Cyber Security for APRA CPS 234
Cyber security guidance and support for APRA CPS 234
We help APRA-regulated (banking, insurance and superannuation) organisations mature their cyber security in accordance with APRA CPS 234 guidelines
Talk to a Cyber Security Specialist
Let us help mature your cyber security while ensuring you meet your APRA obligations.
We have cyber security consultants on our team who are experts on APRA CPS 234 and the responsibilities of APRA-regulated organisations.
Improve your organisation's risk posture
We help organisations improve their risk posture from the top down. We provide everything from cyber security strategy and roadmaps to support with implementation and maintenance. And we provide it all while staying within APRA’s guidelines.
Protect data managed by your business and third parties
We help businesses mature their end-to-end information security capability so they can better protect data and systems managed by their organisation and the third parties they work with.
Your cyber security team on standby
We have the capacity and expertise to handle all your cyber security needs, whether it be for a short run or ongoing. We can also communicate what’s being done with your managed IT services provider to ensure everything works seamlessly and aligns with APRA CPS 234.
Ready to uplift your cyber security?
Talk to a cyber security expert today
What is APRA CPS 234?
APRA CPS 234 provides APRA-regulated entities with guidance on defence against information security incidents, including cyber attacks.
The material, produced by APRA, provides guidance to boards/senior management, risk management, and information security specialists from APRA-regulated businesses about best practices for maturing their information systems and cyber security.
APRA’s prudential framework explained
APRA regulates Australia’s banking, insurance and superannuation industry. While each industry has specific standards and guidelines, all APRA-regulated organisations have a prudential framework made up of three pillars:
Prudential Standards: These outline APRA’s requirements related to capital, governance and risk management that are legally binding.
Prudential Guidelines: These provide directions and steps APRA-regulated businesses can take in order to comply with the prudential standards.
Reporting Standards: These dictate what data regulated organisations need to report to APRA and when to provide it.
Objectives and key requirements of APRA CPS 234
APRA’s CPS 234 Information Security Prudential Standard aims to ensure APRA-regulated entities take measures to be resilient against information security incidents, including cyber-attacks.
The key requirements are that an APRA-regulated entity must:
- Clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals
- Maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity
- Implement controls to protect its information assets commensurate with the criticality and sensitivity of those information assets, and undertake systematic testing and assurance regarding the effectiveness of those controls; and
- Notify APRA of material information security incidents.