qantas group cyber security policy qantas group cyber security policy

The Qantas Group online Privacy Statement includes a link to a feedback form that is pre-populated to classify the matter as privacy related. How We Use Your Personal Information. Protection from these attacks and the potential financial and public reputation implications associated with unauthorised access to the information we hold is key. Where privacy complaints are received outside of this process (including by phone or by mail), a file/record is created in the complaints handling system. All SIAs are recorded in the system and can be recalled or examined as needed. 4.69 At the time of the assessment, QFF had recently undertaken a test exercise, where IT sent false phishing emails to selected QFF staff email accounts. All analytic insights work is run in a de-identified environment by a separate team using the anonymous identification number discussed above at 4.71, which enables analysts to examine behaviours and answer questions without referring to personal information. This role reports into the Head of Group Cyber Security Centre (GCSC), providing a group-wide service of cyber security operational incident response, containment and support. Our Fly Well program included a number of temporary and existing wellbeing measures to safeguard travel during the pandemic, to give our customers peace-of-mind at each point of their journey across our Australian domestic, trans-Tasman and international networks. Safe growth: The Qantas Group has announced orders for a range of new aircraft. Cyber risk ratings influence business activity from the loading dock to the board room. The OAIC was informed that all new marketing and data analytics projects are subject to a robust in-house vetting process that involves an assessment of both cyber security and privacy risks. 4.98 The OAIC considers that there is room for improvement in the readability of the policy, and suggests that QFF works with the Qantas Group to review and, where possible, simplify the language of the policy. 3.3 Member registration is conducted online, either directly through the QFF website or through a link on a program partner website. Contester Contravention Repentigny, You need to explain: The objectives of your policy (ie why cyber security matters). 5.6 Prior to the OAIC assessment in May/June 2017, the Qantas Group was already expanding its cyber security governance processes and materials to include increased focus on privacy. Once a SIA is formally underway, its progress is generally informal and collaborative, and may involve the project owner, the DISO, Legal, and any other relevant business units. Some complaints were caused by operator error, for example, passing on details to the wrong recipient. We take active, quality measures to help our members keep safe online and also encourage our members to do what's possible to protect their account and personal Cann Group chief executive Peter Crock says the group has not been able to recover $3.6 million in payments after a cyber fraud. 4.65 Training is conducted through an internal online training database. Queries and access requests are managed on Resolve and are checked daily by customer care managers. Australia's largest domestic and international airline, Qantas, needed a holistic security solution that would not only protect remote workers, but also support its secure access service edge (SASE) initiative. Enhanced security measures for the smaller regional (domestic) cargo shipments in accordance with new Australian requirements. Due to the investments made in resilience, the capability continues to be strengthened through the successful integration of external stakeholders ensuring the Group continues to possess a sophisticated holistic response and recovery system. 4.23 QFF Legal has primary responsibility for advising QFF on privacy compliance matters. The Prime Minister's $230 million Cyber Security Strategy The Australian Crime Commission estimates the annual cost of cyber crime to His appointment as Qantas group CISO was part of a significant revamp of the cyber security function at the airline. Get Qantas Airways Ltd (QAN-AU:ASX) real-time stock quotes, news, price and financial information from CNBC. The Cyber Cooperation Program and Singapores Ministry of Transport has partnered with the Association of Asia-Pacific Airlines, Qantas Group and EY to support the Aviation Cyber Resilience Project, a series of workshops aimed at building cyber capacity in the aviation industry throughout the Asia-Pacific. 4.2 The key findings of the QFF assessment are set out below under the following headings: 4.3 The OAIC has applied its guide, Privacy management framework: enabling compliance and encouraging good practice, to its consideration of the reasonable steps that QFF has taken to address the requirements of APP 1.2. simplifies the notice to enhance readability, changes the title from important information to something that indicates to potential members that the notice relates to the collection of their personal information. 4.101 The OAIC found that the QFF collection notice meets the requirements of APP 5, and that it refers readers to the Qantas privacy policy for further information. Worst Streets In Rochester, Ny, Credit: Qantas Airways Limited. 4.59 QFFs current approach to PIAs and other privacy assessments is collaborative and thorough. 4.17 The OAIC noted that one of the documents contained outdated references to the NPPs that was based on an older OAIC document that was updated in 2014. Incident notifications may come from a variety of channels. 6.3 The scope of this assessment was limited to the consideration of QFFs handling of personal information against the requirements of APP 1 (open and transparent management of personal information) and APP 5 (notification of collection of personal information). The economic contribution of the Qantas Group to Australia in FY 2017. How can I be sure my Frequent Flyer account details are secure? 