CPS234

The Australian Prudential Regulation Authority's (APRA) Information Security Standard CPS 234 institutes requirements around information asset identification and classification, information security roles and responsibilities, implementation and testing of information security controls, incident management, internal audit, and breach notification.

• It makes clear that the Board is ultimately responsible for information security.
• It calls for protective measures to be commensurate with the size of the organisation and the threats faced.
• It includes requirements around management of third party (supplier) risk management.

Links

• https://www.apra.gov.au/sites/default/files/cps_234_july_2019_for_public_release.pdf
• https://www.pwc.com.au/cyber-security-digital-trust/cps234.html

Related

• CPG235