Skip to content Skip to footer

Loading Results

Prudential Standard CPS 234 - Information Security

The Australian Prudential Regulation Authority (APRA) has released the final version of its prudential standard focused on information security management.

Intent behind the standard

To build:

1. Resilience to information security incidents.


2. The capability to respond swiftly and effectively to breaches.

Purpose of the standard

To ensure all regulated entities develop & maintain information security capabilities commensurate with the:

1. Importance of data held


2. Significance of the threats faced


What good looks like:

  • An Information Security Strategy aligned to the overall IT strategy

  • An understanding of what your information assets are and where they are located

  • Board accountability for information security risks

  • IT security governance forum/steering committee with representation from major business areas

  • Appropriate security mechanisms applied to critical and sensitive information assets

  • An information security risk management framework aligned to the organisational risk management framework

  • Knowledge of 3rd party relationships and awareness of how they are managing
    your information and the criticality / sensitivity of this information

  • A structured assessment program for information security controls and security incident management

  • A breach response plan

  • Information security user awareness programs

  • Structured roadmaps for implementation/ remediation

How we can help:

  • Gap analysis of existing security practices and operating model against the standard
  • Program management or program assurance of remediation programs
  • Asset identification and categorisation
  • Establish and operate third party security assessment programs
  • Execute independent security control testing
  • Augment existing internal audit capability
  • Develop and execute a user awareness program
  • Operationalisation of revised security practices

Contact us

Peter Malan

Peter Malan

Partner, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 413 745 343

Ryan Ettridge

Ryan Ettridge

Partner, Brisbane, PwC Australia

Tel: +61 417 702 234

Craig Sydney

Craig Sydney

Partner, Sydney, PwC Australia

Tel: +61 400 215 757

Nicola Nicol

Nicola Nicol

Partner, Melbourne, PwC Australia

Tel: +61 436 444 949

Follow PwC Australia