CPS 234

CPS 234

Minimise the likelihood and impact of information security incidents.

This APRA-regulated entity takes measures to be resilient against information security incidents (including cyberattacks) by maintaining an information security strategies and capabilities commensurate with information security vulnerabilities and threats. A key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.

Who does CPS 234 Apply To?

CPS 234 applies to all APRA-regulated entities including:

  • Authorised deposit-taking institutions (ADIs). This includes foreign ADIs, credit unions, banks, and non-operating holding companies authorised under the Banking Act.
  • General insurers, including Category C insurers, non-operating holding companies authorised under the Insurance Act, and parent entities of Level 2 insurance groups.
  • Life companies, including friendly societies, eligible foreign life insurance companies and non-operating holding companies registered under the Life Insurance Act.
  • Private health insurers registered under the PHIPS Act.
  • General insurers.
  • RSE licensees under the SIS Act in respect to their business operations.
  • Superannuation funds.

Please note if you are one of the above entities and utilise third-party services, CPS 234 will also apply to those information systems and assets i.e. Cloud Service provider like AWS or Azure, Private hosting services Provider (SaaS, PaaS, IaaS)


The key requirements are:

  • Information Security Policy, Procedures, and Manuals
  • Information Security controls, and testing effectiveness of controls
  • Internal and External audits
  • Security and Data Breach Incident management
  • APRA notification.

Our Specialist Consultants Are Here To Help

Anitech’s information security consultants can help all organisations with any CPS 234 related matter. To find out more about how it could work with your business to help it achieve its information security goals then please contact our specialist consultants today by filling out this simple online Contact Us form, or by calling them on 1300 802 163 for a short, obligation-free consultation.


We can help you to get your business ISO Certified.

    Leave your details and we will be in touch with you within 24 hours.

    GET IN TOUCHAnitech Social Links
    Taking seamless key performance indicators offline to maximise the long tail.

    Copyright @ 2020. All Rights reserved.