Customer Assurance
Telstra Enterprise - Customer Security Assurance Site
This site aims to provide Telstra Enterprise customers with Security Assurance information about Telstra. Key resources include our latest ISO/IEC 27001 certificates, ASAE 3150 (SOC2) reports, and other related Telstra certifications and links.
Telstra ISO 27001 Certification
ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet.
The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining, and continually improving an information security management system.
Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system reflects all the best practices and principles enshrined in this International Standard.
Telstra maintains an information security management system including policies, controls and procedures that are certified to ISO/IEC 27001:2022 information security management standard.
The scope of Telstra’s Information Security certification encompasses people, process, technology and facilities, supporting the development, management, delivery and assurance of products and services to enterprise, business and government customers of Telstra Limited (including Telstra Purple), Telstra Corporation Limited (trading as Telstra InfraCo.) and Telstra International entities in core countries, in accordance with the Statement of Applicability version 5.
Telstra ASAE3150 (SOC2) Audit Reports
The System and Organization Controls (SOC) Audit report is designed to demonstrate to customers of service-providing organisations the nature of risk and security processes and controls operating at the service providing organisation. The Australian Standard for producing a SOC Audit report is ASAE (Australian Standard Auditing Engagements) which is performed by an independent external party. Telstra engaged EY for this important work.
Telstra has undertaken a whole of company ASAE 3150 (SOC 2) Type 1 and Type 2 Audit assessment. This assessment will be conducted each year (for the previous financial year). The Type 1 refers to control design and point in time operational control testing, whereas the Type 2 refers to design and control testing performing through the period of assessment. A combination of both Type 1 and 2 enable a broader range of controls to be elected for testing thus potentially being applicable to more of Telstra customers for assurance purposes.
The Telstra ASAE3150 (SOC 2) Audit report can assist many of our TE customers (e.g., APRA regulated, Government, Critical Infrastructure etc) in meeting their customer, board, key stakeholders and or regulator requirement to gain security assurance over their key Suppliers.
A copy of the latest Telstra ASAE3150 (SOC2) Audit report(s) can be requested within Telstra Connect platform.
Telstra CyberGRX Report
CyberGRX (Third Party Cybersecurity Risk Management Program | CyberGRX) is a 3rd party Security Controls Assurance platform.
Telstra maintains a CyberGRX Security Assurance report (Tier 2). This report gives further assurance of the effectiveness some ~400 Controls (operating across Telstra) including assessment of the related processes that support the Control operation.
The Telstra CyberGRX report can be accessed by logging onto the CyberGRX platform and requesting a Telstra report. Alternatively, you can request via Telstra Connect that a CyberGRX report be sent to you (the report will be provided inside the CyberGRX Platform.