Guidance

1. IT systems include the computer systems and information technology infrastructure required for the automation of processes and systems, such as application software, operating system software, network infrastructure, and desktop, server and mainframe hardware.
2. An Authorised Person should consider the following in establishing its systems and controls for the management of IT system risks:
a. governance and oversight controls that ensure technology, including outsourcing arrangements, is aligned with and supportive of the Authorised Person's business objectives;
b. an Authorised Person's organisation and reporting structure for technology operations, including adequacy of senior management oversight; and
c. the appropriateness of the systems acquisition, development and maintenance activities, including the allocation of responsibilities between IT development and operational areas.