With the deadline for APRA regulated businesses to ensure their compliance with the CPS 234 security standard, the clock is ticking for many organisations. Infotrust Senior Security Consultant, Indra Gunawan, takes a look at the origins of the standard, what it means for APRA regulated entities and the requirements for businesses.
In July last year (2019), as a direct response to the changing cyber landscape, a new prudential standard was implemented for all Australian Prudential Regulatory Authority (APRA) regulated entities. It was introduced as a measure to improve the overall security capability of the entire industry, making businesses more resilient against security incidents. It’s no surprise such a measure was introduced, you only have to read the news to know that security breaches will happen, and businesses need to be prepared. As cybercriminals use increasingly sophisticated tools and techniques, cyber security should do the same, constantly evolving to protect information security.
CPS 234 is a mandatory regulation that requires organisations to significantly raise their information security capabilities in line with the size and extent of the threats to their assets. All APRA regulated businesses must ensure compliance with the security standard by 1 July 2020. The primary objective is to minimise the chance and scale of a security incident on the confidentiality, integrity, or availability of information assets, and that includes assets managed by third parties. The introduction of the regulation highlights yet again the importance of strong cyber security in the digital age.
APRA has recognised that the boards of its regulated entities need to improve their understanding of cyber risk. As such, under the CPS 234 standard, the board of APRA-regulated businesses is responsible for ensuring that the organisation maintains its information security by:
The clock is ticking with 1 July fast approaching; check your compliance to the compulsory regulation and ensure your business is capable of standing up to cyber threats. While protecting your company’s digital assets can seem like a battle, with a prudent and proactive approach, it is one that can be won. Infotrust can help you to navigate your way to compliance by outlining the actions you need to take to build a sound security capability within your organisation.
To find out more about how your business stacks up against the CPS 234 standard, request a complimentary two-hour assessment with us today by clicking here.