What is APRA 234

APRA CPS 234 is a standard for information security management designed to help APRA regulated entities increase their overall resilience towards information security incidents that can affect the confidentiality, integrity or availability of information assets.

What kind of organisations does the APRA CPS 234 apply to?

CPS 234 applies to all APRA-regulated entities. These include:

  • Banks, credit unions and other authorised deposit taking institutions (ADIs)
  • Superannuation funds
  • Life insurance companies
  • Friendly societies
  • General insurers
  • Non-operating holding companies
  • Private health insurers.

It is important to note that from July 1, 2020 onwards all third parties that handle information assets from the above listed organisations will also have to comply with CPS 234. 

CPS 234 also applies to certain foreign entities. These include:

  • Foreign ADIs
  • Foreign General Insurers 
  • Foreign life insurance companies

How We Do It

The StickmanCyber team can review your current cybersecurity framework against the requirements of APRA 234, identify and compliance issues and provide recommendations for remediation. We follow a standard 5-step methodology to define compliance goals, plan and execute the steps required, share relevant reports with the right stakeholders, and continuously monitor the scene to ensure compliance.

Cyber Security By Design Workshop


Arm yourself with up-to-date information and insights into building a successful cybersecurity strategy, with blogs and webinars from the StickmanCyber team, and industry experts.

Ready to Improve and Enhance Your Cybersecurity Posture?

Know your exact challenge and want a solution partner? Just starting out on the cybersecurity journey? The StickmanCyber team can help.