What is APRA CPS 234?
CPS 234 (also known as CPS234) is a security regulation created by the Australian Prudential Regulatory Authority (APRA). The Prudential Standard CPS 234 covers the level of information security needed for APRA regulated entities.
The APRA CPS 234 standard requires an entity to minimise the risk of data security threats. The latest update was released on 1 July 2019.
The Board of an APRA regulated entity is responsible for ensuring the business is resilient against these security incidents.
To do this, the Standard is broken into 9 key areas:
- Roles and responsibilities
- Information security capability
- Policy framework
- Information asset identification
- Implementation of controls
- Incident management
- Testing control effectiveness
- Internal audit
- APRA notification
As the entity grows, it must continue to be resistant to security threats. If there is an increase in threats, an entity must act according to mitigate the risk.
Overall, the entity must be resilient against information security threats no matter the size.
APRA Regulated Entities
The Standard addresses information security for APRA regulated entities.
These entities include:
- Authorised Deposit taking institutions (i.e. banks)
- General insurers
- Life insurance companies
- Private health insurers
- Registrable superannuation entity (RSE) licensees.
There are a number of key requirements APRA regulated entity must follow.
- Clearly defining the information security related roles and responsibilities. This includes for the Board, senior management, governing bodies and individuals.
- Maintaining an information security capability. This is based on the company’s size and extent of the threats.
- Implementing controls to protect data assets. This consists of undertaking testing to ensure the effectiveness of controls.
- Notify APRA of information security events.
Vectra can undergo a CPS 234 assessment of your entity to ensure it is compliant to these requirements.
How Vectra can help
We have an expert team to ensure your entities achieves CPS 234 compliance.
With our knowledge and experience, we will implement a structured approach.
We have outlined our steps to success below:
- CPS 234 assessment
- CPS 234 audit
- Risk management plan
- Achieve CPS234 Compliance
- Ongoing monitoring and assurance
If Vectra detects any compliance issues, we will help with a CPS 234 remediation process to ensure you’re meeting requirements.