New prudential standard – CPS 234
On 7 March 2018 APRA proposed draft Prudential Standard CPS 234 Information Security (CPS 234) and a discussion paper: ‘Information security management: a new cross industry prudential standard’ for industry consultation.
CPS 234 is the first prudential standard to address information and cyber security. It aims to reinforce the security of Australia’s finance industry by setting minimum standards for financial service institutions to manage information security and guard against cyber-attacks. CPS 234 shows an increased expectation for entities to secure themselves against attacks, and improve their processes to quickly detect and respond to attacks.
Currently, information security risk management is dealt with by APRA under Prudential Practice Guide CPG 234 Management of security risk in information and information technology and broader risk management prudential standards. CPS 234 builds on the same guidance, but is backed with the force of law.
Purpose of CPS 234
Australians entrust valuable data to APRA-regulated entities, and especially financial institutions, who have fast become major targets of cyber criminals looking for…
