Your use of these systems may be monitored and investigated to ensure compliance with the law and Qantas Policies. As part of the business integrity and compliance function, Qantas is Cyber security (particularly in terms of data protection) The program will be implemented during financial year 2017/18. The visibility gained from these assessments provides insight that helps guide high-level cybersecurity decisions, making them a valuable asset for organizations of all sizes. 4.15 The majority of corrections to personal information are completed by members themselves using the self-service facilities online, however, corrections may also be processed by telephone via an interactive voice system (where the member keys in their PIN) or manually via the QFF Service Centre (QFFSC) staff. Project managers are reminded periodically to undertake SIAs for all new initiatives. SecurityScorecard collects billions of signals each week, helping organizations see risks, get more actionable information, and respond faster to keep up with threat actors. The OAIC recommends that QFF develops and implements a PMP that sets out specific goals and objectives for its privacy management with consideration of the specific issues that apply to its operations. The Group has continued to deliver safe aircraft operations through programs such as: The safety and wellbeing of our customers and people is our highest priority. 5.3 QFF is working with Qantas to develop a Privacy Management Plan to augment its well-established privacy policies and procedures. CIOs and CSOs who need to present security issues to their board need to leave acronyms at the door, use PowerPoint presentations and tell stories, according to GPT Group CIO Greg Baster. 4.51 The Qantas crisis management plan and its various supporting documents serve as a data breach response plan. Qantas EpiQure,[5] Qantas Money, etc). Additionally, QFF has developed a number of business unit specific policies and documents, including the QFF APP 5 collection notice, various QFF training materials and documents, and the QFF terms and conditions. Protection from these attacks and the potential financial and public reputation implications associated with unauthorised access to the information we hold is key. Case Studies - Qantas Customer Story. The policy is dated to reflect when it was last reviewed. We take active, quality measures to help our members keep safe online and also encourage our members to do what's possible to protect their account and personal Cann Group chief executive Peter Crock says the group has not been able to recover $3.6 million in payments after a cyber fraud. The OAIC also suggests, due to the varied and complex nature of such assessments, that QFF regularly revisit and revaluate their privacy assessment mechanisms. 4.34 The OAIC notes that the charter document for the GCSC primarily focuses on cyber risks and their management and does not specifically refer to privacy. It is understood neither Qantas Airways nor Virgin Australia Holdings has a separate cyber-security insurance policy but both have multi-layered security precautions in CHESS also has oversight of risks associated with regulatory compliance. What your policy needs to cover. General Qantas Group IT users cannot access data in QFF systems unless they have QFF authorisation. Staff must complete the test with a 100% pass rate. Understand how diligently a company is patching its operating systems, services, applications, software, and hardware in a timely manner. qantas group cyber security policy. 4.85 For this assessment, the OAIC considered that QFFs APP 1 privacy policy and APP 5 collection notice adequately describe how a members personal information may be used for marketing and data analytics purposes. 4.18 Good privacy management requires the development and implementation of robust and effective internal policies, practices, procedures and systems that ensure the handling of personal information is in line with QFFs privacy obligations. As part of the membership to the program, the entity operating the loyalty program can collect data about members and their purchasing activities. 4.54 All new projects require a security impact assessment (SIA), and staff have access to the relevant form on the Qantas Intranet. Symphony Communication Services Holdings LLC. Complaints files are assigned priorities, which determine team allocation and due date for response. Get Qantas Airways Ltd (QAN-AU:ASX) real-time stock quotes, news, price and financial information from CNBC. Qantas Legal developed this privacy training. Additionally, QFF works to internationally certified standards, including ISO and ISF. Legal Matter Policy; 8. This is known as the crown jewels directory, and is owned by the QFF DISO. This was a difficult program of work that required careful planning and scheduling. 