Skip to content

Ultimate Governance, Risk &
Compliance  (GRC) Guides

What are the requirements of CPS 234?

 

AI-powered. Integrated content.
Unique Hub & Spoke architecture.

What are the requirements of CPS 234?

The Australian Prudential Regulation Authority (APRA) released its CPS 234, ‘Information Security’, in July 2018. This document provides a framework for organisations to follow to ensure the security of their information systems and the data they contain. The requirements of CPS 234 are divided into three main areas: governance, risk management, and implementation. Under the governance requirements, organisations must establish and maintain an information security governance framework. This framework must include: • A clear organisational structure and chain of responsibility for information security • A set of policies and procedures to ensure the security of information systems and data • Regular reviews of the framework and its effectiveness • A process for responding to security incidents • A process for monitoring and reporting on the security of information systems and data The risk management requirements of CPS 234 focus on the identification, assessment, and management of information security risks. Organisations must identify and assess the risks associated with their information systems and data. They must also develop and maintain a risk management plan that outlines how these risks will be managed. Finally, the implementation requirements of CPS 234 focus on the technical and operational measures organisations must take to protect their information systems and data. These measures include: • Access control measures to ensure only authorised personnel can access information systems and data • Encryption of data to protect it from unauthorised access • Regular patching and updating of software and systems • Regular backups of data to ensure its availability in the event of an incident • Monitoring of systems and data to detect suspicious activity • Regular security testing to identify vulnerabilities CPS 234 is an important document for organisations that handle sensitive data. It provides a framework for organisations to follow to ensure the security of their information systems and the data they contain. By following the requirements of CPS 234, organisations can ensure that their data is secure and their customers’ information is protected. .



6clicks is powered by AI and includes all the content you need.
Our unique 6clicks Hub & Spoke architecture makes it simple to use and deploy.

logo
logo
logo
logo
logo
logo

GET STARTED TODAY