qantas group cyber security policy qantas group cyber security policy

QFF provides reasonable and adequate notifications to users of its services (QFF members) when collecting personal information (APP 5). Due to this assessments scope, the OAIC did not consider most of these safeguards in detail. 4.5 APP 1.2 requires an entity to take reasonable steps to implement practices, procedures and systems that will: 4.6 Qantas Group has a number of group-wide policy documents that are applicable to all of its business units, including QFF. As part of meeting its obligations under APP 1.2, QFF should develop and implement a PMP, to be reviewed annually, that sets out specific goals and objectives for its privacy management with consideration of the specific issues that apply to its operations. A Group data privacy, ethics and governance function has been established to assist us to better ensure personal information is handled fairly, ethically and responsibly. To report security or privacy issues affecting The Emirates Group products or web servers, you can contact security@emirates.com. 4.38 The QRAG contains the risk assessment and management frameworks for the Qantas Group. Renewed security awareness training for all employees and contractors, Renewed freight security training for all freight employees and contractors, Enhancing the relationship between the Group and Australian Federal Police (AFP) Air Security Officers, Collaborating with overseas regulators and airport authorities to enable the resumption of international operations, Participating in the governments review of the Australian security regulatory framework. This means that the policy may be too complex for some readers, who are younger or who have a lower literacy level, to understand, and this could affect some QFF members. Relying on this document to guide a privacy impact assessment (PIA) may result in some personal information being mishandled or privacy risks not being adequately captured by a PIA. Join to connect Qantas. 4.31 Compliance with APP 1.2 is fundamentally about good privacy governance. Cyber fraud techniques evolve into confidence trick arms race. Villanova University Salary Bands, Through the application of data analytic techniques, entities can then use this data for a variety of purposes including profiling for targeted advertising and marketing. In ever-increasing times of uncertainty, the resilience of an organisation plays a significant role in effectively meeting market demands and supporting the delivery of strategy. Flexible Fare options. Specifically, the assessment examined whether: 6.4 Where the OAIC identified privacy risks and considered those risks to be high or medium risks, according to OAIC guidance, the OAIC made recommendations to QFF about how to address those risks. The OAIC was informed that all new marketing and data analytics projects are subject to a robust in-house vetting process that involves an assessment of both cyber security and privacy risks. Qantas has ordered 20 Airbus A321XLRs and 20 A220-300s narrow jets. During 2021, the Group was vocal in its support of legislation that will enhance these efforts in future. Qantas suffered a 30 percent turnover in its technology personnel as the airline battles staff loss, in the wake of repeated Covid-19 lockdowns. If a privacy complaint must be escalated, the corporate liaison manager reports the complaint to the Customer Care Manager who then reports it to Group Legal. QANTAS ANNUAL REIE 2017 18 Cyber Security The Qantas Group is constantly improving its cyber and data privacy capabilities. 4.67 QFF staff are also required to undertake mandatory risk management and cyber security training. These are some of the factors we use to calculate the overall score: Discover open access points, insecure or misconfigured SSL certificates, or database vulnerabilities. There are less than ten users with administrative access privileges, and these accounts are also logged, as are any data changes in the data warehouse. 4.21 The OAIC has developed a PMP template that should assist QFF in the development of a PMP. Underpinning the policies and procedures should be strong leadership from senior management, with governance arrangements that support effective privacy practices. When a members accumulated Status Credits reach a designated level, their membership tier level increases (for example from Silver to Gold) and they can receive additional membership benefits, including earning higher rates of Qantas Points. Qantas. 4.48 The response triggered by an incident notification will depend on the nature and severity of the incident. Each members profile is assigned an anonymous identification number that is unrelated to their membership number. covid 19 flight refund law; destroyer squadron 31 ships; french lullabies translated english; Whether travelling for business or leisure, we understand that every group has unique travel needs; and that's why we offer a range of benefits available exclusively to group travellers to help make your customers journey a seamless one. 4.74 Qantas Frequent Flyer applies data analytic techniques, and then uses this data for targeted advertising and marketing. It operates through five segments: Qantas Domestic, Qantas International, Jetstar Group, Qantas Loyalty, and Corporate. The OAIC understands that data privacy and security is marked as one of the top three risks in this document. Code of Conduct and Ethics; 2. Business Resilience Policy; 3. Qantas Airways is an airline that provides the transportation of customers using Qantas and Jetstar brands. QFF advised that this trial was being expanded and QFF would eventually roll out multi-factor authentication to all members. Its current APP 5 collection notification practices appear reasonable and adequate. 