4.52 The OAIC encourages Qantas to continue its current practices for testing and reviewing its crisis management plan in the context of a data breach. CISAs Role in Cybersecurity. The GMC reports to the Board. The communications are then matched to member personal information by a separate team. Join Qantas Frequent Flyerorsubscribe to Red Email today. Upgrade your web browser for an enhanced experience. The Cyber Cooperation Program and Singapores Ministry of Transport has partnered with the Association of Asia-Pacific Airlines, Qantas Group and EY to support the Aviation Cyber Resilience Project, a series of workshops aimed at building cyber capacity in the aviation industry throughout the Asia-Pacific. There are multiple safeguards to prevent and detect this activity and on several occasions over the years we have worked closely with law enforcement to apprehend those involved. June 14, 2022 . It will compile threat forecasts and geopolitical assessments for airline safety/security committees, up to Board level, and will lead the Qantas Londons Heathrow airport last year outlined plans for a 50m project to implement The Qantas Group continues to support key external initiatives under the Australian Governments Cyber Security Strategy, the voluntary ASX100 Cyber Health Check,and joint Commonwealth and private sector meetings, including the inaugural AustraliaUnited States Cyber Security Dialogue to discuss ways to collaborate on better security outcomes. The time taken to resolve complaints depends on their complexity. In ever-increasing times of uncertainty, the resilience of an organisation plays a significant role in effectively meeting market demands and supporting the delivery of strategy. Credit: Qantas Airways Limited. Members are required to undergo a telephone identity check and staff follow a security procedure and checklist to guide them through the process. [10], 4.95 APP 1.4 contains a prescriptive list of information that an APP entity must include in its privacy policy,[11] as well as a list of other information that could be included, depending on the circumstances of the entity, to describe how the entity manages personal information.[12]. 4.55 If the project uses or is likely to use personal information, QFF Legal will also consult with the project owner and any relevant staff. Cyber Security Consultant at Qantas Group Greater Melbourne Area 500+ connections. Like many large organisations, we operate in an environment of ever-evolving cyber threats, where external attackers are always adopting more sophisticated techniques. Please refer to Qantas Group Policies available on the Qantas Intranet or from your manager or people representative for details. [3] QFF is run by Qantas Loyalty, a business unit within Qantas Airways Limited (Qantas). [10] The Flesch-Kincaid test used to assess the readability of Qantas privacy policy can be accessed at The Readability Test Tool. Additionally, after the assessment fieldwork, QFF informed the OAIC that GCSC has since been renamed the Cyber Security and Privacy Committee. 4.63 Staff are required to undertake a thirty-minute online privacy training course, which summarises the law and includes a series of randomly generated series of test questions. Multi-factor authentication of member accounts. We are at the forefront of improving security outcomes for customers and employees by operating within a security framework that is proportionate, agile and responsive to changing threats and risks across our network. Staff complete the training at induction and then every three years. The Qantas Group Security Management System aims to increase security awareness through continuous improvement of security processes and enhancing the security culture across the Group (Qantas Sustainability Review, 2015). 4.26 Additionally, QFF has entrusted specific teams with responsibility for various governance and privacy management functions, namely QFF Information Security, headed by the Data and Information Security Officer (DISO), and the Insights team, headed by the General Manager of QFF Insights. The shark tank proceedings are not recorded. The Qantas Loyalty segment specializes in customer loyalty recognition programs. Qantas Frequent Flyer then uses this and other information collected at various points throughout their membership, including when members earn and redeem Qantas Points and their interactions with marketing campaigns, to analyse member behaviours and identify target members for marketing campaigns. 4.65 Training is conducted through an internal online training database. The Group Policies apply to Qantas Group entities and employees in line with the Groups Corporate Governance Framework. However, as with the privacy policy, the language used in the notice is complex, and may be difficult for some readers, who are younger or with a lower literacy level, to understand. Our company cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. 3.8 QFF stores data in a separate, partitioned section of the Qantas Group IT Environment. Cyber fraud techniques evolve into confidence trick arms race. Her remit will cover group-wide technology projects as well as Qantas' loyalty business. [1] The Point of Loyalty, For Love or Money 2017, viewed 9 January 2018, The Point of Loyalty website. Additionally, there are contractual terms in place, which stipulate that only QFF may contact its members in relation to a program partner. 4.80 Qantas Frequent Flyer does not permit access to, or disclosure of, members personal information to any of its program partners and is solely responsible for all communication with its members in relation to program partner products and benefits.