A contrite Australian Tax Office says it has learnt from its mistakes, which in the part have seen it ruled to have insufficient protection against external threats.
It has improved its governance framework, strengthened its contracts with its suppliers to ensure compliance with cyber guidelines, refreshed its cybersecurity strategy, and introduced a program to make its systems more resilient, according to executive minutes published late last week.
The Tax Office was named by the Australian National Audit Office in March last year for having insufficient protection against external threats. Along with the Department of Immigration and Border Protection, it was ruled to have complied with only two of ANAO’s top four mandatory strategies for government agencies.
“The ATO needs to ensure greater conformance to processes for estimating and monitoring project costs, savings and benefits; to provide transparency about the net benefits of programs; and support decisions about the commencement, continuation, resourcing and direction of projects,” the ANAO said at the time.
