The Australian Taxation Office is on top of its game when it comes to information security, an independent investigation has found.
PricewaterhouseCoopers was commissioned last December to do a comprehensive four-month long review of the security practices at the Tax Office.
In his summary notes, PwC partner Mark Ridley, said that as an organisation, "the Tax Office is highly conscious of information security and considers the security of the information with which it is entrusted as a serious business issue."
Furthermore, "the Tax Office compares favourably with other organisations - particularly with regard to security culture - and a strong sense of responsibility for security exists amongst Tax Officers."
"It was clear during the course of this review with meetings with Senior Executives and Management from across the organisation, that the Tax Office generally has a lower appetite for risk in relation to stewardship of client information than many other organizations which we see," the report reads.
"While this evidently stems from the large volumes of personal and corporate sensitive information which the Tax Office processes on a daily basis, the Tax Office appears more security conscious when compared to other organisations with large customer and financial databases."
The ATO came up trumps in many areas. The investigation, titled Information Security Practices Review, also found the ATO's information security governance structures are "generally sound"; it has a clear corporate stance on security matters; has effective education and awareness programs; has a well defined security classification framework; has a range of effective security monitoring mechanisms; and has incident response mechanisms in place.