Regulatory AlertsCPS 234 Information Security
The Australian Prudential Regulation Authority issued Prudential Standard CPS 234 to require regulated entities to maintain information security capabilities commensurate with their specific threats and vulnerabilities. The standard mandates that entities implement robust policies, controls, and incident management plans while clearly defining board and management responsibilities for protecting information assets. Additionally, entities are obligated to notify APRA within 72 hours of material information security incidents or within 10 business days of significant control weaknesses.
Share