Closed RobHale-Truelayer closed 11 months ago
m3data
commented
2 years ago Great recommendations @RobHale-Truelayer - this reinforces some of the points being raised by FDATA ANZ members.
The current mechanisms in place are untenable and will be even more so as more sectors come online.
I'd imagine all these metrics being be added to the ACCC CDR performance dashboard which can operate as leaderboard and proxy for trustworthiness for the CDR ecosystem.
ACCC-CDR
commented
1 year ago Thanks Rob for the feedback. The ACCC has recently been notified of this GitHub issue by the Data Standards Body. Since this issue has been posted, the ACCC has reviewed the issues outlined, and where feasible, changes have been implemented. In the last 12 months, the ACCC has engaged with participants via the Incident Management, Data Quality and Ecosystem Performance Working Group on a range of matters. We have worked with working group members to strengthen existing incident management processes, updated the CDR Service Management Portal User Guide and process flows in the Jira Service Management tool, published additional metrics on the CDR Performance Dashboard, and drafted service level objectives (SLOs) to introduce in the near future.
The ACCC continues to actively monitor and intervene in incidents when required.
Please contact CDRTechnicalOperations@accc.gov.au if you require further information.
nils-work
commented
1 year ago Hi @RobHale-Truelayer, @m3data
In light of the guidance provided by @ACCC-CDR, this issue will be closed on 27 October 2023 if there are no further comments or changes to the Data Standards expected.
Description
Timely resolution of incidents logged in the current CDR Service Management Portal relies upon participant goodwill and the assumed capacity and ability of related parties to investigate and successfully resolve matters in a timely manner. In order to establish trust and confidence in the CDR ecosystem, incident response needs to become more predictable and reliable.
Area Affected
ADRs attempting to resolve incidents associated with other parts of the ecosystem are impacted to the point where they may be unable to offer a reliable product or service to consumers. Consumers understandably (but incorrectly) often view this as a failure on the part of the ADR.
Currently restricted to banking, but shortly extending to Energy, Telco and other FS verticals, this issue will become more apparent and the impact more material if not addressed.
ADRs are often faced with an immediate issue and need resolution, ideally within minutes or hours. The current incident management process is not designed to meet this need.
ADR resources can only work on incidents once a response is received. Concurrent incidents require regular and inefficient context switching for ADRs in particular.
Change Proposed
Ongoing review and enhancement of the incident management process is recommended. A range of changes should be considered and implementation commenced without delay where possible.
Set expectations through a set of defined operating principles for participants such as...
Define an escalation process for portal incidents
Incentivise DHs to address issues logged by ADRs
Consider providing incident visibility to DH CDR platform providers
Not all DHs have the necessary technical skills and/or capacity to respond to ADR requests in a timely manner. Many smaller banks share core banking system(s) and outsource the technical management and operation of these to third party providers. Logging incidents with a smaller DH may require that DH to log an equivalent incident with a third party platform provider. This is inefficient and causes further delays and limits visibility on incident progress.
These are some suggestions and examples but is not a comprehensive set of requirements. Input from ADRs, DHs and other ecosystem participants is needed and consideration of needs of other sectors and industry verticals would also be beneficial.