CPS 231/234

Cyberspace has no borders, so Australia is also affected by the rapidly changing environment. Organisations need to be able to respond flexibly to existing threats and new vulnerabilities to defend against increasingly sophisticated methods of attackers. The Australian Government has therefore responded and developed the CPS 231 and CPS 234 standards.  

What is CPS? 

CPS is an Australian standard designed and implemented by the Australian Prudential Regulation Authority (APRA). The purpose of CPS is to ensure that regulated entities have sufficient information security protections implemented. Regulated entities include, in particular, the banking and insurance sectors. These requirements only apply to Australian branches.

Why do we need a CPS?

From 1 July 2020, third parties who handle regulated entities' information assets are required to comply with the CPS standard. The CPS is used to understand the sensitivity and criticality of information assets, incident management and establish security policies, among other things. By complying with the CPS, your organization will be able to objectively measure improvements in its cybersecurity posture.

BDO's approach

BDO provides companies with the ability to ensure compliance with Australian CPS standards either from the outset or to lose or consult on existing established practices. We will first review your documentation in detail and then commence verification work. Our output is a comprehensive CPS report that includes compliance sections according to the CPS standards. If you do not have the necessary documentation to verify the CPS standard, we can provide consultancy to create it in the pre-assessment phase.

Main contacts