ACCC: Telstra IT Systems Remediation Program Completed
Telstra has completed its structural separation undertaking (SSU) information security remediation program, the Australian Competition and Consumer Commission (ACCC) has advised.
Implementing structural separation through the migration of Telstra’s fixed line voice and broadband services to the NBN, the ACCC had accepted Telstra’s SSU and migration plan in February 2012.
The ACCC today advised that the telco had completed “a wide-ranging IT systems remediation program” to comply with its SSU obligations.
“The ACCC is pleased that Telstra’s long-running project to achieve compliance with its SSU has concluded,” ACCC chairman Rod Sims commented.
Telstra had reported a series of information security issues under its mandatory compliance obligations following the 2012 commencement of the SSU relating to a commitment to ensure sensitive wholesale customer information is not disclosed to its retail businesses.
The issues had mostly arisen “due to Telstra’s legacy IT systems not being designed to deliver the outcomes required by the SSU”, the ACCC advised, with Telstra subsequently undertaking the remediation program.
Ovum had been engaged by the ACCC as an independent expert consultant to conduct a thorough review of the project, with Telstra having advised in early 2015 that it had remediated its IT systems.
While Ovum, which initially reviewed a sample of remediated IT systems, was satisfied with the inquiries it was able to make into the systems, it had identified some minor remaining information security issues within some of the sampled systems, with Telstra subsequently conducting a further “due diligence” review of the project.
Ovum had concluded in February of this year that, despite the emergence of a small number of outstanding issues, Telstra’s remediation approach was appropriate considering the scale of the project, with Telstra having since advised that it has completed all tasks associated with the project.
“The ACCC is now satisfied that Telstra’s SSU reporting measures can be relied on to identify any further information security issues, should they arise,” Sims commented.