CPS 234 requires APRA-regulated entities to maintain an information security capability commensurate with the threats they face. We help banks, insurers, super funds, and fintechs meet every requirement — from board-level governance to technical controls and incident notification.
APRA CPS 234 mandates that APRA-regulated entities clearly define information security roles and responsibilities, maintain an information security capability commensurate with the size and extent of threats, implement controls to protect information assets, test the effectiveness of those controls, and notify APRA of material information security incidents.
Assessment against all CPS 234 requirements and APRA's supporting guidance (CPG 234). Clear view of gaps and remediation priorities.
We help you build and demonstrate an information security capability proportionate to your threat environment — including people, processes, and technology.
Assessment of third-party and related-party information security arrangements. Vendor risk assessment framework and ongoing monitoring.
Design and execution of your control testing program, including systematic testing per CPS 234 requirements and independent assurance activities.