We are certified and fully equipped to help your Australian financial firm meet all APRA's requirements at record speed. Stay compliant and secure 24/7, like the 300+ others we serve...
Every 8 minutes, there is a successful cybercrime in Australia. As staggering as this information is to you as a mid-sized financial organisation owner, it is even more daunting for the Australian government.
CPS 234 is a mandatory security regulation issued by the Australian Prudential Regulatory Authority (APRA) that commenced on the 1st of July 2019. It's the government's way of securing resources and businesses.
With this, you are required to improve your information security capabilities commensurate to your firm size and the extent of the threats to your assets.
"We try" is not a strategy.
To assure you of staying compliant (and securing your client's private data) you need a partner who has not only undergone the CPS 234 compliance process internally; but has helped dozens of businesses meet their requirements in record time!
Why choose Greenlight?
“We are also going to take a much more targeted approach to ensure CPS 234 is being fully complied with, and holding boards and management accountable where it is not.
I can announce today that APRA will shortly be requesting one-off tripartite independent cyber security reviews across all our regulated industries.
Starting next year, APRA will be asking boards to engage an external audit firm to conduct a thorough review of their CPS 234 compliance and report back to both APRA and the board.”
– Geoff Summerhayes, APRA, 26 November 2020
Apart from the fact that we have undergone the CPS 234 compliance process internally, (and have helped dozens meet their requirements in record time) we operate with a proactive model that keeps us on top of your security status in real time.
"Helpful, responsive, professional and dedicated team, with an excellent ticket tracking system, so you always feel looked after and know that somebody is on hand to assist no matter what hour of the day or night it is."
APRA’s new mandatory regulation is a direct response to the evolving threats of the modern cyber landscape and brings to the forefront the importance of strong cyber security in the information age.
The key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.
CPS 234 came into effect on July 1st, 2019. At the time, APRA announced a 12 month grace period for regulated entities to become compliant with the standard by July 1st, 2020. For 3rd parties acting as a supplier to regulated entities (such as Managed Service Providers) their compliance grace period has been extended to January 1st, 2021.
APRA is yet to determine how they are going to conduct checks nor have they announced any penalties. If we look at it from a historical point of view, we can assume that very soon, an audit process will be determined with the penalty imposed most likely being a monetary or operational fine.
While some large organisations may have funds set aside for this purpose, those organisations are few and far between. The reality is that most mid-sized APRA regulated entities will not be able to recover quickly from imposed fines for non-compliance.
Now that the July 1st, 2020 grace period for organisations has passed, APRA has started increasing its conducting of checks on businesses.
This depends largely on the size and complexity of your organisation and the type and number of 3rd parties involved in the operations of the organisation. The process can also be accelerated if some policies already exist and only need to be updated or modified.
For a mid-sized organisation with little to no existing framework, a 3 month period from analysis to completed implementation is realistic.
Although your IT provider doesn’t have to be CPS ready, it will greatly slow-down the process for your business. There will be additional direct and indirect costs for both you and your IT provider as you jointly go through the compliance process.
The first step should be to talk to your current Managed Service Provider to determine whether they are already CPS 234 compliant themselves, are in a position to start the process with you and have the expertise necessary to create and implement the required policies and procedures.
Once both parties are ready, the next steps are:
Have a conversation with our top IT experts, so that we can understand your business processes and goals.
We discover the loopholes in your security and create an action plan to meet your compliance requirements together.
We ensure that your IT Compliance becomes a catalyst for your business success.
As an ISV forced to deal with a wide range of IT providers one our biggest problems was constantly dealing with incompetent hardware technicians that did not know how to setup a network or restricted it to the extent our software could not operate. All of our clients that use Greenlight’s services encounter none of these issues and if a problem does arise it is always resolved quickly and effectively. As a result, we partnered with Greenlight as our preferred cloud hosting provider in mid-2016 and continue to strengthen our mutually beneficial relationship.
We are both proud and thankful for the 10yr+ relationship aceia has with Greenlight. As a growing small business Greenlight has been there for us every step away. From ensuring we buy the right equipment & software to ongoing help desk support we simply could not have survived without their professional and courteous support. Thanks to David and all his team over the years. Here’s to the next 10yrs of partnering.
We have been a long-time customer of Shexie’s and was recommended to Greenlight’s hosting services when our previous CSP was no longer able to maintain a stable platform nor provide the server resources we required. As we work exclusively from a remote server environment, downtime was having an unsustainable impact on our business several times a week with no apparent solution in sight. A change had to be made and Greenlight engaged with us to correctly plan an amicable migration to a well-resourced and resilient VPS platform that has delivered the performance and reliability as promised since day one. Based on our exceptional experience we have referred many of our clients to seek similar cloud solutions with Greenlight.
Dealing with Greenlight has been the most pleasurable regular service experience I have ever had – 100% every time.