You are now leaving Centuria Australia
and entering Centuria New Zealand.
Cybersecurity
The confidentiality of the information we collect and the robustness of our systems to protect this information are key concerns for our clients and business associates.
Data privacy and security measures are managed by Centuria and our funds, including our listed REITs, benefit from Centuria’s data privacy and security framework. Here we provide details on Centuria’s management practices developed to ensure our stakeholders’ information is kept confidential and secure.
Cybersecurity
Centuria Capital Group has put in place stringent cybersecurity practices compliant with the Australian Prudential Regulation Authority (APRA) Prudential Standard CPS234 – Information Security to protect information held in the Group’s systems and remain vigilant against cybersecurity incidents and cyber attacks.
The Group has continued to work with a third party organisation – CTRL Group – to manage the security of its data and systems. Their services include a dedicated security operations centre with a 24/7 security analyst detection program which runs across all entities within the Group. The penetration testing includes a thorough assessment of the Group’s network via ethical hacking, identifying any vulnerabilities and misconfigurations in the network. There are also frequent assessments of the Group’s cybersecurity policies relative to the requirements stipulated by APRA’s CPS234.
Data privacy
Centuria Capital Group recognises the importance of safeguarding the privacy of its clients and business associates. The Group is committed to complying with the Australian Privacy Principles (found in the Privacy Act 1988) and the New Zealand Privacy Act 2020.
The Privacy Policy, which is supported by the Privacy manual, provides further details on the course of action to be followed under the Group’s data privacy principles outlined here. The Notifiable Data Breach Procedure and Response Plan also supports the Privacy Policy, providing details on the measures to be followed in the event of a data breach. The Incident and Reporting Policy and Procedures guide the Group’s assessments and escalation of breaches.
Training
Employees are consistently educated on Centuria’s data privacy and cybersecurity policies and procedures as they commence work. All employees receive monthly cybersecurity training to be aware of the latest threats, cyber attack mechanisms and best practices on how best to respond to an attack.
Team managers also receive quarterly reports on training compliance and team responses to simulated cyber attacks (e.g. phishing emails) to assist them in improving their respective teams’ performance on data privacy and cybersecurity measures.
7,063
cybersecurity training course completions
~1,177 hours
employee cybersecurity training
~2.8
cybersecurity training hours per employee
Governance
Centuria’s Privacy Policy outlines the approach to collecting, using, disclosing and managing personal information and dealing with data breaches. Data privacy and the operation of cybersecurity frameworks are managed by the Group’s Head of Operations (HO). All data that outlines key security risks and severity are reported to the Board through the Audit, Risk and Compliance Committee which oversees and is ultimately accountable for the appropriateness of data privacy and cybersecurity frameworks.