Email Phone Next Scroll to move Touch to move edit Play Play Pause Volume Mute Zoom Open Close Search Linked In Linked In X Facebook Instagram Close

 

Cybersecurity

The confidentiality of the information collected and the robustness of the Group’s cyber systems to protect this information are key concerns for clients and business associates. We continue to seek improvements in our cyber security position.

Cybersecurity

Centuria Capital Group has put in place stringent cybersecurity practices compliant with the Australian Prudential Regulation Authority (APRA) Prudential Standard CPS234 – Information Security to protect information held in the Group’s systems and remain vigilant against cybersecurity incidents and cyber attacks.

The Group has continued to work with a third party organisation – CTRL Group – to manage the security of its data and systems. Their services include a dedicated security operations centre with a 24/7 security analyst detection program which runs across all entities within the Group. The penetration testing includes a thorough assessment of the Group’s network via ethical hacking, identifying any vulnerabilities and misconfigurations in the network. There are also frequent assessments of the Group’s cybersecurity policies relative to the requirements stipulated by APRA’s CPS234.


Data privacy

Centuria Capital Group recognises the importance of safeguarding the privacy of its clients and business associates. The Group is committed to complying with the Australian Privacy Principles (found in the Privacy Act 1988) and the New Zealand Privacy Act 2020.

The Privacy Policy, which is supported by the Privacy manual, provides further details on the course of action to be followed under the Group’s data privacy principles outlined here. The Notifiable Data Breach Procedure and Response Plan also supports the Privacy Policy, providing details on the measures to be followed in the event of a data breach. The Incident and Reporting Policy and Procedures guide the Group’s assessments and escalation of breaches.


Training

Employees are consistently educated on Centuria’s data privacy and cybersecurity policies and procedures as they commence work. All employees receive monthly cybersecurity training to be aware of the latest threats, cyber attack mechanisms and best practices on how best to respond to an attack.

Team managers also receive quarterly reports on training compliance and team responses to simulated cyber attacks (e.g. phishing emails) to assist them in improving their respective teams’ performance on data privacy and cybersecurity measures.

Icons_Lock-Shield
7,063

cybersecurity training course completions

Icons_Calendar-time
~1,177 hours

employee cybersecurity training

Icons_Timer-02
~2.8

cybersecurity training hours per employee

Governance

Centuria’s Privacy Policy outlines the approach to collecting, using, disclosing and managing personal information and dealing with data breaches. Data privacy and the operation of cybersecurity frameworks are managed by the Group’s Head of Operations (HO). All data that outlines key security risks and severity are reported to the Board through the Audit, Risk and Compliance Committee which oversees and is ultimately accountable for the appropriateness of data privacy and cybersecurity frameworks.

ESG_Governance-1

Corporate governance
ESG_Chain

Modern slavery
ESG_cogs money

Investment approach