Cyber security guidance and support for APRA CPS 234

We help APRA-regulated (banking, insurance and superannuation) organisations mature their cyber security in accordance with APRA CPS 234 guidelines

Talk to a Cyber Security Specialist

Let us help mature your cyber security while ensuring you meet your APRA obligations.

We have cyber security consultants on our team who are experts on APRA CPS 234 and the responsibilities of APRA-regulated organisations.

Improve your organisation's risk posture

We help organisations improve their risk posture from the top down. We provide everything from cyber security strategy and roadmaps to support with implementation and maintenance. And we provide it all while staying within APRA’s guidelines.

Cyber Security Health Check Privacy compliant cyber security

Protect data managed by your business and third parties

We help businesses mature their end-to-end information security capability so they can better protect data and systems managed by their organisation and the third parties they work with.

Your cyber security team on standby

We have the capacity and expertise to handle all your cyber security needs, whether it be for a short run or ongoing. We can also communicate what’s being done with your managed IT services provider to ensure everything works seamlessly and aligns with APRA CPS 234.

How we work

Ready to uplift your cyber security?

"The biggest benefit to working with MyEmpire Group is having access to cyber expertise on an as-needed basis. We're able to access skills and knowledge across a broad range of [cyber security] areas, and without having to hire in-house."
Jenelle Schultz
Chief Operating Officer, Business Fitness

Talk to a cyber security expert today

What is APRA CPS 234?

APRA CPS 234 provides APRA-regulated entities with guidance on defence against information security incidents, including cyber attacks.

The material, produced by APRA, provides guidance to boards/senior management, risk management, and information security specialists from APRA-regulated businesses about best practices for maturing their information systems and cyber security.

APRA’s prudential framework explained

APRA regulates Australia’s banking, insurance and superannuation industry. While each industry has specific standards and guidelines, all APRA-regulated organisations have a prudential framework made up of three pillars:

Prudential Standards: These outline APRA’s requirements related to capital, governance and risk management that are legally binding.

Prudential Guidelines: These provide directions and steps APRA-regulated businesses can take in order to comply with the prudential standards.

Reporting Standards: These dictate what data regulated organisations need to report to APRA and when to provide it.

Objectives and key requirements of APRA CPS 234

APRA’s CPS 234 Information Security Prudential Standard aims to ensure APRA-regulated entities take measures to be resilient against information security incidents, including cyber-attacks.

The key requirements are that an APRA-regulated entity must:

  • Clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals
  • Maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity
  • Implement controls to protect its information assets commensurate with the criticality and sensitivity of those information assets, and undertake systematic testing and assurance regarding the effectiveness of those controls; and
  • Notify APRA of material information security incidents.

Let us help mature your cyber security while ensuring you meet your APRA obligations.