On this page
PPSR security measures
The Security of the PPSR system and any personal or sensitive information it may hold on behalf of its clients is of the utmost importance to AFSA.
To ensure that security best practice is applied at all stages of the application life cycle and to provide users of AFSA services the assurance that their data is appropriately protected, AFSA perform the following activities.
The identification and remediation of vulnerabilities:
Annual independent penetration tests are performed on both the application and the hosting infrastructure to identify and address system and application vulnerabilities. Specifically, application penetration testing targets web application risks identified by the OWASP foundation.
The protection of PPSR and its associated data from cyber threats:
Every two years PPSR is assessed against the requirements of the Australian Cyber Security Centre’s (ACSC) Information Security Manual (ISM) through an independent IRAP (Information Security Registered Assessor Program) assessment. These assessments provide the assurance that appropriate controls are in place to adequately protect the data held by PPSR.
Application development:
Annual independent code reviews are performed to ensure the detection of defects and the compliance with software best practice standards.
Compliance with Government security standards.
Compliance with Maturity Level 2 of the Australian government’s Essential 8 strategies to mitigate cyber security incidents is mandatory for AFSA. Independent compliance assessments are performed twice annually.