MTAA Super - Information security review and implementation strategy

Back

Implementation strategy creation for robust security enhancements and adaptive protection policies

Client

MTAA Super

Services

Solution Architecture

Year

2020

Increasing frequency, sophistication and impact of cyber security attacks on the financial sector created increased awareness for strong information security controls in Australia. In June 2019, the independent regulatory authority for Australian superannuation institutions, the Australian Prudential Regulation Authority (APRA), released new guidelines for information security for all institutions within its purview. Pragma were engaged by MTAA Super to undertake a review of MTAA’s current Information Security Controls and develop an implementation strategy to enhance those controls to meet the APRA standard.

Pragma worked closely with MTAA Super stakeholders to review and assess current state information security controls, forming a baseline of knowledge to build upon. These baseline controls were then compared against APRA guidelines, enabling Pragma to evaluate the differences and formulate a suite of enhancements for implementation.

Pragma’s implementation strategy for enhancements utilised an agile approach. A strategic roadmap was developed in collaboration with MTAA stakeholders balancing business value, urgency and impact to inform the prioritisation of each enhancement. Enhancements were then added to a backlog for implementation.