APRA, the Australian Prudential Regulation Authority, has released the final version of its new Prudential Standard CPS 234, which is focused on resilience against information security incidents.
CPS 234 requires APRA-regulated entities to:
- Clearly define information security related roles and responsibilities;
- Maintain an information security capability commensurate with the size and extent of threats to their information assets;
- Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls; and
- Promptly notify APRA of material information security incidents.
To help entities fulfil their requirements, APRA will shortly update Prudential Practice Guide CPG 234 Management of Information and Information Technology.
Read CPS 234 (PDF).