Important information for all NAB SaaS suppliers - NAB
Our relationship with our suppliers
The operating environment we operate in has materially changed – driven by rapid technology adoption with increasing threat sophistication, and ongoing regulatory expectations. Against this backdrop, the strength of our supplier relationships matters more than ever.
The services you provide are critical to our customers, our operations, and our reputation. This brings a shared responsibility to operate with transparency, discipline, and strong control. While contractual obligations continue to apply, the following expectations underpin all supplier relationships with NAB.
Customer and outcome focus
Decisions and actions must prioritise customer outcomes, service resilience and fairness, and must not introduce avoidable risk to NAB or its customers.
Strong risk and security practices
Suppliers must maintain robust, industry‑aligned security controls to protect NAB data, systems and customers across the full-service lifecycle. We expect:
- Preventing unauthorised access, misuse or data leakage
- Maintaining effective logging, monitoring and detection capabilities
- Regularly testing and updating controls
Notify NAB immediately of any material security incident, vulnerability or data breach affecting NAB or its customers.
Technology health and lifecycle management
Services provided to NAB must be supported by current, supported and resilient technology. We expect:
- Timely patching and vulnerability remediation
- Active lifecycle management of technology
- Identification and remediation of material technical debt
Third‑Party risk accountability
Suppliers remain accountable for the full delivery chain supporting NAB services, including subcontractors. We expect:
- Active management of third‑party risks and dependencies
- Comparable standards of security, control and resilience across the supply chain
Artificial Intelligence (AI) transparency and control
The use of AI presents opportunities, as well as risks to data, systems and customer outcomes. We expect:
- Early disclosure of AI capabilities included in products or services
- No material changes to approved functionality without prior agreement
- Clear visibility of how AI capabilities are governed, tested and monitored
- Ability for NAB to enable, disable or constrain functionality where required
- Assurance that NAB data is not used to train or improve models without explicit approval
Operational discipline and resilience
Suppliers must maintain clear ownership, reliable delivery and effective escalation. We expect:
- Tested business continuity and disaster recovery capabilities
- Proactive risk identification and management
- Transparent and timely escalation where delivery is at risk
Integrity, transparency and early engagement
We expect openness and early disclosure of risks, issues, material changes and constraints. Where expectations cannot be met, this must be raised early and addressed constructively.
Continuous improvement
Suppliers are expected to continuously improve their capabilities as technologies, threats and regulatory expectations evolve.
We value the role our suppliers play in supporting NAB and our customers. Strong partnerships are built on clarity, accountability, trust and disciplined execution.
Important information
Apologies but the Important Information section you are trying to view is not displaying properly at the moment. Please refresh the page or try again later.