APRA CPS234

We help your company to achieve APRA CPS234 compliance requirements and protect your sensitive data

CPS234 is an information security regulation developed by Australian Prudential Regulation Authority (APRA) to protect Australian financial organisations from increasing cyber security incidents. The main objective of the CPS234 is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.

Key requirements

• clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals
• maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity
• implement controls to protect its information assets commensurate with the criticality and sensitivity of those information assets, and undertake systematic testing and assurance regarding the effectiveness of those controls; and
• notify APRA of material information security incidents

Our services

• Initial gap assessment to know your existing compliance to APRA CPS234
• Build CPS234 roadmap to achieve full compliance
• Support through implementation, operation and testing of security controls
• Conduct internal audit periodically to maintain the CPS234 compliance