How Shearwater can help your organisation meet the CPS 234 Standard:
We provide services and solutions to APRA-regulated entities to help them achieve compliance against the CPS 234 Standard.
When you engage Shearwater, you have the assurance that your security team is tackling security threats with the right structured approach – managing risks and protecting your organisation’s systems around the clock.
Scope of the Service
Incident Management and Response
We have extensive experience in incident management and incident response preparation, including notification requirements set by the CPS 234 Standard. Our team can also help you to review and test your incident response plan regularly.
Your organisation may be subject to the Notifiable Data Breach (NDB) Scheme, obliging you to notify individuals whose personal information was compromised due to a data breach. We can help you plan your actions and responses, integrating this into your incident response plan and processes.
Information Security Capability Development
We can assist in developing and improving your organisation’s information security capability while ensuring it is appropriate to the size of your organisation and the threats it faces. As part of this engagement, we can help you identify your key information assets as well as help with delivery of key policy framework documents.
If your organisation is already compliant (or needs to be compliant) with other information security standards (such as ISO/IEC 27001, PCI DSS or ISM), we can also help you align these standards with your CPS 234 requirements.
C-Level Executive briefings
Our C-Level Executive Briefings are designed to assist executives of APRA-regulated entities in discerning the requirements of the CPS 234 Standard and understanding how they apply to their organisation.
Policy Framework Development
Our team can review your existing policy frameworks and policies, align policies with both CPS 234 and other security standards, and lead the full development of policies in conjunction with your internal resources.
Information Asset Identification and Classification
We can conduct an information asset audit, complete with identification and prioritisation. Furthermore, our team of specialists can assist in segmenting your environment to ensure cost-effective security management.
Risk Management Consulting
We can work with your team to develop an overarching Risk Management framework that enables your organisation to effectively uncover, prioritise and manage risks within core systems.
Internal Audit Augmentation
CPS 234 requires that your internal audit activities include a review of the design and operating effectiveness of information security controls. We can provide this capability to your internal audit team or conduct an internal audit on your behalf.
Supplier Security Review
If your organisation’s information assets are managed by a related party or third party, we can assist you with your CPS-234 obligations for suppliers and evaluate your supplier’s information security controls in line with APRA standards.
Vulnerability Assessments and Penetration Testing
We can assist in implementing a suitable testing program and regime to ensure the effectiveness of security controls.
What Our Customers Say
“We chose to engage an Australian company called Shearwater to lead that (IRAP) assessment
because of their reputation for rigour and expertise.”
“Security is an on-going process, and as an IT Security Advisor, I am comfortable with having a peer company like Shearwater to rely upon. If I have an issue or need advice I am confident that Shearwater can provide a pragmatic and cost-effective solution.”
Talk to a Compliance Expert
Contact us today to speak to one of Shearwater’s Certified Security Consultants. They have extensive experience in providing guidance for achieving and maintaining accreditation and will be happy to assist you.
Call us on 1300 228 872 or submit the form below