- How client data is handled;
- Where and how it is stored (Australia); and
- The security controls governing access.
- Ongoing compliance with contractual obligations: which may include:
- client risk assessments and due diligence activities, where applicable
- Vendor and information security attestations (if required)
- Migration activities are performed in controlled phases (“waves”) with defined change windows
- Where practical, clients are notified in advance of potential service impacts
- Standard business continuity and operational processes remain in place
- This approach is designed to minimise disruption and maintain continuity of service throughout the transition
MCOM Security & Privacy FAQs
1. Will there be any changes to the current security or privacy controls applied to client data?
No. The MCOM program does not change the fundamental security or privacy controls applied to client data.
Client data continues to be protected, controlled, and managed in accordance with Cotality’s existing information security framework. These controls are aligned with internal policies and industry‑standard security practices. Refer to Cotality’s DataSite for access to Information Security Policies and Procedures.
2. Will MCOM introduce any material changes to how client data is handled, stored, or accessed?
No material changes are introduced. The MCOM program is an infrastructure and operating model uplift (Multi‑Cloud Operating Model) designed to standardise and optimise deployment efficiency across approved cloud environments. It does not change:
Cotality continues to operate in accordance with its contractual obligations, internal policies, and applicable regulatory requirements.
3. Will Cotality provide additional assurance regarding data privacy and security as part of MCOM?
No, as Cotality will continue to provide assurance through its existing governance and assurance processes, including:
Clients may also direct MCOM specific queries to their client delivery manager, or refer to formal MCOM client communications.
4. Does MCOM introduce any new risks or dependencies clients should be aware of?
No, Cotality has not identified any new risks or dependencies that would impact client data . The MCOM program leverages approved cloud service providers and existing vendor governance frameworks, including established third‑party risk management processes. All services continue to operate within Cotality’s security and risk management framework, which is designed to safeguard the confidentiality, integrity, and availability of client data. Cotality is unable to assess client risk as it relates to use of Cotality products and services.
5. How can clients be assured there is no risk to service / product delivery?
Cotality has undertaken structured testing and assurance activities as part of the MCOM program, including client participation in user acceptance testing (UAT) where applicable. In addition: