present security issues to their board need to leave acronyms at the door, use PowerPoint presentations and tell stories, according to GPT Group CIO Greg Baster. In the matter of the Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496, the Court found that a financial services provider had breached its licence obligations, and failed to act efficiently or fairly by not having in place adequate risk management systems to cater for risks arising in relation to cyber security. Within this Group-wide plan, there are business unit specific plans, which are owned by key senior staff in each group. The OAIC understands that data privacy and security is marked as one of the top three risks in this document. This button displays the currently selected search type. 4.92 Under APP 1.3, APP entities must have a clearly expressed and up to date APP privacy policy that explains the entitys handling of personal information. How to access Australian Government information, Privacy management framework: enabling compliance and encouraging good practice, Privacy impact assessments and security impact assessments, Guide to undertaking privacy impact assessments, De-identification Decision-Making Framework, Guide to Data Analytics and the Australian Privacy Principles. Like many large organisations, we operate in an environment of ever-evolving cyber threats, where external attackers are always adopting more sophisticated techniques. However, the OAIC noted that the policy was complex, and the Flesch-Kincaid test indicated that it would be easily understood by people with an approximate reading age over 25. 1.2 The scope of this assessment was limited to the consideration of QFFs handling of personal information under Australian Privacy Principle (APP) 1 (open and transparent management of personal information) and APP 5 (notification of collection of personal information). Only a small number of QFF staff can match the anonymous identification number back to a QFF members individual member profile. qantas group cyber security policy - prostarsolares.com [7] The Notifiable Data Breaches Scheme, introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017, requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach. Cyber risk ratings influence business activity from the loading dock to the board room. formalising its current cyber security governance material to incorporate privacy. Together with our government and industry partners, some of the key security improvements in FY22 were: Like most industries, the aviation sector is dependent on data, systems and networks and we take our customers trust in the security of their personal data seriously. A clean desk policy, and non-permanent seating arrangements, necessitating that all personal and confidential items be stored in secure staff lockers. Furthermore, crises are reviewed after resolution to determine the cause of the incident and whether it was preventable. 4.31 Compliance with APP 1.2 is fundamentally about good privacy governance. Cyber Security Consultant at Qantas Group Greater Melbourne Area 500+ connections. Enterprise security management (ESM) issues directly revolve around the management of Qantas group itself. [6] As well as earning and redeeming Qantas Points, QFF membership allows members to earn Status Credits. 4.7 A Qantas Group policy registry is kept by the Company Secretariat for all Qantas Group policies. The cyber safety of Qantas Frequent Flyers is a priority for us. The shark tank proceedings are not recorded. We may contact you using the below methods: A phone call from one of our fraud analysts. Due to this assessments scope, the OAIC did not consider most of these controls in detail. 4.16 The OAIC noted a strong awareness of privacy and information security issues through its review of relevant QFF policy and procedure documents and interviews with staff. Cyber security for Qantas Frequent Flyer accounts We take active, quality measures to help you keep safe online and we also encourage our members to do what's possible to protect their account and personal information. ICT protections, such as firewalls for segregated zones, malware detection software, whitelisting, application patching, encryption of data in transit and regular penetration testing. clear knowledge of information assets held and a range of ICT security measures in place to safeguard these. 4.100 The OAIC reviewed QFFs online notice relating to the collection of information from individuals against the requirements of APP 5 in order to ensure its compliance. 4.81 Program partners are tested for security, IT, and compliance requirements before QFF will agree to a partnership. This enhances the accountability of APP entities in relation to their personal information handling practices. The business resilience framework assists the Qantas Group in the preparation for, and recovery from, adverse incidents affecting the business and our interests. Cyber Security Policy; 5. Socio-cultural. However, based on practices at the time of the assessment, there is a medium risk that privacy issues from the various business units will not be communicated effectively through the existing channels. 4.15 The majority of corrections to personal information are completed by members themselves using the self-service facilities online, however, corrections may also be processed by telephone via an interactive voice system (where the member keys in their PIN) or manually via the QFF Service Centre (QFFSC) staff. 4.30 At the time of the assessment, the Qantas Group was investigating whether it would be required to appoint a data protection officer under the upcoming GDPR requirements. There is also no specific reference to the unique arrangement with Woolworths in the marketing section. Members are required to undergo a telephone identity check and staff follow a security procedure and checklist to guide them through the process. This Code sets out expectations for how we act, solve problems and make decisions. 4.49 QFF liaises with internal and Group staff, external stakeholders and regulators (such as the OAIC) as needed throughout the process. Furthermore, it is the responsibility of each business unit to identify and report risks. Wonderful video celebrating so much of who we are as Australians. 4.84 Data analytics involves amassing, aggregating and analysing large amounts of data. The Qantas Group is constantly improving its cyber capabilities as part of its overall data and privacy protection. The three principles that guide us are: operating with integrity (through our safety, people, community and environment strategies).