The Australian Prudential Regulation Authority (APRA) has released for consultation discussion paper and accompanying draft Prudential Practice Guide PPG 234 Management of IT Security Risk on the management of information technology (IT) security risks by institutions regulated by APRA.

The draft outlines the measures that APRA regards as sound practice in managing security risks associated with IT, and addresses areas where IT security risk management weaknesses continue to be identified as part of APRA’s ongoing supervision activities.

APRA seeks written submissions on the proposed guidance from interested parties by 5 June 2009.