PwC has been appointed to review the widespread system outages experienced by the ATO from 11 December 2016.
The ATO cited PwC’s specific expertise with the ICT storage that is at the centre of the incident as the reason the firm was chosen.
The review's aim is to help the ATO fully understand what happened and what needs to be done to ensure that it is not exposed to this type of incident in future.
PwC will look into what caused the outage, why there was such a significant impact, the appropriateness of the ATO's response, the residual risks, and the actions that can be taken to mitigate further or future issues.
The PwC review is due to be finalised in March and the ATO is also conducting its own internal review focusing on key stakeholders, including tax professionals and software developers.
The ATO also recently published a letter from CIO Ramez Katf addressing the outages.
“I regret the impact the disruption of our services had on tax practitioners and our other clients and partners who experienced any interruption,” the letter read.
“My team and I know how important our services are to all our clients and we work hard to make them available for the community to use.”
Mr Katf sought to clarify that the outages were not caused by a cyber attack, rather the ATO experienced a major malfunction of its data storage infrastructure in its central computing system that impacted the primary and backup systems at the same time.
“As you can appreciate, we have escalated this to the most senior people from our partner organisation, Hewlett Packard Enterprise (HPE), to seek an appropriate response,” Mr Katf’s letter read.
“We are working with HPE to understand the exact nature of the problem. They have assured us that this is a unique incident that has not been experienced in this type of hardware elsewhere in the world.”
Mr Katf’s letter tried to reassure readers that this type of incident is “unlikely to be repeated”.
“We are working on a number of initiatives to deliver more resilient and sustainable technology that will reduce and eliminate the number of disruptions you are experiencing,” it read.
“This includes identifying and rectifying possible areas of risk in our technology platform as well as migrating our systems to more contemporary cloud-based offerings for technology delivery.”