There is only 5 months before the APRA Prudential Standard 234 comes into force.
Although the Standard was announced early 2018, many APRA regulated companies are still in the process of making the appropriate adjustments.
The main points of the Standard 234 are;
The Board of an APRA-regulated entity is ultimately responsible for ensuring that the entity maintains its information security.
The key requirements of this Prudential Standard are that an APRA-regulated entity must:
• Clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals;
• Maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity;
• Implement controls to protect its information assets commensurate with the criticality and sensitivity of those information assets, and undertake systematic testing and assurance regarding the effectiveness of those controls; and
• Notify APRA of material information security incidents.
We believe this move is well in the right direction to ensuring the ongoing protection and privacy of clients
Sense of Security has the full range of services and products to assist APRA regulated organisations. For more information visit APRA – CPS 234