CPS 234:2019
APRA CPS 234:2019 Information Security Prudential Standard
CPS 234:2019 is a regulatory standard issued by the Australian Prudential Authority (APRA). The management of cybersecurity is a global risk, and the Australian Prudential Authority has set out requirements to fulfil the associated cyber requirements. The key focus is on the management of third-party IT vendors and applications to ensure they are secure and managed well. The governance framework is aligned to Control Based IT Frameworks such as COBIT and ISO 27001:2013, where the scope predominantly focuses on the IT department.
What is CPS 234:2019?
The CPS 234:2019 information security controls are:
- The Vulnerabilities and threats controls
- Lifecycle management controls
- Physical and environmental controls
- Change management controls
- Software security controls
- Data leakage controls
- Cryptographic controls
- Technology controls
- Third-party and related parties controls
- Minimising consequences of information security incidents
Why does an organisation need CPS 234:2019?
The following institutions must adhere to the Prudential Standard CPS 234:2019
- Banks;
- Credit unions;
- Building societies;
- Insurance and reinsurance companies;
- Private health insurers; and
- Life insurers.
This Prudential Standard also applies to all institutions defined as:
- Authorised deposit-taking institutions;
- Foreign Authorised deposit-taking institutions; and
- Non-operating holding companies authorised under the Banking Act.
Organisations or Institutions that are exposed to the following threats should implement this standard:
- Payments and card fraud;
- Geo-positional hacking;
- Attacks on financial data;
- Mobile OS/App vulnerabilities;
- Supply chain attacks; and
- Attacks on critical infrastructure.
Organisations/Institutions should work to understand what their needs are by conducting a Diagnostic gap analysis and identifying potential gaps and weaknesses in their current processes that may expose their data properties to malicious parties. This will help them ensure that they have measures in place to maintain the integrity and security of sensitive client data.
Once gaps have been identified, risk-based plan must be developed and delivered to address these gaps. The organisation’s cyber risk profile is required to be monitored continuously.
What are the Benefits of Implementing CPS 234:2019?
CPS 234:2019 offers an extensive approach to processes such as cybersecurity testing, reporting structures, and response plans.
The Prudential Standard CPS 234:2019 builds a good foundation for these controls and measures. It also creates a cyber security-specific framework for the financial service industry.
How do I implement CPS 234:2019 in an organisation?
ISO Consulting & Implementation:
We have a range of professional consultants, engineers, and registered auditors to assist in implementing and maintaining any ISO management system. Our industry expertise includes services, telecommunication, manufacturing, construction, engineering services, fast-moving consumer goods, mining, power generation, state owned companies, and government-run organisations. A good consultant takes the time to truly understand the processes of your company.
Therefore, they can approach the implementation of ISO requirements accordingly. The cost of hiring a consultant and the time spent to implement your ISO management system will definitely pay off in the long run.
WWISE has a 4-Phase Approach:
- Phase 1: Gap Analysis Audit and Information Gathering
- Phase 2: ISO Documentation, Risk Assessment, and Process Mapping
- Phase 3: Implementation and Coaching
- Phase 4: Certification
WWISE provides a turnkey solution which includes templates, 1-on-1 coaching, on-the-job training, and mentorship. As a consulting firm, we do not provide certification services. However, we will guide you through the certification process and ensure that your business becomes certified.
Why Choose WWISE to Assist your Organisation:
Certification Process:
An organisation can get certified to a requirement standard. You can implement the standard and get certified by a third party.