Telstra has completed a large-scale remediation program to comply with the structural separation undertaking (SSU) four years after signing the agreement.
The telco agreed to the SSU in 2012, which requires Telstra to restrict commercially sensitive wholesales information from its retail business. This is to ensure that Telstra does not give itself a commercial advantage over its retail competitors until the NBN is completed.
Despite efforts to safeguard information, the Australian Competition and Consumer Commission has reported breaches to the SSU in all four of its annual reports since it was implemented. ACCC noted that Telstra reported all of the breaches itself.
To remedy the breaches, Telstra took on a large-scale remediation program to fix its legacy IT system's issues in 2014, which the ACCC today said was complete.
“The ACCC is now satisfied that Telstra’s SSU reporting measures can be relied on to identify any further information security issues, should they arise,” ACCC chairman Rod Sims said.
Independent consultant Ovum reviewed a sample of the 42 remediated IT systems. Although there were a handful of outstanding issues, Ovum said it was satisfied with Telstra's efforts.
As part of the program, Telstra implemented a new compliance management framework to address future security concerns.
While the number of security breaches has declined, Telstra reported nine separate incidents in the 2015 financial year. Four of which were blamed on human error, including retail staff cancelling wholesale service orders from other ISPs, and retail employees accidentally being included in email chains that contained wholesale customer information.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
