qantas group cyber security policy qantas group cyber security policy

The program covers both work-related and non-work-related conditions. Qantas group security head Steve Jackson has some simple rules for dealing with IT security: Dont panic, dont overstate the risk, and Section 1 - Summary. How do you quantify cyber risk management? Oracle will provide its Siebel Loyalty Management platform to the airline so it can better manage its 7 million members. Cyber Security Policy; 5. The OAIC recommends QFF works with Qantas to continue with the Group-wide implementation of a network of privacy champions, including a dedicated champion within QFF. 2.3 In the 2014/2015 financial year, the OAIC assessed two leading loyalty programs in Australia. This Code sets out expectations for how we act, solve problems and make decisions. New Restaurants In Perrysburg Ohio, We ensure the safety and welfare of our people, the protection of our reputation and the maintenance of critical services. Incident notifications may come from a variety of channels. highlights the QFF/Woolworths relationship. Our Fly Well program included a number of temporary and existing wellbeing measures to safeguard travel during the pandemic, to give our customers peace-of-mind at each point of their journey across our Australian domestic, trans-Tasman and international networks. 4.79 Most marketing communications sent by QFF are customised. There is ongoing investment to improve the resources, processes and technology that will support the Group to effectively address the volumes of personal information that we manage, and to meet both intensifying regulatory requirements and individuals rising expectations regarding fair, ethical and responsible data use. Cybersecurity 'gaps' exposed by hacks, paper says - as it happened The business resilience framework assists the Qantas Group in the preparation for, and recovery from, adverse incidents affecting the business and our interests. 4.10 Whilst all QFF personal information is stored in Australia, QFF use several offshore customer service centres. 4.59 QFFs current approach to PIAs and other privacy assessments is collaborative and thorough. 4.20 At the time of the assessment, QFF did not have an overall policy document for meeting its goals for managing privacy. Upgrade my browser. The Qantas Group is constantly improving its cyber capabilities as part of its overall data and privacy protection. 4.51 The Qantas crisis management plan and its various supporting documents serve as a data breach response plan. Section 1 - Summary. To safeguard members personal information, QFF have implemented measures, such as overseas contract staff background checks and provisions in employment contracts related to the handling of personal information. To do this, they must give Woolworths their QFF membership number so that Woolworths can arrange for the Qantas Points to be awarded. We pay our respects to the people, the cultures and the elders past, present and emerging. Good privacy risk management informs and triggers changes to practices, procedures and systems to better manage privacy risks. Together with our government and industry partners, some of the key security improvements in FY22 were: Like most industries, the aviation sector is dependent on data, systems and networks and we take our customers trust in the security of their personal data seriously. This includes aviation safety, WHS, environment, security (including cyber security) and business resilience matters. qantas group cyber security policy Villanova University Salary Bands, 4.86 The OAIC suggests that QFF continues to regularly review its APP 1 privacy policy and APP 5 collection notice to ensure they adequately explain the use of a members personal information, especially if the nature and scale of QFFs marketing and data analytics activities changes. However, each of WER and QFF remain solely responsible for communicating with their own members. Qantas Frequent Flyer and Qantas could also consider using graphics, videos and other digital formats as a way of clearly communicating to its members how it handles personal information. The Prime Minister's $230 million Cyber Security Strategy The Australian Crime Commission estimates the annual cost of cyber crime to His appointment as Qantas group CISO was part of a significant revamp of the cyber security function at the airline. Join Qantas Frequent Flyerorsubscribe to Red Email today. Members may also call the customer care centre and centre staff will register the member. Coles flybuys and Woolworths Rewards: what is the price of loyalty? Flexible Fare options. [4] For a current list of program partners, see the Earn Qantas Points page. Likely breach of relevant legislative obligations (for example, APP, TFN, Credit) or not likely to meet significant requirements of a specific obligation (for example, an enforceable undertaking), Likely adverse or negative impact upon the handling of individuals personal information, Likely violation of entity policies or procedures. The Qantas Group continues to support key external initiatives under the Australian Governments Cyber Security Strategy, the voluntary ASX100 Cyber Health Check,and joint Commonwealth and private sector meetings, including the inaugural AustraliaUnited States Cyber Security Dialogue to discuss ways to collaborate on better security outcomes. QFF utilises this document in conjunction with a number of its own risk management documents and strategies. [7] The Notifiable Data Breaches Scheme, introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017, requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach. Core Qantas Group policies are reviewed annually, and if any changes are made, they require approval of the Qantas Board (the Board). Within this Group-wide plan, there are business unit specific plans, which are owned by key senior staff in each group. Paula Searle - Qantas Group Cyber Security Awareness and - LinkedIn review of relevant policies and procedures provided by QFF, an analysis of QFFs APP 1 privacy policy. Information Technology Specialist, 2022 Cloud Graduate Program, Locator and more on Indeed.com The Main Types of Security Policies in Cybersecurity. These recommendations are set out in Part 5 of this report. Our Code of Conduct is the ultimate guide for how we do things at Commonwealth Bank. Management of personal information Qantas Frequent Flyer By continuing to use this system you confirm your acceptance of the above. 