Rules Mate

CPS 234

Information Security

APRA-regulated entities must maintain info security capability + report breaches within 72 hours.

In plain English

This guidance outlines information security expectations for APRA-regulated entities and breach reporting requirements.

CPS 234 applies to Authorised Deposit-taking Institutions, ADIs, and other APRA-regulated entities. It details maintaining an information security capability. Entities must report information security incidents within 72 hours. This guidance was released in July 2019 and remains current.

Why it matters

Protecting customer data is vital. This guidance helps businesses manage cyber risks and comply with APRA’s expectations. It’s important for maintaining trust and avoiding potential issues.

afslprudentialgovernancebreach-reportingbankinginsurancesuperprivacy

AI-assisted summary, grounded in the source link below. Generated 2026-05-23 via gemma3:12b.

Issuing regulator

APRA

Topics


Source: https://www.apra.gov.au/sites/default/files/cps_234_july_2019_for_public_release.pdf. Rules Mate indexes + summarises; always verify against the regulator's live publication.