Data & Technology
|
|
| Domain ID |
D05 |
| Owner |
Chief Technology Officer / Chief Information Security Officer |
| Jurisdiction |
NZ + AU |
| Applicability |
Platform — All system domains contribute. SD07 delivers the core data governance infrastructure: CDC pipeline, RBAC, secrets management, privileged access management, and audit trail. |
Management of technology risk, data integrity, cybersecurity, and model governance across the bank's digital platform.
Policies
| Code |
Policy name |
Status |
| DT-001 |
Information Security Policy |
Draft |
| DT-002 |
Cybersecurity Policy |
Draft |
| DT-003 |
Technology Risk Management Policy |
Draft |
| DT-004 |
Data Governance Policy |
Draft |
| DT-005 |
Model Risk Management Policy |
Draft |
| DT-006 |
Cloud & Infrastructure Policy |
Draft |
| DT-007 |
Change & Release Management Policy |
Draft |
| DT-008 |
Third-Party & Outsourcing Risk Policy |
Draft |
| DT-009 |
Artificial Intelligence & Algorithm Policy |
Draft |
| DT-010 |
Environments & Deployment Standards |
Draft |
| DT-011 |
AI Development Guardrails |
Draft |
Systems satisfying this domain
- MOD-042: Debezium CDC connector — AUTO (governed data pipeline)
- MOD-043: Kafka topic governance — AUTO (domain separation)
- MOD-044: JWT RBAC — GATE (access control)
- MOD-045: Secrets & key management — AUTO (key rotation)
- MOD-046: PAM — GATE/LOG (privileged access)
- MOD-048: System decision log — LOG (AI/ML explainability)
Policies in this domain
| Code |
Title |
Status |
Owner |
| DT-001 |
Information Security Policy |
Draft |
Chief Information Security Officer |
| DT-002 |
Cybersecurity Policy |
Draft |
Chief Information Security Officer |
| DT-003 |
Technology Risk Management Policy |
Draft |
Chief Technology Officer |
| DT-004 |
Data Governance Policy |
Draft |
Chief Technology Officer |
| DT-005 |
Model Risk Management Policy |
Draft |
Chief Risk Officer |
| DT-006 |
Cloud & Infrastructure Policy |
Draft |
Chief Technology Officer |
| DT-007 |
Change and release management |
Draft |
Chief Technology Officer |
| DT-008 |
Third-Party & Outsourcing Risk Policy |
Draft |
Chief Technology Officer |
| DT-009 |
AI & algorithm policy |
Draft |
Chief Risk Officer |
| DT-010 |
Environments and deployment standards |
Draft |
Head of Platform Engineering |
| DT-011 |
AI development guardrails |
Draft |
Chief Technology Officer |
| DT-012 |
Ledger Data Contracts & Event Publication Policy |
Draft |
Chief Technology Officer |
Compiled 2026-05-22 from source/entities/risk-domains/D05.yaml