APRA CPS 234: 7-Day Assessment

APRA standard CPS 234 requires Australian Prudential Regulation Authority (APRA) regulated entities to take measures to be resilient against information security incidents (including cyberattacks) and maintain an information security capability commensurate with information security vulnerabilities and threats. If you are an APRA regulated entity you must comply with CPS 234.

At Quorum Systems, we specialize in helping your APRA-Regulated business meet the information security requirements set out by the Australian Prudential Regulation Authority APRA. Our experts will help your organization deploy and configure Microsoft Purview to comply with APRA CPS 234. Our approach will leverage our experience and best practices for the Discovery, Governance, and Protection of data assets as required by CPS 234.

The 7-day assessment with a Quorum engineer will provide an evaluation of your environment to determine the applicability of a solution and to estimate the cost and timeline of implementation. As part of the assessment, our consultant will address elements such as: • Do you have clearly defined information security-related roles and responsibilities, including Board, senior management, governing bodies and individuals? • Do you maintain an information security capability commensurate with the extent of threats to your information assets? • Have you implemented controls to protect information assets commensurate with the criticality and sensitivity of those information assets? • Do you undertake systematic assurance regarding the effectiveness of those controls? • Do you have the ability to respond to information security incidents?

Agenda/Process:

1. Identify and define scope for CPS234 security assessment
2. Review existing security documentation
3. Interview key stakeholders
4. Review prior risk assessments to assess progress towards implementation of management actions
5. Gather security assessments data using automated tools.
6. Identify key dependencies.
7. Construct house view of current security posture, with potential compliance gaps identified.
8. Synthesise data into report of prioritised findings, recommendations and industry standard guidance.

Collaborating with Quorum on this assessment can help you extend your use of Microsoft 365 by demonstrating to stakeholders, such as customers, suppliers and regulators, that your environment has implemented appropriate security measures to protect information systems and data. By demonstrating compliance with the standard, you can build trust in the security and privacy of their data stored in Microsoft 365. Furthermore, being compliant with the standard can also help your organisation identify potential security risks and gaps in information security controls, with opportunity to implement remediation measures and strengthen their overall security posture. Overall, assessing against APRA CPS 234 can provide a competitive advantage for your organisation and help optimise your use of Microsoft 365 with confidence.

At the completion of the assessment, you can expect to receive a report that provides insights into a future roadmap, with prioritised findings and remediation recommendations that align with industry best practice.