Cyber security guidance and support for APRA CPS 234

From one of the first organisations in Australia to achieve ISO 27001:2022

We help APRA-regulated (banking, insurance and superannuation) organisations mature their cyber security in accordance with APRA CPS 234 guidelines

ISO 27001 Certification
cyber essentials certification
IASME cyber assurance certification
Cyber security strategy

The MyEmpire Group difference

"We’re big enough to support all manner of businesses, from ma and pa’s to enterprise, but small enough to still obsess over detail."

We don’t obsess over detail to the point of paralysis, but we do take great pride in delivering exceptional work. And it’s not just because we get a thrill receiving elated client feedback, although that’s something we all share in common. Primarily it’s because we genuinely care about building cyber security systems that protect businesses. That means really learning your business and your people so we can develop a cyber security strategy suited to you, not a close-enough template pulled from a file. That’s what makes us different; we only feel satisfied when we know a job’s been done right. 

"The biggest benefit to working with MyEmpire Group is having access to cyber expertise on an as-needed basis. We're able to access skills and knowledge across a broad range of [cyber security] areas, and without having to hire in-house."
Jenelle Schultz
Chief Operating Officer, Business Fitness
"The MyEmpire Group team’s technical understanding of Essential 8 and ability to cut through all the techno-speak and explain things to us in layman's terms made the process so much more streamlined."
Lisa Saunders
Group Executive – Governance Risk & Compliance, REI Superannuation

Our People

Our cyber security specialists are a mixture of seasoned veterans, many with 30+ years’ experience in IT, management and security. We also have young faces on the team, our rising stars–those whose talents we recognised early and chose to invest in. 

Beyond being experts in their fields, our people share a few things in common, a result of how we hire. Prior to any skills being tested in an interview, we look for personable people. Authentic, honest people who are passionate about their field and good communicators. In other words, we look for people who light up when they talk about their line of work. People whose passion is contagious. Only candidates who meet this criteria are taken through the typical interview steps where we probe skills and work history.

ISO 27001

Leadership Team

Alex Woerndle, MyEmpire Group

Alex Woerndle


Alex is an experienced director, IT consultant and infosec professional. He provides security management and leadership to a range of organisations from start-ups through to governments and ASX50 listed enterprises. He has also served over 10 years in voluntary roles as a Non-Executive Director of the Australian Information Security Association,.au Domain Administration Ltd and the Australian Conservation Foundation’s Finance, Audit and Risk Committee.

Carl Woerndle


Carl has more than three decades’ experience in IT, security and business leadership. Prior to MyEmpire Group, he and Alex built DistributeIT which held approx. 10% market share of domains. As well as a business owner and manager, Carl has worked as a Cyber Security Advisor consultant for Deloitte. He is a regular keynote speaker on cyber security.

Chris Self


Chris is a highly experienced information security principal. He has worked as a senior cyber security consultant for KPMG, CQR Consulting (now part of CyberCX) and Deloitte. Prior to starting with MyEmpire Group, he was the Information Security Manager at Adelaide Airport where he led a full rebuild of the airport’s cyber security processes and infrastructure. Chris holds a master’s in information systems security and a number of information security certifications, including CISSP and CRISC.

Talk to a Cyber Security Specialist

Let us help mature your cyber security while ensuring you meet your APRA obligations.

We have cyber security consultants on our team who are experts on APRA CPS 234 and the responsibilities of APRA-regulated organisations.

Improve your organisation's risk posture

We help organisations improve their risk posture from the top down. We provide everything from cyber security strategy and roadmaps to support with implementation and maintenance. And we provide it all while staying within APRA’s guidelines.

Cyber security specialists Penetration testing
Cyber security gap assessment Cyber security specialists

Protect data managed by your business and third parties

We help businesses mature their end-to-end information security capability so they can better protect data and systems managed by their organisation and the third parties they work with.

Your cyber security team on standby

We have the capacity and expertise to handle all your cyber security needs, whether it be for a short run or ongoing. We can also communicate what’s being done with your managed IT services provider to ensure everything works seamlessly and aligns with APRA CPS 234.


Talk to a cyber expert today

What is APRA CPS 234?

APRA CPS 234 provides APRA-regulated entities with guidance on defence against information security incidents, including cyber attacks.

The material, produced by APRA, provides guidance to boards/senior management, risk management, and information security specialists from APRA-regulated businesses about best practices for maturing their information systems and cyber security.

APRA’s prudential framework explained

APRA regulates Australia’s banking, insurance and superannuation industry. While each industry has specific standards and guidelines, all APRA-regulated organisations have a prudential framework made up of three pillars:

Prudential Standards: These outline APRA’s requirements related to capital, governance and risk management that are legally binding.

Prudential Guidelines: These provide directions and steps APRA-regulated businesses can take in order to comply with the prudential standards.

Reporting Standards: These dictate what data regulated organisations need to report to APRA and when to provide it.

Objectives and key requirements of APRA CPS 234

APRA’s CPS 234 Information Security Prudential Standard aims to ensure APRA-regulated entities take measures to be resilient against information security incidents, including cyber-attacks.

The key requirements are that an APRA-regulated entity must:

  • Clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals
  • Maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity
  • Implement controls to protect its information assets commensurate with the criticality and sensitivity of those information assets, and undertake systematic testing and assurance regarding the effectiveness of those controls; and
  • Notify APRA of material information security incidents.

Let us help mature your cyber security while ensuring you meet your APRA obligations.