APRA’s new mandatory Prudential Standard, CPS-234, commenced on 1 July 2019.
It specifies new cybersecurity requirements to ensure APRA-regulated entities tighten their cyber security against information security incidents(including cyber attacks). But does it go far enough?
The regulation seeks to minimise the likelihood of and impact of information security incidents concerning confidentiality, integrity and information systems, by ensuring information security capability is commensurate with information security vulnerabilities and threats.
InfoSecAssure reviewed this regulation against requirements set by many other industry bodies,including but not limited to: ISO 27001, NIST Cyber Security Framework, SOC2 Trust Services Criteria and The Australian Government Information Security Manual (ISM). We found that APRA CPS-234 regulations are very light on defining the broad range of security controls likely required to appropriately protect your organisation however they have a specific focus on the supply chain more than other standards.
Security policies based solely on CPS-234 may omit critical aspects of an information security management plan necessary to keep your organisation safe.
InfoSecAssure, has developed a comprehensive of questions to help guide your organisation in becoming APRA CPS 234 compliant.
Contact InfoSecAssure today for access to our full, detailed guidelines for implementing APRA 234, including templates. Or for general advice on how to deliver APRA CPS-234 as part of your overall information security program.
At the helm of our privately owned, global RegTech firm are industry experts who understand that security controls should never get in the way of business growth. We empower companies large and small to remain resilient against potential threats with easily accessible software solutions for implementing information security governance, risk or compliance measures.
We don't just throw a bunch of standards at you and let you try and figure it out! We have designed a thoughtful way of supporting all businesses consider, articulate and develop security controls that suit the needs of the organisation and provide clever reporting capability to allow insights and outcomes from security assessments to be leveraged by the business and shared with third parties.
Our platform places customers at the heart of our design process, while providing access to expert knowledge. With simple navigation and tangible results, we guarantee that all data is securely encrypted at-rest and in transit with no exceptions – meeting international standards with annual security penetration testing and ISO 27001 Certification.