ACCC declares Telstra's mass systems remediation complete

Telstra has finally achieved compliance with the structural separation undertaking (SSU) it signed four years ago after completing a large-scale remediation program that spanned 42 IT systems.

SSU compliance has been a struggle for Telstra, with the ACCC finding breaches of the undertaking each year since the SSU was signed.

The undertaking requires Telstra to ringfence wholesale data from its retail operations so the information cannot be accessed by retail staff for competitive gain.

But IT issues with legacy systems, as well as staff error, meant instances of unauthorised disclosure of sensitive wholesale customer data kept occurring, albeit in declining numbers.

The telco committed to a wide-ranging remediation program for its legacy IT systems in 2014, originally scheduled for completion late that year but which extended out to 2015 after new issues were discovered.

The ACCC today said it now considered the program to be complete after Ovum - the independent consultant engaged to review a sample of the remediated systems - reported that it was satisfied with Telstra's efforts despite a handful of outstanding issues.

Telstra has advised that all remaining issues had been resolved since the Ovum report was handed in in February, and Ovum has verified the remediation, the ACCC said today.

The watchdog and Ovum [pdf] said Telstra's self-reporting, alongside a new compliance management framework, could be relied on to pick up any future IT security issues that arise.

Some of the more serious breaches Telstra had reported over the years included retail staff cancelling wholesale service orders lodged by other internet service providers, and closing more wholesale faults without addressing the problem than they did for retail complaints.