APRA CPS 234 Compliance

From July 1st 2019, APRA standard CPS 234 requires APRA regulated entities to take measures to be resilient against information security incidents (including cyberattacks) and maintain an information security capability commensurate with information security vulnerabilities and threats. CPS 234 establishes expected controls and measures for information security and information assets and places responsibility for implementation and continued sound operation on the Board of each APRA-regulated entity.

What is the Microsoft CPS 234 Assessment?

The Cloud Collective ‘Microsoft CPS 234 Assessment’ is a Review performed in accordance with the APRA CPS234 standard and industry best practices. It includes recommendations to improve your organisation’s compliance status, security and privacy posture and to address security and privacy issues that are discovered as part of this review.

What do you get?

  • Documented CPS234 Security Assessment Work Plan, with steps, tools and procedures used to conduct the assessment.
  • Management Report containing current security and compliance posture, potential security gaps, prioritised findings, as well as recommendations and industry standard guidance.

Why do you need the Microsoft CPS 234 Assessment?

If you are an APRA regulated entity you must comply with CPS 234. This offering enables your organisation to confidently understand your compliance status, identify potential gaps and provides recommendations to remediate them through the power of Microsoft 365.

How we do it?

The Microsoft CPS234 Assessment is prepared by senior consultants with a deep understanding of security and privacy regulations, cloud and on-premises security technologies, and the newest Microsoft technologies.

Key Activities

  • An evaluation of your organisations structural and procedural compliance to the requirements of CPS234 including:
    • The definition of appropriate information security roles and responsibilities.
    • The availability and implementation of an appropriate information security policy framework.
  • An assessment of your organisations information security capability, and implemented controls.
  • An evaluation of your organisations ability to manage and respond to risk including:
    • Incident management.
    • Risk management including Testing and Audit.
    • Notifications to regulatory bodies such as APRA, or the OAIC.
    • Ability to influence and manage 3rd party regulatory compliance.
  • Evaluation of level and nature of risk for your organisation, and recommendations for remediation, compliance and best practice.

If you’re interested in our APRA CPS 234 Assessment, and want to see how the Cloud Collective can help your organisation, please get in touch using the form.