Free tool
CPS 230 readiness scorer
APRA's Prudential Standard CPS 230 (Operational Risk Management) has been in force for ADIs and insurers since 1 July 2025 — and commences for RSE licensees on 1 July 2026. This tool scores your program across 10 control areas and prioritises gaps by severity.
Reference tool — not professional advice. CPS 230 is a principles-based standard; your specific obligations depend on entity class + materiality. Always confirm with APRA or an APRA-experienced risk consultant for material decisions.
Related tools
Frequently asked questions
- Who does CPS 230 apply to?
- All APRA-regulated entities: ADIs (banks, credit unions, building societies), general/life/private health insurers, and RSE licensees (super fund trustees), plus authorised NOHCs.
- When did CPS 230 commence?
- 1 July 2025 for ADIs and insurers. RSE licensees (super fund trustees) commence 1 July 2026. APRA's April 2026 targeted amendments provided some transition relief.
- What's the difference between CPS 230 and CPS 234?
- CPS 234 is information security specifically. CPS 230 is the broader operational risk standard — it covers business continuity, critical operations, service-provider management and incident management, of which cyber is one component.
- What are the key deliverables?
- A board-approved operational risk framework, a critical operations register with tolerance levels, a tested business continuity plan, a material service provider register with risk assessments, an incident management process, and a 72-hour APRA notification process.
Have a question about your specific situation?
Ask the Rules Mate AI advisor — attach your own contracts, policies or notices and get answers grounded in the compliance corpus, with citations on every claim. Ask 1 question free, no sign-up.
Ask the AI advisor →Not sure which obligations apply to you?
Run the Compliance Fingerprint — a 2-minute structured assessment that maps your business to every obligation, deadline and regulator that triggers.
Build my Compliance Fingerprint →