Stay 100% Secure & APRA CPS 234 Compliant, Consistently

We are certified and fully equipped to help your Australian financial firm meet all APRA's requirements at record speed. Stay compliant and secure 24/7, like the 300+ others we serve...

Schedule a Call

Without 100% security and compliance, your business continuity is questionable...

Every 8 minutes, there is a successful cybercrime in Australia. As staggering as this information is to you as a mid-sized financial organisation owner, it is even more daunting for the Australian government.

CPS 234 is a mandatory security regulation issued by the Australian Prudential Regulatory Authority (APRA) that commenced on the 1st of July 2019. It's the government's way of securing resources and businesses.

With this, you are required to improve your information security capabilities commensurate to your firm size and the extent of the threats to your assets.

You need a team you can depend on to keep you in APRA's good books

"We try" is not a strategy.

To assure you of staying compliant (and securing your client's private data) you need a partner who has not only undergone the CPS 234 compliance process internally; but has helped dozens of businesses meet their requirements in record time!

Why choose Greenlight?

  • We were one of the early adaptors of the CPS 234 from APRA
  • With our thorough analysis of your current security status (threats, vulnerabilities and risks), we leave nothing out
  • Beyond compliance, our goal is to ensure your absolute cybersecurity, keeping your private data bullet proof.
  • You can rely on us (literally point a finger at us) if you ever experience any security hitches
    Spoiler: you wouldn't.
man looking his diary

The impact of CPS 234 on your financial organisation

  • It assures your clients that you care about their vital financial information
  • You get more business coming through the door for your financial services firm
  • You maintain credibility with the government, and stay in high demand
  • Very importantly: you keep intruders out and your business running without cyber incidents

Important Update from APRA (2020)

We are also going to take a much more targeted approach to ensure CPS 234 is being fully complied with, and holding boards and management accountable where it is not.

I can announce today that APRA will shortly be requesting one-off tripartite independent cyber security reviews across all our regulated industries.

Starting next year, APRA will be asking boards to engage an external audit firm to conduct a thorough review of their CPS 234 compliance and report back to both APRA and the board.

– Geoff Summerhayes, APRA, 26 November 2020

Visit APRA

With Greenlight, you get zero unpleasant surprises

Apart from the fact that we have undergone the CPS 234 compliance process internally, (and have helped dozens meet their requirements in record time) we operate with a proactive model that keeps us on top of your security status in real time.

  • Greenlight has dedicated in house compliance personnel and resources
  • You need an IT provider that understands your financial institution and is CPS 234 aware
  • We have financial industry experience and expertise (100+ years combined)
  • We are local to you, with offices in Sydney and Melbourne

"Helpful, responsive, professional and dedicated team, with an excellent ticket tracking system, so you always feel looked after and know that somebody is on hand to assist no matter what hour of the day or night it is."

“Helpful, responsive, professional and dedicated team.”

Your questions answered

Why is CPS 234 important?

APRA’s new mandatory regulation is a direct response to the evolving threats of the modern cyber landscape and brings to the forefront the importance of strong cyber security in the information age.

The key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.

From what date is compliance required?

CPS 234 came into effect on July 1st, 2019. At the time, APRA announced a 12 month grace period for regulated entities to become compliant with the standard by July 1st, 2020. For 3rd parties acting as a supplier to regulated entities (such as Managed Service Providers) their compliance grace period has been extended to January 1st, 2021.

What are the penalties for non-compliance?

APRA is yet to determine how they are going to conduct checks nor have they announced any penalties. If we look at it from a historical point of view, we can assume that very soon, an audit process will be determined with the penalty imposed most likely being a monetary or operational fine.

While some large organisations may have funds set aside for this purpose, those organisations are few and far between. The reality is that most mid-sized APRA regulated entities will not be able to recover quickly from imposed fines for non-compliance.

Now that the July 1st, 2020 grace period for organisations has passed, APRA has started increasing its conducting of checks on businesses.

How quickly can I become compliant?

This depends largely on the size and complexity of your organisation and the type and number of 3rd parties involved in the operations of the organisation. The process can also be accelerated if some policies already exist and only need to be updated or modified.

For a mid-sized organisation with little to no existing framework, a 3 month period from analysis to completed implementation is realistic.

Does my IT provider need to be CPS 234 compliant as well?”

Although your IT provider doesn’t have to be CPS ready, it will greatly slow-down the process for your business. There will be additional direct and indirect costs for both you and your IT provider as you jointly go through the compliance process.

How should I start the process?

The first step should be to talk to your current Managed Service Provider to determine whether they are already CPS 234 compliant themselves, are in a position to start the process with you and have the expertise necessary to create and implement the required policies and procedures.

Once both parties are ready, the next steps are:

  1. Conduct a gap analysis
  2. Structure an achievable roadmap to close any found gaps
  3. Design a CPS 234 framework and associated policies
  4. Start communicating the policies
  5. Add in new requirements to the provisioning and de-provisioning of any affected parties
  6. Start implementing the roadmap tasks
Schedule a call to learn more

Your 3 easy steps to maintaining consistent security and compliance

Schedule a call

Have a conversation with our top IT experts, so that we can understand your business processes and goals.

We perform a gap analysis

We discover the loopholes in your security and create an action plan to meet your compliance requirements together.

Implement together

We ensure that your IT Compliance becomes a catalyst for your business success.

Future-proof your financial company today. We are here to help!

We’ll help you tick those compliance boxes and keep your data safe.
Call us at (02) 8412 0000 or ask us a question below.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Trusted by over 300 amazing clients that love what we do


As an ISV forced to deal with a wide range of IT providers one our biggest problems was constantly dealing with incompetent hardware technicians that did not know how to setup a network or restricted it to the extent our software could not operate. All of our clients that use Greenlight’s services encounter none of these issues and if a problem does arise it is always resolved quickly and effectively. As a result, we partnered with Greenlight as our preferred cloud hosting provider in mid-2016 and continue to strengthen our mutually beneficial relationship.


We are both proud and thankful for the 10yr+ relationship aceia has with Greenlight. As a growing small business Greenlight has been there for us every step away. From ensuring we buy the right equipment & software to ongoing help desk support we simply could not have survived without their professional and courteous support. Thanks to David and all his team over the years. Here’s to the next 10yrs of partnering.


We have been a long-time customer of Shexie’s and was recommended to Greenlight’s hosting services when our previous CSP was no longer able to maintain a stable platform nor provide the server resources we required. As we work exclusively from a remote server environment, downtime was having an unsustainable impact on our business several times a week with no apparent solution in sight. A change had to be made and Greenlight engaged with us to correctly plan an amicable migration to a well-resourced and resilient VPS platform that has delivered the performance and reliability as promised since day one. Based on our exceptional experience we have referred many of our clients to seek similar cloud solutions with Greenlight.


Dealing with Greenlight has been the most pleasurable regular service experience I have ever had – 100% every time.