APRA Prudential Standard CPS234 & Guideline CPG235

Are you affected? The Standard Extends to 3rd Party material Providers

The deadline has passed for APRA regulated entities to meet the new requirements for Prudential Standard CPS 234 Information Security (July 1st 2019), however there is still time to act

There are practical ways to understand your readiness and degree of compliance right now. The deadline has passed, however, there is plenty that can be done to ensure you meet the standard by contacting FirmGuard now.

Key Objective

To minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets (including information assets managed by related parties or third parties).

Key Requirements of APRA's CPS234 & CPG235 InfoSec Standard

Roles and responsibilities

Classification of all Info assets

Information security capability


From July 1, 2019, the board will be accountable for information security and cyber incidents.

Information security capability

Classification of all Info assets

Information security capability


Your security capability must be

appropriate for your organisation

and its risks.

Classification of all Info assets

Classification of all Info assets

Classification of all Info assets


All information assets must be classified by criticality and sensitivity including those managed by third parties.

Internal audit

APRA notifications

Classification of all Info assets


Subject matter experts must conduct information security specific assurance.

Controls testing

APRA notifications

APRA notifications


Testing of information security controls must be appropriate, structured, orderly, comprehensive, and conducted by specialists.

APRA notifications

APRA notifications

APRA notifications


You are required to notify APRA of

information security incidents and in

some circumstances, security

control weaknesses.

Steps Toward Compliance with APRA

1. GAP Assessment

2. application for extension to compliance date

3. communication with 3rd party material suppliers affected by cpg235

4. complete compliance against firmguard standard controls framework(TM)

5. Remediation

6. Compliance

7. Ongoing Management and Compliance

8. Periodic and Tailored Reporting to Executive and Board

Download the Fact Sheet on CPS234

FirmGuard CPS234 Fact Sheet (pdf)


Assess your Readiness to Comply Today

If you are interested to learn more about CPS234 or CPG235 and assess your readiness to comply, reach out to us for a no-obligation discussion