You are now leaving Centuria Australia
and entering Centuria New Zealand.
The confidentiality of the information we collect and the robustness of our systems to protect this information are key concerns for our clients and business associates.
Data privacy and security measures are managed by Centuria and our funds, including our listed REITs, benefit from Centuria’s data privacy and security framework. Here we provide details on Centuria’s management practices developed to ensure our stakeholders’ information is kept confidential and secure.
Centuria Capital Group has put in place stringent cybersecurity practices compliant with the Australian Prudential Regulation Authority (APRA) Prudential Standard CPS234 – Information Security to protect information held in the Group’s systems and remain vigilant against cybersecurity incidents and cyber attacks.
The Group has continued to work with a third party organisation – CTRL Group – to manage the security of its data and systems. Their services include a dedicated security operations centre with a 24/7 security analyst detection program which runs across all entities within the Group. The penetration testing includes a thorough assessment of the Group’s network via ethical hacking, identifying any vulnerabilities and misconfigurations in the network. There are also frequent assessments of the Group’s cybersecurity policies relative to the requirements stipulated by APRA’s CPS234.
Centuria Capital Group recognises the importance of safeguarding the privacy of its clients and business associates. The Group is committed to complying with the Australian Privacy Principles (found in the Privacy Act 1988) and the New Zealand Privacy Act 2020.
Employees are consistently educated on Centuria’s data privacy and cybersecurity policies and procedures as they commence work. All employees receive monthly cybersecurity training to be aware of the latest threats, cyber attack mechanisms and best practices on how best to respond to an attack.
Team managers also receive quarterly reports on training compliance and team responses to simulated cyber attacks (e.g. phishing emails) to assist them in improving their respective teams’ performance on data privacy and cybersecurity measures.
cybersecurity training course completions
employee cybersecurity training
cybersecurity training hours per employee