APRA Prudential Standard CPS 234
Consulting Services

At Shearwater, we help APRA-regulated entities to understand their obligations under Prudential Standard CPS 234 and comply with Information Security standards set by APRA.

TALK TO A COMPLIANCE EXPERT

The scope of CPS 234 Standard

The main aim of the CPS 234 Standard is to ensure that APRA-regulated entities maintain information security capability and resiliency against cyber threats targeting financial institutions and the wider business community.

“A key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.”

The CPS 234 Standard places the ultimate responsibility for maintaining information security on the Board of the APRA regulated entity, and puts forward four key requirements that these organisations must undertake:

1 – Clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals;

2 – Maintain an information security capability that’s proportionate with the size and extent of threats to its information assets without disrupting operations;

3 – Implement and systematically test appropriate controls to protect its information assets – taking into consideration the criticality and sensitivity of those assets; and

4 – Notify APRA of material information security incidents.

A complete copy of the standard can be found here >>

TALK TO A COMPLIANCE EXPERT

Who is required to be compliant?

The Prudential Standard CPS 234 is applicable to banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry.

How Shearwater can help your organisation meet the CPS 234 Standard:

We provide services and solutions to APRA-regulated entities to help them achieve compliance against the CPS 234 Standard.

When you engage Shearwater, you have the assurance that your security team is tackling security threats with the right structured approach – managing risks and protecting your organisation’s systems around the clock.

How Shearwater can help your organisation meet the CPS 234 Standard:

Scope of the Service

Incident Management and Response

We have extensive experience in incident management and incident response preparation, including notification requirements set by the CPS 234 Standard. Our team can also help you to review and test your incident response plan regularly.

Your organisation may be subject to the Notifiable Data Breach (NDB) Scheme, obliging you to notify individuals whose personal information was compromised due to a data breach. We can help you plan your actions and responses, integrating this into your incident response plan and processes.

Information Security Capability Development

We can assist in developing and improving your organisation’s information security capability while ensuring it is appropriate to the size of your organisation and the threats it faces. As part of this engagement, we can help you identify your key information assets as well as help with delivery of key policy framework documents.

If your organisation is already compliant (or needs to be compliant) with other information security standards (such as ISO/IEC 27001, PCI DSS or ISM), we can also help you align these standards with your CPS 234 requirements.

C-Level Executive briefings

Our C-Level Executive Briefings are designed to assist executives of APRA-regulated entities in discerning the requirements of the CPS 234 Standard and understanding how they apply to their organisation.

Policy Framework Development

Our team can review your existing policy frameworks and policies, align policies with both CPS 234 and other security standards, and lead the full development of policies in conjunction with your internal resources.

Information Asset Identification and Classification

We can conduct an information asset audit, complete with identification and prioritisation. Furthermore, our team of specialists can assist in segmenting your environment to ensure cost-effective security management.

Risk Management Consulting

We can work with your team to develop an overarching Risk Management framework that enables your organisation to effectively uncover, prioritise and manage risks within core systems.

Internal Audit Augmentation

CPS 234 requires that your internal audit activities include a review of the design and operating effectiveness of information security controls. We can provide this capability to your internal audit team or conduct an internal audit on your behalf.

Supplier Security Review

If your organisation’s information assets are managed by a related party or a third party, we can assist you with your CPS-234 obligations for suppliers and evaluate your supplier’s information security controls in line with APRA standards.

Vulnerability Assessments and Penetration Testing

We can assist in implementing a suitable testing program and regime to ensure the effectiveness of security controls.

Download an APRA Prudential Standard CPS 234 Consulting Services Data Sheet >>

Security is an on-going process, and as an IT Security Advisor, I am comfortable with having a peer company like Shearwater to rely upon. If I have an issue or need advice I am confident that Shearwater can provide a pragmatic and cost-effective solution.

ITSA
Federal Government Agency

We chose to engage an Australian company called Shearwater to lead that (IRAP) assessment because of their reputation for rigour and expertise.

James Kavanagh
CTO, Microsoft Australia

Talk to a Compliance Expert

Contact us today to speak to one of Shearwater’s Certified Security Consultants. They have extensive experience in providing guidance for achieving and maintaining accreditation and will be happy to assist you.

Call us on 1300 228 872 or submit the form below