HomeArrow 01Compliance & PrivacyArrow 01
APRA CPS 230 and 234

APRA CPS 230 and 234

A lock on a purple background

Strengthening operational resilience

APRA’s CPS 230 regulation ensures financial institutions maintain operational resilience and robust risk management frameworks.

  • Implement resilience strategies to minimise service disruptions.
  • Conduct regular risk assessments to strengthen business continuity.

Cybersecurity and information security under CPS 234

CPS 234 mandates financial institutions to enhance their cybersecurity posture and protect sensitive data.

  • Develop an information security policy aligned with regulatory requirements.
  • Implement multi-layered security controls to mitigate cyber risks.
  • Regularly test cybersecurity defenses to ensure resilience.
Man doing paper work
Dice that spell out risk

Third-party risk management

Organisations must ensure that third-party providers comply with APRA regulations to mitigate supply chain risks.

  • Assess vendor security controls and compliance with CPS 230/234.
  • Establish contractual obligations for cybersecurity risk management.
  • Continuously monitor third-party security performance.

Compliance audits and regulatory reporting

Ongoing compliance with APRA regulations requires continuous monitoring and reporting.

  • Conduct regular security audits to ensure regulatory adherence.
  • Maintain detailed compliance documentation for APRA assessments.
  • Establish a reporting framework for cybersecurity incidents.
A laaptop with a reporting screen open
Need Immediate Help?

Stay ahead of cyber threats

Let's discuss your cybersecurity needs

Get in touch

APRA CPS 230 and 234 blog

View all blog

Cybersecurity Budget Blowouts, Causes and Recommendations

April 14, 2025
April 14, 2025

ASIC’s Legal Action Against FIIG Securities: A Wake-Up Call for Australian Businesses

March 17, 2025

Building an Effective Cybersecurity Governance by creating a clear IT Risk Register

March 17, 2025