What Cognizant gets wrong in Oceania
Cognizant's Oceania managed services operations face Australian Privacy Act requirements for cross-border data transfers that are more demanding than their global delivery model typically assumes. APP 8 — which governs cross-border disclosure of personal information — requires that Australian organizations transferring personal information overseas take reasonable steps to ensure the overseas recipient does not breach the APPs. Cognizant's contractual representations satisfy the documentation requirement but not the architectural assurance that OAIC enforcement actions have begun to demand.
APRA CPS 234 operational resilience requirements for Australian financial institutions require boards to actively oversee information security — including the information security practices of their critical service providers. For APRA-regulated institutions engaging Cognizant, the CPS 234 requirements include assessing Cognizant's information security controls, including for the offshore delivery components that handle Australian financial data. The TriZetto breach — 12 months undetected — is the most relevant data point for this assessment.
Oceania frameworks we deploy natively
Our Oceania engagements satisfy APP 8 cross-border transfer requirements through architecture — Australian personal information stays in Australian or APP 8-approved processing environments, verified by the system design.
APRA CPS 234 compliance is documented through engineering controls, not contractual representations. The compliance evidence package satisfies APRA examination requirements for technology risk management and third-party oversight.
AU Privacy Act, APPs (including APP 8 cross-border requirements), APRA CPS 234, MHR Act. Australian data sovereignty requires architectural assurance — not contractual representations from an offshore delivery model.
Oceania technology engagement: 8-20 weeks. Fixed price. AU Privacy Act and APRA CPS 234 compliance enforced architecturally. Full IP transfer at close.
Vendor Lock-In Exit Guide
How to identify, quantify, and systematically eliminate dependency on Cognizant in Oceania — without breaking production. Covers dependency mapping, exit plan design, and migration execution.