Financial institutions will be expected to exhaustively evaluate the information-security practices of strategic partners and service providers from July 1, as new CPS234 regulations take effect in a process that will light a fire under industry compliance efforts – and threaten banks with fines if they don’t stop cyberattacks.
With just days to go until the deadline, the Australian Prudential Regulatory Agency (APRA) this week responded to submissions around the Prudential Standard CPS 234 Information Security (CPS234).
“APRA expects that a regulated entity will assess the information security capability of all third parties that manage information assets on its behalf,” the regulator advised, “commensurate with the potential consequences of an information security incident affecting those assets.”
Register or Login to continue
This article is only available for subscribers. Sign up now for free and get free access to premium content from ARN, CIO, CSO, CMO, Computerworld, and PC World.