Amstelveen Amstelveen

What you need to know about APRA’s Prudential Standard CPS234 Information Security

Amstelveen

Follow us on LinkedIn

6 Dec 2018
Topics
  • Compliance and Regulation
  • Technology and Cyber Risk

Who It Applies To

The Standard applies to all APRA regulated entities, which include authorised deposit-taking institutions, general insurers, parent entities of Level 2 insurance groups, life companies, private health insurers, and Registrable Superannuation Entity licensees under the Superannuation Industry (Supervision) Act 1993.

When It Applies From

The Standard comes into effect from 1 July 2019. Where an APRA regulated entity’s information assets are managed by a third party, then it will apply to those assets from the earlier of either the contract renewal date or 1 July 2020.

Why It’s Important

APRA regulated entities manage sensitive information assets. The Standard is aimed at minimising the likelihood and impact of information security incidents, inclusive of those that could occur with related or third parties.

What Processes Are Needed

Information security policy frameworks need to be matched to the threat landscape presented to be effective. This requires an information security focus within processes such as incident management, regulatory notifications and the identification, management and testing of controls.

How to Prepare

Key areas to review to prepare effectively for the Standard’s implementation are ensuring roles and responsibilities are clear, including those to be performed by the Board, and that systems and processes are in place to enable effective control management, control testing, incident management and regulatory notifications within stipulated timeframes.

What Capabilities Are Needed

Information security skill and knowledge is required at all levels, including within the Board and internal audit. It is critical that entities match and maintain their resources with the threat landscape that they face, including that related or third parties meet the required standards. This includes ensuring the appropriate capabilities for testing and audit are met.

What you need to know about APRA’s Prudential Standard CPS234 Information Security
Download the article

You may also like

Risk Transformation

Six remedies to curb your GRC implementation fears

GRC solutions can enhance and even automate some of an organisation’s risk management capabilities and practices, but their implementation often appears challenging. However, with the right planning, team, access to data and a focus on the end-user, a great outcome is achievable.

Read the article
Business Risk and Resilience

Amstelveen Risk Update: Edition 1, June 2019

Welcome to the first edition of our Risk periodical, the ‘Risk Update’. We intend to produce this update on a regular basis, commenting on major trends in risk management and internal control. What does the Global Risk Report mean for Australian organisations? In this edition, Wendy Valent reviews some of the key risks identified in […]

Read the article
Business Risk and Resilience

Amstelveen Risk Update: Edition 3, July 2020

Welcome to the third edition of our Risk periodical, the ‘Risk Update’. In this edition, our team has provided a perspective on three specific risk areas. Business Continuity Management during COVID Over the past year, global, political, economic and environmental events have caused significant disruption to organisations and their day to day operations. With organisations slowly […]

Read the article
Technology and Cyber Risk

What is your cyber security risk appetite?

How to quantify and monitor your appetite with 6 key indicators.

Read the article
View All

Let us tell you more

Risk management expectations are evolving rapidly. How well is your organisation equipped to respond?

Get in touch