Fraser.Jack's avatar
Fraser.Jack
Icon for Advisely Partner rankAdvisely Partner
2 years ago

Who proactively asks their software stack providers about security?

The results are in from ASIC's Cyber Pulse Survey, and the report has been released (12th November 2023). So much to unpack!

One of the points they make is around supply chain risk.

Without looking at the survey, I'm interested to know your thoughts on the percentage of advice firms that have already asked their software stack providers about the levels of security they have in place and can provide the evidence to show they did their DD.

What percentage do you think have this on file?

 

 

compliance
policy
practice management
technology

5 Replies

  • jenny.brown's avatar
    jenny.brown
    Icon for Advisely Board rankAdvisely Board
    2 years ago

    Great point Fraser.Jack something I know we need to be more diligent about gathering, I would think less than 10% would have any evidence on file, hopefully I'm wrong.

  • deborah.kent's avatar
    deborah.kent
    Icon for Advisely Board rankAdvisely Board
    2 years ago

    Fraser, we have an external IT guy who has ensured that we have all the necessary programs in place for cyber security, he also provides us with due diligence on any providers doesn't mean he is always happy with the answers he gets, however having someone external is a good thing for us as we would not be looking at this all the time.

  • siran.taylor's avatar
    siran.taylor
    Icon for Iress Team rankIress Team
    2 years ago

    Foe those who are not aware, the Iress Community now has a self serve section in the Trust Centre Knowledge Base.

    This is a great first port of call for locating any of the standard Due Diligence documentation regarding Xplan and Iress.

  • roccomusumeci's avatar
    roccomusumeci
    Exploring Newcomer
    2 years ago

    I'm glad ASIC is keeping cybersecurity top of mind. Regarding supply chain risk, my guess is fewer than 20% of firms have proactively vetted their software vendors' security. Many see it as the vendor's responsibility. But we must take ownership too. If we don't ask the tough questions, we may be caught unaware. I think framing security reviews as collaborative partnerships, not interrogations, can open doors. Protecting client data is a shared priority.

Welcome to the Advisely forums!

This is where financial advice professionals from all walks of life come together to share knowledge, swap ideas, solve problems, and talk all things growth and efficiency.

Here are some tips when posting in the forums:

  • Be respectful and courteous to fellow members
  • If a reply helped you, mark it as a solution so other users can find it easily
  • Take a moment to read through our Community Guidelines
  • For Xplan support issues, it's best to raise a ticket in Iress Connect first. You can also search the discussions for posts about the same issue first before starting a new thread.
  • Keep an eye out for our 'Ask me anything (AMA)' threads – these are live text-based Q&As with industry and Xplan experts during a set period of time. Find out when the next one is happening here.
  • Don’t be shy! You don’t need to be an expert to help someone out. Many users are looking for practical advice, shared experiences, or just a fresh perspective
  • Introduce yourself and meet other members here!

We’re glad you’re here – see you around! 😁

Recent Discussions

Related Content