Securiti Ranked #1 DSPM Vendor by GigaOm

View

Australia APRA Prudential Standard CPS 234

Operationalize compliance with the most comprehensive PrivacyOps platform

Last Updated on novembro 14, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

Veja uma demonstração
Schedule your demo today

Per a Cisco report in 2018, Australian businesses receive nearly 5,000 cyber threats daily. These businesses include supermarkets, banks, social media sites, and online shopping sites. Naturally, these sites collect and maintain data on millions of their users, further exasperating the threats cyberattacks pose to businesses in Australia.

With that in mind, the Australian Prudential Regulation Authority (APRA) issued a new prudential standard, known as the Prudential Standard CPS 234 Information Security (Prudential Standard CPS 234), to ensure organizations develop a more robust and resilient information security infrastructure to deal with cybersecurity threats. This standard applies to all ‘APRA-regulated entities’ as defined under Section 2 of the Prudential Standard CPS 234.

The Prudential Standard CPS 234 encourages organizations to take necessary measures to protect the data they hold proportionate to the sensitivity of the data. All APRA-regulated entities were expected to comply with the Prudential Standard CPS 234 by 1st July 2019.


The Solution

Securiti offers organizations access to features such as PI data discovery, data categorization, documented accountability, security controls, and AI-process automation, among others. These can aid an organization’s APRA Prudential Standard CPS 234 compliance efforts significantly.

Thanks to its state-of-the-art artificial intelligence and machine learning-based algorithms, Securiti has become a market leader in providing data governance and compliance solutions.

Request a demo today and learn more about how Securiti can help your organization’s compliance efforts.

APRA-compliance-Solution-securiti

With its state-of-the-art artificial intelligence and machine-learning-based tools, Securiti is a market leader in providing data governance and compliance solutions.

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.


 

Implement and Monitor Information Security Capabilities

Sections: 15, 17, 18

Organizations can implement various information security policies and capabilities, and can regularly monitor and update them based on changes in the organizations’ data processing activities, adoption of new security protocols, or changes to the types of data categories collected or processed.

APRA-Data-Risk-Explorer-securiti
APRA-Asset-Classification-securiti

Automate Information Asset Identification & Classification

Section: 20

Deliver highly accurate and granular auto-classification of datasets and data labeling using sensitive data intelligence. Enrich Asset identification and classification with classification levels, sensitivity labels, or other organization specific data.

Datasets can be classified based on their purpose and data catalogs can be enriched with security meta tags to help you identify appropriate security controls based on data sensitivity.

Implement Security Controls

Sections: 21, 22

Have effective security measures and protocols in place to protect all data while ensuring access to sensitive data is restricted to authorized personnel only. Establish a centralized security framework to enforce and manage policies around accessing a resource (file, folder, database, table, column etc) for a particular set of users and/or groups.

These security controls can be tailored to meet any specific requirements under information security laws that an organization is subject to.

APRA-Policy-Alerts-Display-securiti
APRA-Privacy-Assessment-Automation-securiti

Automate Assessments & Internal Audits

Section: 32, 33, 34

Organizations can automate security and privacy controls, initiate assessments and internal audits to discover gaps in security controls, and determine the overall security posture of datasets.

This helps organizations in choosing appropriate mitigation measures and security controls depending on the nature of data to be protected and its sensitivity.

Automate Incident Management

Sections: 23, 24, 25, 35, 37

Have a robust and effective automated incident response plan in place that kicks into action as soon as any suspected activity is detected across your database. Automation of compliance actions and breach notifications helps your organization meet the regulatory breach notification timeline of 72 hours.

Furthermore, track all remediation activities and impacted users to ensure that detailed audit trails are maintained for documentation and future insights.

APRA-Incident-Management-securiti
APRA-Vendor-Compliance-securiti

Assess Vendor Controls Compliance Obligations

Section: 16, 22, 28

Evaluate your vendors’ and third parties’ information security practices to ensure they are fully compliant with the necessary obligations provided under Prudential Standard CPS 234.

A single repository for the documentation of all third-party and vendor responses ensures all correspondence is maintained adequately with full automation of any follow-ups.

Facts About APRA Prudential Standard CPS 234 Information Security

Here are some Facts About APRA Prudential Standard CPS 234 Information Security

1

An APRA-regulated entity must clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies, and individuals.

2

All APRA-regulated entities must maintain an information security framework and policy framework that is capable of handling the size and extent of threats to their information assets.

3

In case of an information security incident, an APRA-regulated entity must inform the APRA within 72 hours of becoming aware of such an incident.

4

An APRA-regulated entity must inform the APRA within ten days if it becomes aware of a vulnerability within its material information security framework that it cannot remedy promptly.

5

An APRA-regulated entity must test the effectiveness of its information security controls through a systematic testing program.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New