APRA CPS 234 Information Security - KPMG Australia
close
Share with your friends

APRA CPS 234 Information Security

APRA CPS 234 Information Security

KPMG can help you achieve 1 July 2019 compliance with APRA Prudential Standard CPS 234.

1000

Also on home.kpmg

Illustration of a secure laptop underneath a red umbrella

APRA has released the final version of its prudential standard focused on information security management (CPS 234).

CPS 234 is intended to shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. Compliance is not an IT problem and requires a rapid, whole of organisation response. The board, senior management, audit, and operational functions are all directly impacted by this standard.

This Prudential Standard commences on 1 July 2019.

Key requirements of CPS 234

  • Roles and Responsibilities: From July 1, 2019, the board will be accountable for information security and cyber incidents.
  • Information Security Capability: Your security capability must be appropriate for your organisation and its risks.
  • Classification of All information Assets: All information assets must be classified by criticality and sensitivity including those managed by third parties.
  • Internal Audit: Subject matter experts must conduct information security specific assurance.
  • Controls Testing: Testing of information security controls must be appropriate, structured, orderly, comprehensive, and conducted by specialists.
  • APRA Notifications: You are required to notify APRA of information security incidents and, in some circumstances, security control weaknesses.

How can we help?

KPMG has the expertise and resources to help you prepare for CPS 234. Talk to us today about:

  • CPS 234 Gap Assessment – conduct a rapid assessment to see if you are on track for July 1.
  • Governance Framework Preparation – uplift your security governance in line with CPS 234.
  • Cyber Security Internal Audit – provide expert audit resources to support your team.
  • Third Party Controls Framework – implement appropriate controls over information assets managed by third parties.
  • Information Asset Classification – provide frameworks and expert staff to deliver this substantial requirement.
  • Incident Management – conduct a security incident simulation to test notification procedures and educate senior staff.

 

For further information on how we might assist you, please contact us at CPS234@kpmg.com.au

Connect with us

 

Want to do business with KPMG?

 

Request for proposal