🇦🇺 Live Insurance

APRA CPS 234 Information Security

Requires APRA-regulated entities to maintain information security capabilities commensurate with the threats to their information assets. Applies to Australian banks, insurers, and superannuation trustees.

View official source document

13

Rules extracted

83

Obligations decomposed

6.4x

Avg obligations per rule

🇦🇺 Australia

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

13

Rules

Decomposed

83

Obligations

6.4x

Decomposition ratio

Each rule is decomposed into an average of 6.4 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 83 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in CPS 234 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
APRA CPS 234 Information Security
Regulatory body
Australian Prudential Regulation Authority
Jurisdiction
🇦🇺 Australia
Document type
prudential-standard
Effective date
July 1, 2019
Issuing authority
Australian Prudential Regulation Authority (APRA)
Industry
Insurance
Official source
View source document ↗

Who this applies to

ADIsgeneral insurerslife companiesprivate health insurersRSE licensees

Key requirements

  • board responsibility
  • information security capability
  • policy framework
  • asset classification
  • controls
  • incident management
  • testing
  • internal audit
  • APRA notification

Frequently asked questions about CPS 234

What is CPS 234?
Requires APRA-regulated entities to maintain information security capabilities commensurate with the threats to their information assets. Applies to Australian banks, insurers, and superannuation trustees.

Who does CPS 234 apply to?
CPS 234 applies to ADIs, general insurers, life companies, private health insurers, RSE licensees.

How many obligations does CPS 234 contain?
AuditDSS has decomposed CPS 234 into 83 atomic obligations from 13 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of CPS 234?
The key requirements include: board responsibility, information security capability, policy framework, asset classification, controls, incident management, testing, internal audit, APRA notification.

How can I assess my CPS 234 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 83 CPS 234 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces CPS 234?
CPS 234 is enforced in Australia by Australian Prudential Regulation Authority.

When did CPS 234 come into effect?
CPS 234 became effective on July 1, 2019.

What industry does CPS 234 apply to?
CPS 234 is primarily relevant to the Insurance industry. AuditDSS covers 98 regulations in this industry sector.

Build a CPS 234 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for CPS 234 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering CPS 234 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine CPS 234 with other regulations into a single unified compliance pack for your business.

Build CPS 234 compliance pack

Already have a policy? Assess it against CPS 234

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 83 obligations

Your document is scored against every obligation in CPS 234. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Insurance

🇦🇺 Live

CPS 230

14 rules, 58 obligations
🇦🇺 Live

GPS 116

10 rules, 67 obligations
🇦🇺 Live

LPS 110

10 rules, 71 obligations
🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

ASIC Regulatory Guide 271 — Internal Dispute Resolution

10 rules, 150 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Insurance Contracts Act 1984

18 rules, 120 obligations

Assess your CPS 234 compliance

Upload your document and get a risk-scored gap analysis against 83 CPS 234 obligations in under 5 minutes.

Start assessment Browse all regulations