The investigation covered five key areas: potential "hot spots" such as work practices and areas representing higher risk to the organisation; information security policy and governance frameworks; implementation of security policy "in action"; monitoring mechanisms; and response mechanisms.

As a result of the review, the Tax Office said it will:

• Align corporate risk management practices and policies more closely with security risk management;
• Revise existing policies to strengthen security practices for staff who work away from the office and the secure transfer of bulk data;
• Revise frameworks so staff better understand who is accountable for an information risk;
• Provide additional tools and technologies to help staff better manage documentation, especially those who work away from the office;
• Strengthen assurances that all security requirements are being met when transferring information with other organisations;
• Strengthen routine checks to ensure our systems are working securely, and
• Ensure a consistent, co-ordinated response to any information security incidents.

"We will implement the priority recommendations over the next two years and build on our strong foundation of keeping taxpayer information secure," said Tax Commissioner Michael D'Ascenzo.