4.12 All customer complaints, including QFF privacy complaints, are managed through a case management system, which enables staff to monitor all complaints received and their status. 8959 norma pl west hollywood ca 90069. Safety | Qantas US CISAs Role in Cybersecurity. 4.14 Requests to access personal information and privacy queries are also handled through the Customer Care Centre. Swot Analysis Of Qantas Group - 1205 Words | Bartleby 4.1 This part of the report sets out the OAICs observations, the privacy risks arising from these observations, followed by suggestions or recommendations to address those risks. All relevant materials have been updated and the Qantas Group continues to manage both the data privacy and data security risks in a coordinated way. 4.39 The QFF CEO is ultimately responsible for business risks (including privacy risks), and the QFF finance manager has responsibility for the QFF risk profile. Automated reminders are sent to staff who have not completed their mandated refresher or induction training, and to their managers. QFF and the Qantas Group work to produce a co-ordinated response. Due to this assessments scope, the OAIC did not consider most of these controls in detail. 4.48 The response triggered by an incident notification will depend on the nature and severity of the incident. This button displays the currently selected search type. 4.82 Third parties may sometimes be used for undertaking data analytic activities (such as providing aggregated insights). Beware of fake websites. High risk Entity must, as a high priority, take steps to address mandatory requirements of Privacy legislation, Immediate management attention is required. 4.7 A Qantas Group policy registry is kept by the Company Secretariat for all Qantas Group policies. Matt Biber's email & phone | Qantas's Manager, Qantas Group Cyber Like many large organisations, we operate in an environment of ever-evolving cyber threat, where external attackers are always adopting new and more sophisticated techniques. 4.68 To further raise awareness of cyber security and privacy issues, staff are sent a weekly Friday Flyer email, which often contains information about how to avoid phishing scams and current privacy threats. The DISO assesses the security implications of the project and considers mitigation strategies for cyber security risks. Our commitment to a healthy, safe and secure environment for our people and customers. This privacy champions network will result in Qantas training staff to perform this key privacy role in each business unit to coordinate privacy matters across the different business units and report these issues to senior management. 4.66 As a part of Qantas financial and corporate governance reporting requirements, the Group Audit Team regularly checks the QFF training logs, which are managed by the Qantas Human Resources Department. CHESS also has oversight of risks associated with regulatory compliance. [9] Office of the Australian Information Commissioner (OAIC), Big data and privacy: a regulators perspective, viewed 26 September 2017. TPG Telecom announced on Tuesday it has picked up a five-year deal to handle fixed and mobile voice services for Qantas. Welcome to Qantas Group Travel. 4.87 Based on the OAICs review of documents and interviews with QFF staff, there appears to be effective privacy safeguards in place for QFFs marketing and data analytics activities. The recent increase in oil prices has been a threat for the aviation sector's success. Qantas has ordered 20 Airbus A321XLRs and 20 A220-300s narrow jets. The GBRMS relies on a number of subsidiary documents including the airlines risk management framework, known as Qantas Group Risk Assessment Guide (QRAG), the Group crisis management plan, and other documents, including business unit specific documents such as the QFF risk and resilience framework. Additionally, the DISO sends a monthly cyber update email to QFF staff to reiterate the importance of good privacy practices and current threats. Challenges. Cyber Security Policy; 5. Marketing campaigns are sent to different member lists. Qantas is experiencing an extremely competitive market as the government strengthens the security laws for internationally and domestically which has led to huge drop in passenger number. The Qantas Groups FY21 performance for Total Recordable Injury Frequency Rate and Lost Work Case Frequency Rate both improved compared to the prior year. It covers the occupational lifecycle from recruitment, ensuring that employees have optimal health, as well as any necessary accommodations and support. Manager, Qantas Group Cyber Security Centre @ Qantas Manager of Cyber Security Operations and Services @ Qantas Director of Security Services @ Accesshq see more Principal Security Consultant - Wealth @ Anz Principal Security Consultant @ Redcore Pty LTD Executive Manager and General Manager, Es Service Security @ Commonwealth Bank Head of Security Assurance Services @ Westpac When you're managing the