4.87 Based on the OAICs review of documents and interviews with QFF staff, there appears to be effective privacy safeguards in place for QFFs marketing and data analytics activities. We learned from nearly 12 million ratings that companies with an F are 7.7 times more likely to be impacted by a breach versus those with an A. This is an internal control or risk management issue that may lead to the following effects, Low risk Entity could, as a lower priority than for high and medium risks, take steps to better address compliance with requirements of Privacy legislation. Despite these challenges, our operational safety performance was strong as we maintained a reporting culture where people are confident to report issues without fear and consistent operational performance across all parts of the organisation. 4.33 A network of privacy champions across business units within the Qantas Group, including a dedicated QFF privacy champion, would help to identify and communicate privacy risks, as well as good privacy practices, across the Group. Crisis response is heavily reinforced in staff training and practice exercises, and involves staff at all levels, including the executive. 4.14 Requests to access personal information and privacy queries are also handled through the Customer Care Centre. Our Work Well program drives a coordinated approach to maintaining COVID-safe work environments, ensuring compliance with government restrictions and minimising the risk of transmission of the COVID-19 virus between employees, contractors and passengers during operations. IT Security Specialist, Security Supervisor, Information Security Analyst and more on Indeed.com Cadetship, Cyber Security Jobs in Sydney NSW (with Salaries) 2022 | Indeed.com Australia All employees receive security, privacy, and compliance training the moment they start. These risk management processes allow an entity to identify, assess, treat and monitor privacy risks related to its activities. Darren Argyle (CISM, CISSP) is an accomplished executive with close to 20 years international cyber risk and security experience. -Adam Kinsella, Product Owner for Network, Network Security, Qantas. [7] The Notifiable Data Breaches Scheme, introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017, requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach. Complaints files are assigned priorities, which determine team allocation and due date for response. 3.7 Members personal information continues to be collected at various points throughout their membership, including when they earn and redeem Qantas Points and Status Credits,[6] and when they interact with QFF marketing campaigns. Last month, a group of 24 Qantas workers filed legal action against Qantas in the Federal Court, arguing that the airlines mandatory COVID-19 Across the Qantas Group, we collect, share, use, store and process personal information in accordance with an ever-changing and increasingly complex landscape of both international and domestic laws and regulations. Learn all you how to incorporate ratings insights into workflows throughout your organization. The OAICs Guide to Securing Personal Information may be of assistance in considering reasonable steps to protect personal information. Privacy Amendment (Notifiable Data Breaches) Act 2017, Australian entities and the EU General Data Protection Regulation (GDPR), Big data and privacy: a regulators perspective, Ting (1) This Policy: Defines Victoria Universitys high-level information security requirements based on the ISO 27001:2013 standard, NIST Cybersecurity Framework and other industry best practices, enabling the University to minimize information security risk and efficiently respond to incidents. Sports events, family reunions, mining operations, conferences, incentives and more. Qantas has ordered 20 Airbus A321XLRs and 20 A220-300s narrow jets. Qantas Customer Story. rockhaven homes jonesboro, ga; regular mail or courier citizenship application "Qantas Frequent Flyer uses security protocols to protect our members' accounts, including multi factor authentication, to minimise the impact, if their travel data is accessed or lost by third parties." The program covers both work-related and non-work-related conditions. There are multiple safeguards to prevent and detect this activity and on several occasions over the years we have worked closely with law enforcement to apprehend those involved. 1.3 The assessment found that QFF has taken steps to foster a culture of privacy awareness that treats personal information as a valuable business asset. Specific complaints handling processes are embedded in the complaints handling system. The GCSC also monitors, reviews and enhances the compliance of all cyber risk management systems, policies and procedures, protocols and controls with all relevant laws and regulations. covid 19 flight refund law; destroyer squadron 31 ships; french lullabies translated english; Qantas group security head Steve Jackson has some simple rules for dealing with IT security: Dont panic, dont overstate the risk, and Section 1 - Summary. 