How ShadowLens can help with APRA CPS 234?

CPS 234 commenced 1st July, 2019, subject to the transitional arrangements. ShadowLens can assist your organisation in meeting the CPS 234 standards requirement by assisting in the following areas:
1. Auditing & Uplifting the Information Security Framework Of Your Organisation
2. Implementation of Data Controls, In Motion, In Use & At Rest – in adherence to the CPS 234 standard (APRA)
3. Incident management & Response in relation to data events and data forensic investigations
4. Testing Functional & Non-Functional Control Frameworks specifically relating to CPS234
For further information on regulations and compliance information relating to CPS 234, please see below or Contact ShadowLens now.



CPS 234 aims to ensure APRA regulated entities take measures and maintain information security incident and attacks. The key objective of CPS 234 is to minimize the likelihood and impact of information security incidents affecting CIA (Confidentiality, integrity and Availability) CPS 234 includes the entity’s extended business environment and third parties which manage its information assets. Specific requirements include:

  • Implementation of the controls across the business corresponding with the assets and threat.
  • Aligning clear roles and responsibilities of information security.
  • Testing and ensuring information security controls

APRA regulated institutes will have to adhere and show compliance to the CPS 234 requirements, APRA regulated institutions include:

  • Banks
  • Credit unions
  • Building societies
  • Insurance and reinsurance companies
  • Private health insurers
  • Life insurance
  • Members of the superannuation industry

What are the new CPS 234 Requirements?

1. The Responsibility of the Board:
2. Information Security Capability
3. Information asset identification and classification
4. Implementation of controls
5. Incident management
6. Testing control efficiently