Cyber Security – Information
More than ever, organisations are vigilant to protection from cyber-attacks. Organisations need to be proactive in identifying and mitigating the risk to personally identifiable information (PII), security and corporate reputation posed by unauthorised access arising from cybersecurity breaches, and/or administrative and human error.
Increasing compliance obligations require strict controls and processes to be established.
Determine the strategy to enforce cyber security controls & maintain governance
- The recent cyber-attacks which resulted in the unauthorised disclosure of the personal information of millions of Australian customers, is a timely reminder to all Australian organisations of their statutory obligations to prevent and report cyber security attacks.
- These incidents have highlighted the need for robust, top-down board governance over organisational data and information. These attacks have also demonstrated the requirement for organisations to invest significantly in cyber-attack prevention, detection, and response.
- Cyber-security governance initiatives provide a disciplined framework for organisations to establish the right people, processes, policies, and metrics to oversee enterprise information and add value to the business. Companies that effectively leverage their information assets will drive business innovation and profitability. It is certainly no secret that managing information well is critical for business success.
- Astral draws on our extensive information security and governance knowledge to define the strategic cyber-security direction for an organisation. This takes into consideration many factors (e.g. industry, size, risk appetite) and includes the definition of an implementation plan that is aligned with the organisation’s risk exposure.
Establish controls to meet your information & data-related SOCI obligations
- With the full package of reforms to the Security of Critical Infrastructure (SOCI) Act 2018 now implemented, there are greater obligations on Australian critical infrastructure providers. Coverage now extends to 11 industry sectors and 22 asset classes. Financial penalties apply for non-compliance.
- Part of the responsibilities of designated providers is to provide (and maintain as current) key operational information, adhere to strict (short timeframe) cyber security notifications, and, in the event of an incident, provide access to systems, information & data.
- Astral can help organisations to:
- Work through your SOCI obligations as they relate to information & data,
- Define an approach that will establish the necessary controls as they relate to information/data management & governance, and
- Establish the rigour and processes to ensure compliance on an on-going basis.
Determine your organisation’s PII risk rating
- Organisations are recognising the increasing risk to personally identifiable information (PII), security, and corporate reputation posed by unauthorised access arising from cybersecurity breaches, and/or administrative and human error.
- Additionally, the anticipated changes to Privacy and data protection laws to align with global standards, such as GDPR, are expected to increase compliance requirements and individual rights over the management of their personal information.
- Astral are EIM specialists with extensive knowledge of the Privacy data compliance obligations
- Astral will:
- Perform an assessment of the organisation’s PII risk exposure, and
- Define an approach to remediate risks in the short term, and to ensure ongoing improvement of PII governance and management capability.
- The PII Risk Assessment will be performed in alignment with your organisation’s risk management framework, and identify the appropriate mitigation actions.
Define a Plan to address the identified PII risks
- Following the assessment of an organisation’s PII risk rating, the next step is to determine what actions are required in the short, medium and long term to mitigate the risk, and reduce the overall risk rating on an on-going basis.
- Astral will prepare a PII Strategy & Implementation Plan that outlines all the streams of work based on risk rating, that takes into consideration business priority and available resources.
- The PII Strategy & Implementation Plan will contain:
- The strategic directions for the improvement of PII management in line with Astral’s Privacy Management Framework,
- The key objective and target state for each of the core framework components (Governance, Capability, Systems, and Process), and
- The implementation approach to deliver the required initiatives, with clear delineation between immediate and longer-term requirements.
- Astral utilises industry leading file analysis tools to interrogate repositories of information and remediate the necessary data, in alignment with agreed business rules.
Set the standard for how PII is managed across the organisation
- Faced with ever increasing responsibilities for the management of privacy data, organisations need to define an approach that outlines how they will meet their compliance obligations under the Australian Privacy Act 1988 (including the Australian Privacy Principles).
- Astral collaborates with organisations to define a Privacy Management Plan that describes how PII is created and collected, used and accessed, secured and stored, & retained and disposed of.
- This approach helps to set the standard for PII management by which the different business functions must comply.
- Astral can work with your organisation’s privacy & compliance functions to uplift the team’s capabilities through mentoring and knowledge transfer. This is increasingly important with the anticipated changes to the Privacy legislation.
Manager, Information Services – Australian Department of Prime Minister & Cabinet Agency
Integrated eSignature Solution
Our customer, one of the largest Energy producers, distributers and retailers in Australia fulfils the energy requirements to excess of 50,000 commercial customers. Prior to the implementation of Astral’s Digital Contracts solution the execution of the contract between the supplier and customer was one of the biggest bottlenecks in the engagement process.
In one month there were 3,300 opportunities up for renewal and because of the lengthiness of the CRM retention process the sales team was unable to contact all customers in a timely manner. Other challenges were inefficient processes, complex hierarchy and navigation across applications, disparate content sources resulting in mismanagement of contracts, high volume of back log reducing customer focus and a contract signing process that was frustrating and inconvenient for customers to print, sign, scan and email the offer pack.
The eSignature solution leverages xECM capability from OpenText to build a solution that delivers greater value and ROI across SAP CRM, OpenText Content Server and DocuSign. What differentiates this solution is that it leverages all three product functionalities with the value being delivered through the automation of the business processes across all components.
- Simplified Process, reducing from 39 to 4 clicks with an average 80% reduction in processing time.
- Improved Customer Experience enabling customer to complete processes on the go.
- Time saved in validating customer and contract with validation & auditing managed in DocuSign, delivering a reduction in handling time.
- Reduction in Sales Team Re-Work due to expired contracts.
- Improved searching and locating contracts, reducing time from 4 – 5 min to less than a minute.