4.55 If the project uses or is likely to use personal information, QFF Legal will also consult with the project owner and any relevant staff. The OAIC recommends QFF works with Qantas to continue with the Group-wide implementation of a network of privacy champions, including a dedicated champion within QFF. Qantas keeps relationship with various regional carriers. Together, they fulfil an important requirement of APP 1.2 to implement practices, procedures and systems that ensure compliance with the APPs, as recommended in the OAICs Privacy management framework. TPG Telecom announced on Tuesday it has picked up a five-year deal to handle fixed and mobile voice services for Qantas. June 14, 2022 . Across the Group, we are responsible for handling a substantial amount of personal information. enable the entity to deal with privacy related inquiries or complaints from individuals. High risk Entity must, as a high priority, take steps to address mandatory requirements of Privacy legislation, Immediate management attention is required. Like many large organisations, we operate in an environment of ever-evolving cyber threats, where external attackers are always adopting more sophisticated techniques. The security chief said foreign spy agencies posed a major threat to the privacy of the 40 million passengers flying Qantas each year. Additionally, at the time of the assessment, QFF was conducting a multi-factor authentication pilot with selected members. We encourage our people to report safety and security-related matters, even when they are closely involved and might feel vulnerable to criticism. The OAIC guidance on the GDPR may be found at Australian entities and the EU General Data Protection Regulation (GDPR). In addition, QFFs information security controls should continue to be regularly reviewed and revisited in order to meet constantly evolving ICT risks related to personal information. The DISO regularly briefs both the CEO and Chief Information Officer (CIO), formally and informally. Qantas works closely with the Australian Government and overseas agencies, regulators, law enforcement and its global partners across the industry to proactively monitor and manage threats and risks. The Qantas Group is committed to complying with all applicable laws and regulations, and to conducting business with the highest standards of ethics and integrity. Where privacy complaints are received outside of this process (including by phone or by mail), a file/record is created in the complaints handling system. snoopy happy dance emoji Socio-cultural. However, each of WER and QFF remain solely responsible for communicating with their own members. Checking of all contractors and third parties (such as vendors), including security maturity testing, prior to selection and engagement. The Qantas Group is constantly improving its cyber capabilities as part of its overall data and privacy protection. Qantas Airways Limited ABN 16 009 661 901. 4.81 Program partners are tested for security, IT, and compliance requirements before QFF will agree to a partnership. The Qantas Groups FY21 performance for Total Recordable Injury Frequency Rateimproved compared to the prior year, while our Lost Work Case Frequency Rate was slightly higher. 4.7 A Qantas Group policy registry is kept by the Company Secretariat for all Qantas Group policies. These are the Qantas Group Policies: 1. The General Counsel receives weekly briefings on key issues (including privacy matters) from QFF and on an ad hoc basis as needed. The aviation industry continues to face complex threats from individuals and organisations globally. Marketing campaigns are sent to different member lists. The Qantas Group is constantly improving its cyber capabilities as part of its overall data and privacy protection. 4.4 The OAIC also considered its APP Guidelines, which outline the mandatory requirements of the APPs, how the OAIC will interpret the APPs and matters the OAIC may take into account when exercising functions and powers under the Privacy Act, in the privacy analysis below. Her remit will cover group-wide technology projects as well as Qantas' loyalty business. Was lucky enough to work for the Qantas Group for almost 5 years. The Corporate segment provides centralized management and governance. In Qantas Frequent Flyer and Qantas Business Rewards remain at the core of the program, while the business has evolved to include a number of new ventures and other businesses such as Qantas Money, Qantas Insurance and Qantas Wine. Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. Good privacy risk management informs and triggers changes to practices, procedures and systems to better manage privacy risks. Combining the expenditure of both domestic and international tourists who travel on Qantas and Jetstar, the additional total value added to the Australian economy associated with the role of the Qantas Group in facilitating tourism in FY 2017 is estimated to be $10.7 billion. The OAIC also suggests, due to the varied and complex nature of such assessments, that QFF regularly revisit and revaluate their privacy assessment mechanisms. We take active, quality measures to help you keep safe online and we also encourage our members to do what's possible to protect their account and personal information. For many enterprise organizations, administering risk assessments is the first step in building an effective cyber threat management system. generate consumer insights, which may include combining personal information from third parties or public sources (for example, Census data). At the time, the airline said its new cyber security chief would identify and lead programs to "monitor the emergence of new threats and vulnerabilities, assess business impacts, and drive rapid responses to cyber security events." Project managers are reminded periodically to undertake SIAs for all new initiatives. Staff are required to undertake a SIA at the beginning of a new project to identity any privacy and security risks. Possible reputational damage to the entity, such as negative publicity in local or regional media. 