Blog posts

In the complex and highly regulated business landscape, fiduciary duty demands that Boards of Directors apply the utmost attention to securing sensitive information. While many global technology providers offer robust platforms, the ultimate governance risk often resides not in the technology itself, but in the jurisdictiongoverning that provider. For Australian entities, particularly those subject to APRA’s heightened expectations…

The news of the recent brazen robbery at the Louvre where priceless artefacts were stolen under circumstances that suggest a deep failure of layered security serves as a stark, high-stakes reminder for all organisations. While the world’s attention is fixed on physical breaches, the principles of security failure and recovery apply equally to the digital…

The Australian Prudential Regulation Authority (APRA) has issued its new standard, CPS 231 Operational Risk (CPS 231), replacing the previous CPS 234. This is not merely an incremental update; it represents a fundamental uplift in the expectations placed upon all APRA-regulated entities -banks, insurers, and superannuation funds regarding the management of operational risk. For the governing…

The efficacy and resilience of any sophisticated organisation hinge upon the nature of the relationship between its Board of Directors and its Executive Management team. While a symbiotic connection is crucial for success, ambiguity surrounding roles, communication, and decision-making can swiftly erode confidence and performance. For enterprises committed to robust corporate governance and sustained growth,…

For too long, the concept of a board portal has been narrowly defined: a digital space to store and share board documents. While eliminating mountains of paper is a definite plus, modern governance demands more. Organisations are realising that a truly effective board portal acts as a strategic hub, empowering better decision-making, enhancing collaboration, and…

In our increasingly data-driven economy, Software-as-a-Service (SaaS) products have become indispensable. From customer relationship management to project management and board governance, businesses entrust vast amounts of sensitive information to third-party vendors. Yet, a fundamental question often goes unasked: Does my SaaS provider genuinely need complete, unencrypted access to my customer data for their service to…

In the contemporary Australian corporate landscape, the board meeting is the definitive nexus of accountability. Directors are tasked not only with guiding strategy but with meticulously meeting the governance expectations set by the ASX and the Australian Securities and Investments Commission (ASIC). This duty is complex, requiring a delicate balance between strict compliance and the moral and ethical…

In the complex landscape of modern governance, a board’s duty of care extends far beyond financial oversight. It now includes the rigorous protection of the organisation’s most sensitive data. The choice of a board portal is, therefore, a fundamental act of risk management. For discerning directors and council members, this decision is underpinned by a…

In an increasingly digital age, the choice of communication channels for board-level discussions carries significant implications for security, confidentiality, and corporate governance. A pervasive, yet often overlooked, risk arises when board members utilise their primary corporate email addresses (i.e., those provided by their primary employer) for their external board responsibilities with a different organisation.  This…

Independent schools in Australia hold a unique position of trust within their communities. They are custodians not only of educational excellence but also of vast amounts of sensitive information—from student records and family financial data to staff details and intellectual property. This wealth of personal and proprietary data has made them increasingly attractive and lucrative…