A hand ticking a box on a form
A hand ticking a box on a form

Security compliance

Doing the right thing

Compliance is about more than just complying with relevant requirements; it is about doing the right things fairly, honestly and transparently.

Southern Cross is committed to complying with all applicable laws and health service standards. We align with the standard practices below to ensure we implement the right business processes and security controls to safeguard information and to protect our infrastructure, data, applications, and services. To help maintain compliance, we also perform regular audits, both internal and external.

Standards and regulations

Centre for Internet Security (CIS) Framework

We align with the CIS Controls Framework, a set of industry-standard security controls that provide a strong baseline for organisational and IT systems security. This framework allows us to measure our compliance with the CIS Framework through regular control testing. The testing assesses the effectiveness and maturity of each security control in our environment.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is a set of global security standards that are implemented by organisations that process, store, or transmit payment or credit card information. Essentially, they ensure all payment transactions are processed in a secure environment.

Southern Cross doesn’t process or store payment card information. Instead, we use a PCI DSS compliant third-party service provider to process all payment transactions.


To find out how we manage personal information, see our Member Privacy Statement.

Related information

Security assurance

Learn more > 

Third-party service providers

Learn more > 

Security governance

Learn more >