8959 norma pl west hollywood ca 90069. November 3, 2021. The case management lists are checked daily by management to ensure their timely resolution. Cha c sn phm trong gi hng. The card is posted to the members nominated postal address. ProStarSolar > Blog Classic > Uncategorized > qantas group cyber security policy. Qantas in late 2016 began the hunt for a CISO to oversee four Sydney-based reporting teams, leading security strategy across cyber strategy, cyber risk and resilience, security architecture and security operations. However, based on practices at the time of the assessment, there is a medium risk that privacy issues from the various business units will not be communicated effectively through the existing channels. The CHESS has responsibility for strategy, policy, systems oversight, monitoring and corporate governance over operational risks of the Qantas Group. Masar Group. The time taken to resolve complaints depends on their complexity. This commitment to security extends to our executives. As the Security Technology Controller, you will be accountable for day to day operational activities across the physical security team including access, surveillance and alarm monitoring services with a focus on Qantas Group ASIC program compliance. name, email address, phone number). However, the OAIC noted that the policy was complex, and the Flesch-Kincaid test indicated that it would be easily understood by people with an approximate reading age over 25. Information Technology Specialist, 2022 Cloud Graduate Program, Locator and more on Indeed.com As part of the business integrity and compliance function, Qantas is Cyber security (particularly in terms of data protection) The program will be implemented during financial year 2017/18. As an airline, safety is core to all that we do. The Qantas Loyalty segment specializes in customer loyalty recognition programs. Legal Matter Policy; 8. 4.26 Additionally, QFF has entrusted specific teams with responsibility for various governance and privacy management functions, namely QFF Information Security, headed by the Data and Information Security Officer (DISO), and the Insights team, headed by the General Manager of QFF Insights. The Qantas Group continues to support key external initiatives under the Australian Governments Cyber Security Strategy, the voluntary ASX100 Cyber Health Check, and joint Commonwealth and private sector meetings, including the inaugural Australia-United States Cyber Security Dialogue to discuss ways to collaborate on better security outcomes. Like many large organisations, we operate in an environment of ever-evolving cyber threats, where external attackers are Only Qantas approved Users may use Qantas Information Technology systems, and must do so in accordance with the law and Qantas Policies, including the Information Technology Group Policy. Complying with Qantas Group and other Policies Security begins on day one here. See the quantity and duration of malware infections, along with other factors influence the overall assessment of an organizations IP Reputation. Upgrade my browser. The OAIC also notes that Qantas Group intends to create a network of privacy champions, co-ordinated through the Group Privacy Officer. In 2020, security breaches cost businesses an average of $3.86 million, but the cost of individual incidents varied significantly. QFF provides reasonable and adequate notifications to users of its services (QFF members) when collecting personal information (APP 5). Cyber fraud techniques evolve into confidence trick arms race. 6.8 The assessment involved the following: 6.9 The OAIC publishes final assessment reports in full, or in an abridged version, on its website. We comply with government and regulatory agencies to integrate risk strategies through a holistic approach ensuring a robust framework is in place to counter any crisis management, contingency planning and business continuity event. Continuing Qantas collaboration with the Australian Government on cyber security to proactively monitor emerging threats, and to enhance the protection of our people, customers and assets. Manager, Qantas Group Cyber Security Centre @ Qantas Manager of Cyber Security Operations and Services @ Qantas Director of Security Services @ Accesshq see more Principal Security Consultant - Wealth @ Anz Principal Security Consultant @ Redcore Pty LTD Executive Manager and General Manager, Es Service Security @ Commonwealth Bank Head of Security Assurance Services @ Westpac [1] The Point of Loyalty, For Love or Money 2017, viewed 9 January 2018, The Point of Loyalty website. 4.71 During the assessment, the OAIC was advised of the security controls applied to QFFs systems. He is currently in the role of Group Chief Information Security Risk Officer at Standard Chartered Bank, based in Singapore with a global scope. 4.99 APP 5 requires APP entities that collect personal information about an individual to take reasonable steps either to notify the individual of certain matters (listed in APP 5.2) or to ensure the individual is aware of those matters. The Group Policies apply to Qantas Group entities and employees in line with the Groups Corporate Governance Framework. If a privacy complaint must be escalated, the corporate liaison manager reports the complaint to the Customer Care Manager who then reports it to Group Legal. The cyber safety of Qantas Frequent Flyers is a priority for us. A clean desk policy, and non-permanent seating arrangements, necessitating that all personal and confidential items be stored in secure staff lockers. The most important thing is clarity. Additionally, there are contractual terms in place, which stipulate that only QFF may contact its members in relation to a program partner. Read about our approach to risk management. Remote access is restricted to a needs-only basis. 