New APRA Standard – CPS 234 – July 1, 2019 update

Australian Prudential Regulation Authority (APRA) has released updated prudential guidance to all APRA-regulated entities on managing information security risks, including cyber-crime.

Prudential Practice Guide CPG 234 Information Security replaces CPG 234 Management of Security Risk in Information and Information Technology. The updated guide will assist regulated entities to embed and comply with the requirements of APRA’s new cross-industry prudential standard, CPS 234 Information Security.

The APRA Prudential Standard 234 comes into force July 1st 2019. The guide is aimed at boards and senior management, as well as risk and information technology experts within regulated entities. It outlines how entities can maintain information security capabilities commensurate with the size and complexity of their business and the sensitivity of the data they possess. It also explains how entities can optimise their resilience when aspects of their information security are managed by third parties.