We can drill down without slowing down.

We are seeing increasing regulatory scrutiny of the information security of the financial services industry, including superannuation trustees and banks. The art is to drill down without slowing down.

https://www.apra.gov.au/for-action-information-security-obligations-and-critical-authentication-controls

https://www.oaic.gov.au/news/blog/outsourcing-cdr-obligations-the-buck-stops-with-you

Large technology suppliers that provide the same critical service to multiple companies often resist close scrutiny by their customers, such as the right to penetration test, conduct on-site audits, and otherwise monitor suppliers’ business continuity and security processes and systems. Managed poorly, customer intervention can increase costs, potentially slow development, and even create its own security risks. Audits by one customer should not allow that customer to access other customers’ data.

That being said, Australian regulators are clearly focused on ensuring that the financial services industry closely monitors and manages its suppliers. Customers need to be able to engage with suppliers, drill-down to confirm how suppliers operate, and validate that suppliers have systems and processes in place to keep technology systems and data secure.

There is an art to this when negotiating contracts between the supplier and the customer. Suppliers that do this best set up processes to provide the same form of access to all customers. These processes allow customers to drill down without slowing down.