28 July, 2015
On 6 July 2015, APRA released an Information Paper1 on outsourcing of shared computer services including cloud computing. APRA is of the view that cloud computing is not secure or mature enough to manage the risks involved, such as breach of confidentiality or an inability to access information. However it expects the use of shared computing services to continue to evolve, as the maturity of risk management also evolves.
Where shared services are being used for highly sensitive or highly critical IT assets APRA encourages regulated entities to approach these services with caution and consult with APRA prior to entering into the agreement, even if offshoring is not involved.
APRA’s media release2 contains further information.
Endnotes
- Outsourcing involved shared computing services (including cloud).
- APRA releases information paper on outsourcing involving shared computing services, including cloud.
For further information, please contact:
Tony Joyner, Partner, Herbert Smith Freehills
tony.joyner@hsf.com
