By Jacqueline Ung, Managing Consultant
Privasec adopts a pragmatic approach when assessing an organisation’s compliance against the Australian Prudential Regulation (APRA) CPS 234, utilising our industry knowledge and experience with this regulatory standard. APRA recognised the threat in the digital environment and implemented the new APRA CPS 234 to ensure that APRA-regulated entities had sufficient information security protections.
At the conclusion of the assessment, Privasec will provide a set of recommendations on how to address any identified gaps against APRA CPS 234. A commentary on the current status of compliance, and any improvement opportunities to uplift and strengthen existing controls further will also be provided.
The key steps to achieving the above include, but not limited to:
- Gathering and assessing information available
- Reviewing existing documentation
- Conducting interviews and workshops with relevant stakeholders
- Consolidating our findings
- Delivering the assessment report
- Presenting findings to management (if required)
Depending on the size and maturity of the organisation, and the number of controls present in the environment, this will determine the total effort required to complete the assessment. Typically, in a smaller organisation setting, this could take up to two weeks; for larger and more complex organisations, it could take four or more weeks to complete the assessment.