2.2 When entities undertake data analytics that involve personal information, they must comply with the requirements of the Privacy Act 1988 (Privacy Act). Executive Summary. As part of the business integrity and compliance function, Qantas is Cyber security (particularly in terms of data protection) The program will be implemented during financial year 2017/18. Year founded 1920 Employees 20.6K Qantas Airways is an airline that provides the transportation of customers using Qantas and Jetstar brands. To do this, they must give Woolworths their QFF membership number so that Woolworths can arrange for the Qantas Points to be awarded. All projects require sign-off by Legal and staff are encouraged to approach them early in the process. 4.66 As a part of Qantas financial and corporate governance reporting requirements, the Group Audit Team regularly checks the QFF training logs, which are managed by the Qantas Human Resources Department. [10], 4.95 APP 1.4 contains a prescriptive list of information that an APP entity must include in its privacy policy,[11] as well as a list of other information that could be included, depending on the circumstances of the entity, to describe how the entity manages personal information.[12]. Some projects may be subjected to this process multiple times. 4.24 Qantas Group General Counsel reports to the Qantas Group Chief Executive Officer (CEO). Cyber Security Policy; 5. QFF advised that this trial was being expanded and QFF would eventually roll out multi-factor authentication to all members. Additionally, the DISO sends a monthly cyber update email to QFF staff to reiterate the importance of good privacy practices and current threats. 4.97 Additionally, while the policy identifies that Qantas collects information about dietary requirements and health issues, this is not specifically identified as sensitive information. 4.61 The OAIC has published the Guide to undertaking privacy impact assessments, which may be of assistance to QFF in considering future PIAs. The OAIC recommends that QFF continues to build the profile of privacy across the Group by: 4.36 QFF follows the Qantas Group risk management practices, policies and procedures. If staff clicked the enclosed link, they were redirected to a notification page informing them that they had failed a phishing test. 3.4 Registration involves collecting a variety of personal information from individuals, including: 3.5 Following registration, members receive a membership number, confirmation email, and a membership pack including a QFF card. Join Qantas Frequent Flyerorsubscribe to Red Email today. We ensure the safety and welfare of our people, the protection of our reputation and the maintenance of critical services. 4.29 At the time of this assessment, neither QFF nor Qantas Group had a dedicated privacy officer, although there were plans to create such a role. Multi-factor authentication of member accounts. These recommendations are set out in Part 5 of this report. Staff must complete the test with a 100% pass rate. Beware of fake websites. Assessment undertaken: MayJune 2017 Draft report issued: 9/10/2018 Final report issued: 30/6/2019. There have been a very small number of privacy-related complaints in the past three years. Though the extent of involvement may vary by role, security is everybodys responsibility at Workday. It would be unlikely that all of the Qantas Group 22,000 employees are exposed or create the same level of risk to COVID-19. It is understood neither Qantas Airways nor Virgin Australia Holdings has a separate cyber-security insurance policy but both have multi-layered security precautions in CHESS also has oversight of risks associated with regulatory compliance. 4.11 QFF complaints are received centrally through the Qantas customer care centre by phone or online and are directed to the relevant customer care teams. During the pandemic, our Wellbeing program expanded from a focus on traditional areas of health and wellbeing physical health, nutrition, sleep, exercise and mental health to include financial wellbeing, healthy relationships and digital wellbeing. contact details (postal address, mobile number and email address), APP 1.2 implementing practices, procedures and systems, ensure that the entity complies with the APPs; and. However, one current exception is QFFs partnership with Woolworths, as Woolworths Everyday Rewards (WER) members may opt-in to earn Qantas Points as their reward under the WER program, automatically converting WER points they earn when shopping at Woolworths into Qantas Points. This includes aviation safety, WHS, environment, security (including cyber security) and business resilience matters. provide and operate competitions, promotions and events, distribute newsletters and other communications either directly or through a third party, facilitate participation in Qantas and program partner loyalty programs, conduct marketing activities for Qantas or third party products and services (the collection notice states that this is one of the primary purposes of QFF), conduct market and other research to improve Qantas products, services and marketing activities. With the assistance of the Qantas Group Cyber Security Centre, the website was detected not long after it was built and we have worked with the internet service provider to take it down. The OAIC has not identified any privacy risks based on the assessment scope and the above-mentioned observations. 4.79 Most marketing communications sent by QFF are customised. Enterprise security management (ESM) issues directly revolve around the management of Qantas group itself. Renewed security awareness training for all employees and contractors, Renewed freight security training for all freight employees and contractors, Enhancing the relationship between the Group and Australian Federal Police (AFP) Air Security Officers, Collaborating with overseas regulators and airport authorities to enable the resumption of international operations, Participating in the governments review of the Australian security regulatory framework.