The Australian Prudential Regulation Authority (APRA) has published a prudential practice guide (PPG) on the management of security risk in information and information technology (IT) by institutions supervised by APRA.

The PPG provides guidance to senior management, risk management and IT security specialists on the importance of an overarching framework, systematic IT asset life-cycle management, effective monitoring processes and robust IT security reporting and assurance mechanisms.

It also contains a section on service provider management.