Cyber Security Specialists 1800 816 044

CPS234 Compliance & Assessments

At Vectra, we help our APRA regulated clients through the process of achieving CPS 234 Compliance.

CPS 234 Compliance ensures an entity is resilient against data security threats, in particular to financial and privacy information.

Learn More
Dots Explaining CSP234 assessment

What is APRA CPS 234?

CPS 234 (also known as CPS234) is a security regulation created by the Australian Prudential Regulatory Authority (APRA). The Prudential Standard CPS 234 covers the level of information security needed for APRA regulated entities.

The APRA CPS 234 standard requires an entity to minimise the risk of data security threats. The latest update was released on 1 July 2019.

The Board of an APRA regulated entity is responsible for ensuring the business is resilient against these security incidents.

To do this, the Standard is broken into 9 key areas:

  1. Roles and responsibilities
  2. Information security capability
  3. Policy framework
  4. Information asset identification
  5. Implementation of controls
  6. Incident management
  7. Testing control effectiveness
  8. Internal audit
  9. APRA notification

As the entity grows, it must continue to be resistant to security threats. If there is an increase in threats, an entity must act according to mitigate the risk.

Overall, the entity must be resilient against information security threats no matter the size.

APRA Regulated Entities

The Standard addresses information security for APRA regulated entities.

These entities include:

  • Authorised Deposit taking institutions (i.e. banks)
  • General insurers
  • Life insurance companies
  • Private health insurers
  • Registrable superannuation entity (RSE) licensees.


There are a number of key requirements APRA regulated entity must follow.

These are:

  • Clearly defining the information security related roles and responsibilities. This includes for the Board, senior management, governing bodies and individuals.
  • Maintaining an information security capability. This is based on the company’s size and extent of the threats.
  • Implementing controls to protect data assets. This consists of undertaking testing to ensure the effectiveness of controls.
  • Notify APRA of information security events.

Vectra can undergo a CPS 234 assessment of your entity to ensure it is compliant to these requirements.

How Vectra can help

We have an expert team to ensure your entities achieves CPS 234 compliance.

With our knowledge and experience, we will implement a structured approach.

We have outlined our steps to success below:

  1. CPS 234 assessment
  2. CPS 234 audit
  3. Risk management plan
  4. Achieve CPS234 Compliance
  5. Ongoing monitoring and assurance

If Vectra detects any compliance issues, we will help with a CPS 234 remediation process to ensure you’re meeting requirements.

Contact Vectra

Fill out the form and we’ll be in touch as soon as possible or call our team on 1800 816 044.

Contact Us - Popup
Banking & Finance
Major Retailers
Service Providers
Media & Entertainment
Contact us