4.29 At the time of this assessment, neither QFF nor Qantas Group had a dedicated privacy officer, although there were plans to create such a role. We remain committed to minimising the risk of workplace injuries, including those associated with mental health risks. The time taken to resolve complaints depends on their complexity. These emails are provided on an opt-out basis, so members can change or cancel the different types of marketing materials that they receive from QFF. The COVID-19 pandemic presented many challenges to our organisation and our people to work through. Cyber fraud techniques evolve into confidence trick arms race. We brought grounded aircraft back into service, our employees came back to work after being stood down, and we opened or reopened flying to ports that we had not flown to in over a year and to some that had not seen an aircraft in that time. All user access is logged and monitored, with the logs regularly audited by the platform owners. Qantas Risk Assessment Report COLLEGE OF BUSINESS, LAW & GOVERNANCE GROUP TASK COVER SHEET Subject code: BX3011 Subject title: Company Furthermore, human resource and other policies exist at entity or business unit level, which also outline the minimum expected standards for our people in the context of their employment. This Code sets out expectations for how we act, solve problems and make decisions. 4.9 The OAIC noted that one document contained references to the National Privacy Principles (NPPs), which were replaced by the APPs in March 2014. The DISO assesses the security implications of the project and considers mitigation strategies for cyber security risks. He is currently in the role of Group Chief Information Security Risk Officer at Standard Chartered Bank, based in Singapore with a global scope. Qantas Location 10 Bourke Rd, Mascot, New South Wales, 2020, Australia Description Industry Airlines, Airports & Air Services Transportation However, the OAIC suggests that QFF continues to regularly review its use of personal information in its marketing and data analytics activities to ensure its processes and policies remain effective and appropriate. Security Policy. When we receive your email, we send an automatic email acknowledgment. 4.12 All customer complaints, including QFF privacy complaints, are managed through a case management system, which enables staff to monitor all complaints received and their status. Qantas Domestic has a growing margin advantage over competitors, with a brand, network and product offering targeted at business and premium leisure customers who value Qantas has joined other sectors in asking the government to at least partially cover the cost of complying with proposed laws aimed at better defending the countrys critical infrastructure networks and systems from cyber attacks. Our Fly Well program included a number of temporary and existing wellbeing measures to safeguard travel during the pandemic, to give our customers peace-of-mind at each point of their journey across our Australian domestic, trans-Tasman and international networks. The Prime Minister's $230 million Cyber Security Strategy The Australian Crime Commission estimates the annual cost of cyber crime to His appointment as Qantas group CISO was part of a significant revamp of the cyber security function at the airline. -Adam Kinsella, Product Owner for Network, Network Security, Qantas. Furthermore, marketing and analytics staff are in constant consultation with QFF Legal in relation to changes or new ideas. CHESS also has oversight of risks associated with regulatory compliance. Due to this assessments scope, the OAIC did not consider most of these controls in detail. 4.91 The purpose of APP 1 is to ensure that APP entities manage personal information in an open and transparent way (APP 1.1). 4.78 As stated above, QFF holds all personal information in data warehouses, with highly restricted access. Your use of these systems may be monitored and investigated to ensure compliance with the law and Qantas Policies. 4.64 Privacy training is compulsory for all staff with access to personal information, which includes Qantas call-centre staff, reservations staff and the entirety of QFF. QFFSC staff verify a customers identity before assisting the member with their query, including making any corrections. The GBRMS relies on a number of subsidiary documents including the airlines risk management framework, known as Qantas Group Risk Assessment Guide (QRAG), the Group crisis management plan, and other documents, including business unit specific documents such as the QFF risk and resilience framework. As QFF is a popular loyalty program with a large member base, the OAIC conducted a privacy assessment of QFF in 2017. Legal also provides more tailored face-to-face privacy training to various QFF units on an ad hoc basis. We take active, quality measures to help you keep safe online and we also encourage our members to do what's possible to protect their account and personal information. 4.49 QFF liaises with internal and Group staff, external stakeholders and regulators (such as the OAIC) as needed throughout the process. Qantas EpiQure,[5] Qantas Money, etc). Case Studies - Qantas Customer Story. simplifies the notice to enhance readability, changes the title from important information to something that indicates to potential members that the notice relates to the collection of their personal information.