Services Australia claims 'mature' incident response process following outages

The new department was tight-lipped on the specifics of the 2019 myGov outages, however.
Written by Asha Barbaschow, Contributor on

Services Australia has claimed it has a "mature incident management process" in place when dealing with outages, such as those experienced by myGov earlier this year.

With myGov being down on 12, 13, and 20 July 2019, the department was probed during October's round of Senate Estimates probed on what the underlying causes were for the outages. Taking the question on notice, the department this week submitted its answer.

"There was a significant increase in user demand on myGov services in July 2019, above forecasted demand predicted for the end of the financial year period," it wrote.

"This led to some performance issues with the myGov services."

It said it worked quickly to restore services when the incidents were identified.

"The department has a mature Incident Management Process in place that encompasses the restoration, review, and implementation of recommendations, ensuring incidents are not replicated," it continued.

The details of individual incidents, Services Australia said, remain "confidential to maintain the operational security of our systems".

See also: Australia's digital identity solution to soon link with myGov

The department also claimed immunity from having to share major incident review reports on the three outages.

"To maintain operational security, Services Australia does not provide details regarding internal reviews of incidents impacting on myGov services," it said, nearly two months after it was asked to supply the reports.

Senators also asked the department what recommendations from any incident reports have been implemented or are in the process of being implemented, and what fixes have been added to prevent outages from occurring again.

"Services Australia has a mature Incident Management Process in place that encompasses implementation of recommendations," it wrote after taking that question on notice, too.

"To maintain operational security, the department does not provide details regarding changes or fixes used for myGov outages.

"All changes or fixes undertake testing prior to deployment into the production environment with the aim of providing High Availability services for myGov."

During the same round of estimates, Services Australia was asked what type of priority the outages were, as well as what repercussions followed.

Specifically, it was asked if the incidents were considered "major" and how an incident receives such classification; what criteria is used for assigning "Priority 1 or 2" to an incident; and what are the differences between a Priority 1 incident and a P2/Major one.

"To maintain operational security, Services Australia does not provide details regarding the type of myGov outages," it said again, adding: "The department treats all incidents impacting the myGov service with urgency and works quickly to restore services where incidents are identified".

Services Australia was asked if it was familiar with the website "Down Detector", with Senator Malarndirri McCarthy saying at the time it reported outages of varying duration and impact for June 3 and 28, July 4 and 16, and September 23, in addition to the three publicly known outages.

The department was asked to provide incident reviews or outage reports for those additional events.

"Services Australia does not comment on external websites and their practices or content," it said in response.

As of August 2019, 15 million of Australia's 25 million population had a myGov account.


Editorial standards