The Australian Competition and Consumer Commission (ACCC) has signed off on the results of a Telstra IT systems remediation program intended to bring the telco into line with its Structural Separation Undertaking (SSU) obligations.
The SSU is a key part of the transition to the National Broadband Network. It includes a commitment from Telstra to migrate customers from its fixed line network to the NBN. In addition, under the SSU Telstra is obliged to implement measures ensuring that its retail arm does not have an unfair advantage over customers of its wholesale arm.
Since the SSU commenced in 2012, Telstra has revealed a number of compliance issues, largely relating to information security arrangements. A key problem was many of the telco’s IT systems were not designed with the kind of separation between its retail and wholesale arms envisaged under the SSU.
Most of the breaches of the SSU self-reported by Telstra in the past have related to the telco’s obligation to ensure that commercially sensitive wholesale customer information was not disclosed to its retail arm.
To comply with its SSU obligations the telco implemented a wide-ranging remediation program that encompassed 42 IT systems and the implementation of a compliance management framework. The telco created a dedicated program team that included up to 100 business analysts, project managers and subject matter experts, according to an ACCC-commissioned review of the program. The review was conducted by Ovum.
“Ovum’s review has shown that Telstra’s approach to remediation has been appropriate for such a large scale program of work,” the report by Ovum stated. “The issues found during the review were self-reported by Telstra and either remediated or are in the process of being remediated.”
Ovum recommended that the ACCC rely on Telstra’s self-reporting mechanisms to deal with any issues in the future.
“Whilst there may be other issues which have not yet come to light, it is likely that those issues (if they exist) will relate to more obscure aspects of the various IT systems or customer scenarios which are not part of the day to day operations of the systems,” the Ovum report stated. “We therefore expect that Telstra’s Compliance Management Framework should be able to deal with these issues if they appear.”
“The ACCC is pleased that Telstra’s long-running project to achieve compliance with its SSU has concluded,” ACCC chairperson Rod Sims said in a statement.
“The ACCC is now satisfied that Telstra’s SSU reporting measures can be relied on to identify any further information security issues, should they arise,” Sims said.