# Who it's for — 40° South Guard

> Your sector. Your obligations. Your evidence. What Guard covers for superannuation, financial services, insurance, health, government, and legal.

WHO IT'S FOR

# Your sector. Your obligations. Your evidence. 

Guard is configured per sector. The checks your calls run against and the obligations each record maps to are specific to your industry, not a generic ruleset. Below: what that looks like, and what an auditor actually sees. 

## Industries Guard covers

### Superannuation

Super funds face APRA scrutiny on technology risk and material service providers. Guard produces the audit trail your next RSE review will ask for.

APRA CPS 234APRA CPS 230SIS Act 

SIS Act §52B covenant: trustees must act in beneficiaries' best interests and maintain records of all significant decisions affecting member data.

What an auditor sees → 

### Financial services

Banks, non-bank lenders, wealth managers, and AFSL holders face the highest AI compliance obligations in the country. Guard produces the evidence they need.

APRA CPS 234APRA CPS 230AFSL 

CPS 234 §15(c): adequate controls must be maintained over third-party information assets, including AI systems accessing customer data.

What an auditor sees → 

### Insurance

Insurers handle sensitive personal and health data at scale. Guard monitors every AI interaction against your obligations, including the ICA General Insurance Code.

Privacy ActICA CodeAPRA CPS 234 

APRA CPS 234 §15 and ICA General Insurance Code s.9: customer data handled by third-party AI must be subject to oversight controls.

What an auditor sees → 

### Health and aged care

Patient and resident data is among the most sensitive in the country. Guard keeps it inside your compliance boundary and produces evidence per call.

Privacy ActMy Health Records ActAHPRA (in development) 

APP 11.1: entities must take reasonable steps to protect sensitive health information from misuse, loss, and unauthorised disclosure.

What an auditor sees → 

### Government and public sector

PSPF, ISM, and the DTA AI Assurance Framework all need evidence of AI handling at classification boundaries. Guard covers that under Australian law.

APS 8Privacy ActISMDTA AI Assurance 

ISM Control 0714: agencies must implement controls to monitor and log access to systems processing sensitive information.

What an auditor sees → 

### Legal and professional services

Client privilege, conflict duties, and trust account rules all extend into AI use. Guard covers them, with per-user and per-matter compliance profiles.

Privacy ActState Bar Rules 

Privacy Act APP 8: cross-border disclosure obligations apply the moment client data passes through an overseas AI provider.

What an auditor sees → 

[Don't see your industry? Talk to us → ](/#get-started) 

Guard evidence record

#### Superannuation


            event_id: "evt_4b8e027a"


            timestamp: "2026-04-24T11:17:05Z"


            tenant: "super_fund_demo"


            provider: "openai · us-east"


            control_active: true


            pii_detected: true


            pii_types: ["TFN","ABN","DOB"]


            enforcement: "flag"


            cross_border: true


            regulation: ["CPS 234 §15","APP 8","SIS §52B"]


            attestation_id: "att_4b8e027a"


            signed: "ECDSA-P256"


            status: "FLAGGED"
          

Example attestation · not live customer data · v3.2 schema

Guard evidence record

#### Financial services


            event_id: "evt_9a3f1b8d"


            timestamp: "2026-04-24T09:14:32Z"


            tenant: "aus_bank_demo"


            provider: "azure-openai · syd"


            control_active: true


            pii_detected: true


            pii_types: ["TFN","DOB"]


            enforcement: "redact"


            cross_border: false


            regulation: ["CPS 234 §15", "AFSL"]


            attestation_id: "att_9a3f1b8d"


            signed: "ECDSA-P256"


            status: "COMPLIANT"
          

Example attestation · not live customer data · v3.2 schema

Guard evidence record

#### Insurance


            event_id: "evt_2e66a3c8"


            timestamp: "2026-04-24T13:28:57Z"


            tenant: "insurer_demo"


            provider: "azure-openai · syd"


            control_active: true


            pii_detected: true


            pii_types: ["DOB","Phone","BSB"]


            enforcement: "redact"


            cross_border: false


            regulation: ["CPS 234 §15","ICA §9"]


            attestation_id: "att_2e66a3c8"


            signed: "ECDSA-P256"


            status: "COMPLIANT"
          

Example attestation · not live customer data · v3.2 schema

Guard evidence record

#### Health and aged care


            event_id: "evt_c7e4a219"


            timestamp: "2026-04-24T08:42:11Z"


            tenant: "aged_care_demo"


            provider: "anthropic · syd"


            control_active: true


            pii_detected: true


            pii_types: ["Medicare","DOB"]


            enforcement: "redact"


            cross_border: false


            regulation: ["APP 11.1","MyHR Act"]


            attestation_id: "att_c7e4a219"


            signed: "ECDSA-P256"


            status: "COMPLIANT"
          

Example attestation · not live customer data · v3.2 schema

Guard evidence record

#### Government and public sector


            event_id: "evt_f1d92c04"


            timestamp: "2026-04-24T10:02:48Z"


            tenant: "dept_demo"


            classification: "PROTECTED"


            provider: "azure-openai · syd"


            control_active: true


            injection_detected: true


            enforcement: "block"


            cross_border: false


            regulation: ["ISM-0714","APS 8"]


            attestation_id: "att_f1d92c04"


            signed: "ECDSA-P256 · CMEK"


            status: "BLOCKED"
          

Example attestation · not live customer data · v3.2 schema

Guard evidence record

#### Legal and professional services


            event_id: "evt_3a71c502"


            timestamp: "2026-04-24T14:09:22Z"


            tenant: "law_firm_demo"


            matter_id: "mat_48291"


            provider: "anthropic · us-west"


            control_active: true


            pii_detected: true


            pii_types: ["Email","Phone"]


            enforcement: "flag"


            cross_border: true


            regulation: ["APP 8","State Bar 9.1"]


            attestation_id: "att_3a71c502"


            signed: "ECDSA-P256"


            status: "FLAGGED"
          

Example attestation · not live customer data · v3.2 schema

[Start with the guarantee → ](/#get-started) [Talk to us ](mailto:hello@40south.au)

---
Markdown version of https://40south.au/who-its-for for AI readers. Site index for LLMs: https://40south.au/llms.txt
