What is APRA CPS234?
CPS 234 is a security regulation created by the Australian Prudential Regulation Authority (APRA). The Prudential Standard CPS 234 covers the level of information security needed for APRA regulated entities.
The APRA CPS 234 standard requires an entity to minimise the risk of data security threats. Essentially, it ensures a business has appropriate controls in place so critical and sensitive data it’s protected, this includes asset management and responding to threats in a timely manner. The latest update was released on 1 July 2019 and all APRA regulated entities need to follow these requirements.
APRA regulated entities
APRA regulated entities include:
- Deposit taking institutions such as banks
- General insurers
- Life insurance companies
- Private health insurers
- Registrable superannuation entity (RSE) licensees
The Board of an APRA regulated entity is responsible for ensuring the business is resilient against these security incidents.
To do this, the Standard is broken into 9 key areas:
- Roles and responsibilities
- Information security capability
- Policy framework
- Information asset identification
- Implementation of controls
- Incident management
- Testing control effectiveness
- Internal audit
- APRA notification
As the entity grows, it must continue to be resistant to security threats. If there is an increase in threats, an entity must act according to mitigate the risk. No matter the size, a business must have processes in place to reduce security threats.
Requirements
There are a number of key requirements APRA regulated entity must follow.
These are:
- Clearly defining the information security related roles and responsibilities. This includes for the Board, senior management, governing bodies and individuals.
- Maintaining an information security capability. This is based on the company’s size and extent of the threats.
- Implementing controls to protect data assets. This consists of undertaking testing to ensure the effectiveness of controls.
- Notify APRA of information security events.
Vectra can undergo a CPS 234 assessment of your entity to ensure it is compliant to these requirements.
How Vectra can help
We have an expert team to ensure your entities achieves CPS 234 compliance.
With our knowledge and experience, we will implement a structured approach.
We have outlined our steps to success below:
- CPS 234 assessment
- CPS 234 audit
- Risk management plan
- Achieve CPS234 Compliance
- Ongoing monitoring and assurance
If Vectra detects any compliance issues, we will help with a CPS 234 remediation process to ensure you’re meeting the requirements.
Vectra is based in Australia so you can rest assured your data will stay on home soil. We have offices in Brisbane, Melbourne, Sydney, Adelaide and Perth to cater for your CPS234 remediation and CPS234 audit needs.
Contact Vectra to ensure you are working with the gold standard in CPS 234 compliance in Australia.