The deadline has passed for APRA regulated entities to meet the new requirements for Prudential Standard CPS 234 Information Security (July 1st 2019), however there have been significant changes in the past 12 months and it is critical that you understand your ongoing obligations to comply with the regulators requirements at all times.
There are practical ways to understand your readiness and degree of compliance right now. The deadline has passed, however, there is plenty that can be done to ensure you continually meet the standard by contacting FirmGuard now.
To minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets (including information assets managed by related parties or third parties).
From July 1, 2019, the board will be accountable for information security and cyber incidents.
Your security capability must be
appropriate for your organisation
and its risks.
All information assets must be classified by criticality and sensitivity including those managed by third parties.
Subject matter experts must conduct information security specific assurance.
Testing of information security controls must be appropriate, structured, orderly, comprehensive, and conducted by specialists.
You are required to notify APRA of
information security incidents and in
some circumstances, security