Australia APRA Prudential Standard CPS 234

Implement and Monitor Information Security Capabilities

Sections: 15, 17, 18

Organizations can implement various information security policies and capabilities, and can regularly monitor and update them based on changes in the organizations’ data processing activities, adoption of new security protocols, or changes to the types of data categories collected or processed.

Automate Information Asset Identification & Classification

Section: 20

Deliver highly accurate and granular auto-classification of datasets and data labeling using sensitive data intelligence. Enrich Asset identification and classification with classification levels, sensitivity labels, or other organization specific data.

Datasets can be classified based on their purpose and data catalogs can be enriched with security meta tags to help you identify appropriate security controls based on data sensitivity.

Implement Security Controls

Sections: 21, 22

Have effective security measures and protocols in place to protect all data while ensuring access to sensitive data is restricted to authorized personnel only. Establish a centralized security framework to enforce and manage policies around accessing a resource (file, folder, database, table, column etc) for a particular set of users and/or groups.

These security controls can be tailored to meet any specific requirements under information security laws that an organization is subject to.

Automate Incident Management

Sections: 23, 24, 25, 35, 37

Have a robust and effective automated incident response plan in place that kicks into action as soon as any suspected activity is detected across your database. Automation of compliance actions and breach notifications helps your organization meet the regulatory breach notification timeline of 72 hours.

Furthermore, track all remediation activities and impacted users to ensure that detailed audit trails are maintained for documentation and future insights.