CDR Obligations Self-assessment Tool
Quill Peak has developed a sophisticated CDR obligations self-assessment tool to assist CDR participants with achieving and maintaining compliance with the more than 250 obligations that the evolving ecosystem requires. This tool is focused on the non-technical obligations and complements API conformance testing and any required ASAE3150 information security audits.
Key features
- Supports all the CDR participant roles (Data Holder, Data Recipient, Intermediary)
- Supports all the designated sectors (currently banking and energy)
- Allows extensive filtering to focus attention on obligations that are relevant to an organisation
- Supports compliance gap analysis and risk management controls definition and documentation
- Supports multiple infrastructures/products
- Allows full configuration of analysis columns
- Highlights changes in rules from release to release
- Supports fully automated import from previous versions
- Supports locking for audit
- Includes the following regulatory material: Competition Act (section IVD), sector designations, CDR Rules, CX standards, CX guidelines, Privacy act (CDR relevant sections only)
- All regulations are MD5 check-summed to ensure integrity of content is maintained
- Includes extracts and links to key ACCC guidance materials
- Produces statistics on current compliance coverage state
- Based on MS365 Excel with extensive automation (all code is digitally signed for compliance with corporate security policies)
Benefits
- Allows clear documentation of compliance to support risk management processes, internal and regulator audits
- Allows efficient review of compliance when obligations change through highlighting of changed obligations
- Enables delegation of responsibility for defined obligations to stakeholders
- Tool operation is familiar to anyone who has used MS365 Excel
- Timely tool updates ensure that compliance is always up to date with latest rule changes

Screenshots
Below are a selection of screenshots from the tool that provide a sample of the capabilities
Configuration page
Automated configuration allows adapting to different product/infrastructure, accountable staff and preferred views
Regulations
Each regulation is structured to allow easy filtering and includes the full text and notes together with occasional comments from us
Impacted areas
Each regulation line is mapped to whether it impacts policy, process and/or technology
Compliance columns
The compliance columns of each sheet are fully configurable to meet the needs of any compliance model or process
Filter on accountable department or staff
Accountable department or staff can be recorded against policy/process/technology elements
Recent regulation change highlighting
The regulations can be highlighted in markup style to readily identify recent changes
CDR Rules index
A full hyperlinked index exists for both the CDR Rules and Competition Act with browser-like back function
ACCC guidance
There is a tab cataloguing all the key ACCC/OAIC guidance material with hyperlinks to the source for easy access
Overview video – Part 1 (15 mins)
System requirements
Operating system | Windows 10 |
Applications environment | Microsoft 365 Excel |
Security policy | Must allow execution of signed macros |
Network policy | Prefer access to cloud server for automated update notifications |