travel needs of multiple people, we understand the size of the group can often change. Additionally, QFF has developed a number of business unit specific policies and documents, including the QFF APP 5 collection notice, various QFF training materials and documents, and the QFF terms and conditions. Specifically, the assessment examined whether: 6.4 Where the OAIC identified privacy risks and considered those risks to be high or medium risks, according to OAIC guidance, the OAIC made recommendations to QFF about how to address those risks. The Group is committed to raising awareness of our privacy compliance obligations and to manage our privacy risk by implementing a culture that considers privacy by design as a default position when handling personal information. Due to the investments made in resilience, the capability continues to be strengthened through the successful integration of external stakeholders ensuring the Group continues to possess a sophisticated holistic response and recovery system. The OAICs Guide to Securing Personal Information may be of assistance in considering reasonable steps to protect personal information. Over the past year, the return of domestic and international travel as borders reopened required a similar program of work to return our aircraft to the skies, including a focus on training for crew and support employees. 4.80 Qantas Frequent Flyer does not permit access to, or disclosure of, members personal information to any of its program partners and is solely responsible for all communication with its members in relation to program partner products and benefits. Privacy related matters will also be raised during short stand-up meetings, where staff consult each other or offer suggestions on different matters and projects. The shark tank proceedings are not recorded. Darren Argyle (CISM, CISSP) is an accomplished executive with close to 20 years international cyber risk and security experience. If the staff member attempts the training but does not receive a 100% pass rate, training is not marked as completed and the online training system will continue to remind the staff member to complete the training. Qantas Groups policies and business practices over the next 12 months. We monitor global developments in governance, laws and business practices, and work collaboratively across our global footprint to ensure we continue to meet these standards. The card is posted to the members nominated postal address. Further detail on this approach is provided in Chapter 7 of the OAICs Guide to privacy regulatory action. It will compile threat forecasts and geopolitical assessments for airline safety/security committees, up to Board level, and will lead the Qantas Londons Heathrow airport last year outlined plans for a 50m project to implement The Qantas Group continues to support key external initiatives under the Australian Governments Cyber Security Strategy, the voluntary ASX100 Cyber Health Check,and joint Commonwealth and private sector meetings, including the inaugural AustraliaUnited States Cyber Security Dialogue to discuss ways to collaborate on better security outcomes. simplifies the notice to enhance readability, changes the title from important information to something that indicates to potential members that the notice relates to the collection of their personal information. Whether travelling for business or leisure, we understand that every group has unique travel needs; and that's why we offer a range of benefits available exclusively to group travellers to help make your customers journey a seamless one. The Main Types of Security Policies in Cybersecurity Management attention is suggested. [10] The Flesch-Kincaid test used to assess the readability of Qantas privacy policy can be accessed at The Readability Test Tool. This means that the policy may be too complex for some readers, who are younger or who have a lower literacy level, to understand, and this could affect some QFF members. PDF Operating Responsibly and Transparently - Qantas You need to explain: The objectives of your policy (ie why cyber security matters). Additionally, where new practices evolve, the OAIC suggests that these practices, and the reasons behind them, are appropriately documented. During 2021, the Group was vocal in its support of legislation that will enhance these efforts in future. Threat prevention may be hard to compute, but Forrester Consulting has done the work or you. Furthermore, crises are reviewed after resolution to determine the cause of the incident and whether it was preventable. The Qantas Group online Privacy Statement includes a link to a feedback form that is pre-populated to classify the matter as privacy related. In 2020, security breaches cost businesses an average of $3.86 million, but the cost of individual incidents varied significantly. This includes aviation safety, WHS, environment, security (including cyber security) and business resilience matters. Enjoy a choice of fares to match your customers budget in Economy, Premium Economy, Business and First; with flexible conditions unique to group travel. When expanded it provides a list of search options that will switch the search inputs to match the current selection. Like many large organisations, we operate in an environment of ever-evolving cyber threats, where external attackers are always adopting more sophisticated techniques. 4.90 For more information about relevant key concepts when considering data analytics and privacy, and how the APPs apply to data analytics, see the OAICs Guide to Data Analytics and the Australian Privacy Principles. Make sure your good security posture has a presence on your website: show it off and share the news by adding a Badge from SecurityScorecard.