Skip to content

APRAcadabra! APRA CPS 234 compliance tips for business

Andrew Robinson Jan 13, 2020
APRAcadabra! APRA CPS 234 Compliance Tips for Business

APRA-cadabra! APRA CPS 234 Compliance Tips for Your Business

If you are regulated by APRA, then this is for you. 

Now that you have started ensuring that newly contracted third parties handle your information appropriately (right?), our friends at APRA have given you until July 1 this year to demonstrate compliance with CPS 234 for existing contracts.  

That’s… just over 5 months away. Time to get busy! 

Although on the surface, APRA CPS 234 appears quite straightforward, there are many challenges below the surface.  

The first challenge is to identify where your customer’s sensitive information is stored or processed, exactly how sensitive it is and who handles it – including any access by third parties. 

Other challenges sit in identifying the actual roles and responsibilities for information security, including implementation of controls, testing control effectiveness and performing audit activities. 

However, your greatest challenge is completing any necessary rework across multiple third parties within the time frame given for compliance. 

Working backwards from the 1 July 2020 deadline, you will need to: 

1. Ensure you allow adequate time to report on the overall ‘status of compliance’ to the Board (and to APRA if there are any detected incidents or material weaknesses) 

2. Perform an internal audit against the APRA CPS 234 requirements (possibly with expert option). 

3. Conduct independent testing of controls. 

That doesn’t leave much time! 

Heads up.

APRA CPS 234 is closely aligned with ISO/IEC 27001. Meaning, it’s your achievable and comparative benchmark for information security! 

It is not overly prescriptive, so depending on the size and nature of your business, it must be interpreted in proportion to the risk presented to you. 

It is only a foundation and APRA is expected to look closely at the detail of risk assessments, security policies, test/audit results and reporting. 

Who you gonna call?

We’re here to help. The combined assessment and management system functionality will help you continually improve over time. 

With 6clicksyou can quickly and easily perform an internal assessment of compliance against ARPA CPS 234 or assessments against any number of third parties.  

Assessment can be conducted by your own organisation or by working collaboratively with any number of Service Providers (consultancies) that now choose 6clicks when performing assessments for you. 

Use of a Service Provider can help bring independence, expert opinion and credibility to your assessment of compliance. 

Our platform can also help you: 

– Implement the requirements of APRA CPS 234 on behalf of regulated entities 

– Map APRA CPS 234 requirements to internal controls and policies  

– Record your information assets and classifications. 

– Provide risks and treatment plans. 

– Report progress of control implementation, security incidents and issues (including internal audit findings and feedback from the board!). 

Grab a free trial account by clicking below. We’re here to sort this out for you. 

Leave a Comment

Register for webinars, watch replays and download our ebooks

eBooks & Guides


Our blog and 6clicks TV

Latest articles and interviews with our partners and thought leaders


Our blog

6clicks TV

Top analysts and customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


"We chose 6clicks not only for our clients, but also our internal use”

Partner | Big 4

"With 6clicks we can simply close deals much faster"

CEO | Startup

6clicks Reviews

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen | GRC 20/20 Research LLC


Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Enterprise Risk Management

Powered by artificial

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

What's the best GRC software?

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

Best software for ISO 27001 compliance

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?