Every 8 minutes, there is a successful cybercrime in Australia. As staggering as this information is to you as a mid-sized financial organisation owner, it is even more daunting for the Australian government.
CPS 234 is a mandatory security regulation issued by the Australian Prudential Regulatory Authority (APRA) that commenced on the 1st of July 2019. It's the government's way of securing resources and businesses.
With this, you are required to improve your information security capabilities commensurate to your firm size and the extent of the threats to your assets.
"We try" is not a strategy.
To assure you of staying compliant (and securing your client's private data) you need a partner who has not only undergone the CPS 234 compliance process internally; but has helped dozens of businesses meet their requirements in record time!
Why choose Greenlight?
“We are also going to take a much more targeted approach to ensure CPS 234 is being fully complied with, and holding boards and management accountable where it is not.
I can announce today that APRA will shortly be requesting one-off tripartite independent cyber security reviews across all our regulated industries.
Starting next year, APRA will be asking boards to engage an external audit firm to conduct a thorough review of their CPS 234 compliance and report back to both APRA and the board.”
– Geoff Summerhayes, APRA, 26 November 2020
Apart from the fact that we have undergone the CPS 234 compliance process internally, (and have helped dozens meet their requirements in record time) we operate with a proactive model that keeps us on top of your security status in real time.
"Helpful, responsive, professional and dedicated team, with an excellent ticket tracking system, so you always feel looked after and know that somebody is on hand to assist no matter what hour of the day or night it is."
APRA’s new mandatory regulation is a direct response to the evolving threats of the modern cyber landscape and brings to the forefront the importance of strong cyber security in the information age.
The key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.
CPS 234 came into effect on July 1st, 2019. At the time, APRA announced a 12 month grace period for regulated entities to become compliant with the standard by July 1st, 2020. For 3rd parties acting as a supplier to regulated entities (such as Managed Service Providers) their compliance grace period has been extended to January 1st, 2021.
APRA is yet to determine how they are going to conduct checks nor have they announced any penalties. If we look at it from a historical point of view, we can assume that very soon, an audit process will be determined with the penalty imposed most likely being a monetary or operational fine.
While some large organisations may have funds set aside for this purpose, those organisations are few and far between. The reality is that most mid-sized APRA regulated entities will not be able to recover quickly from imposed fines for non-compliance.
Now that the July 1st, 2020 grace period for organisations has passed, APRA has started increasing its conducting of checks on businesses.
This depends largely on the size and complexity of your organisation and the type and number of 3rd parties involved in the operations of the organisation. The process can also be accelerated if some policies already exist and only need to be updated or modified.
For a mid-sized organisation with little to no existing framework, a 3 month period from analysis to completed implementation is realistic.
Although your IT provider doesn’t have to be CPS ready, it will greatly slow-down the process for your business. There will be additional direct and indirect costs for both you and your IT provider as you jointly go through the compliance process.
The first step should be to talk to your current Managed Service Provider to determine whether they are already CPS 234 compliant themselves, are in a position to start the process with you and have the expertise necessary to create and implement the required policies and procedures.
Once both parties are ready, the next steps are:
Have a conversation with our top IT experts, so that we can understand your business processes and goals.
We discover the loopholes in your security and create an action plan to meet your compliance requirements together.
We ensure that your IT Compliance becomes a catalyst for your business success.