APRA
Secure Sensitive Data and Maintain Robust Cybersecurity Practices to Comply with APRA CPS 234.

Overview
With CPS 234 Regulators, standard-setters and financial services institutions are coming together to boost resilience against evolving threats. The Australian Prudential Regulation Authority's (APRA) Information Security Standard CPS 234 commenced on the 1st of July 2019 and mandates all APRA regulated entities to build the information security controls, capabilities, and measures to be resilient against security incidents, including cyber-attacks. The entities need to bolster their hold upon information asset identification and classification, roles and responsibilities around information security with clear Segregation of Duties, implementation and testing of information security controls, internal audits, incident management, and breach notification.
CPS 234 calls for protective measures to be in tandem with the size of the business and the threats faced. Any third party that manages the information held by an APRA regulated company also needs to comply.
How Fortanix Helps
Fortanix delivers essential data security capabilities through a unified platform. It enables organizations to identify at-risk services, prioritize remediation efforts, and safeguard sensitive data across all layers and systems—both on-premises and in the cloud.
Cryptographic Posture Management
Manage assets and vulnerabilities by discovering, assessing, and remediating your encryption key security gaps. Get powerful insights into your cryptographic security posture across multi-cloud and on-prem environments for a complete inventory and visibility.
Data Security Platform
Protect your information systems with data encryption across databases, virtual machines, filesystems, and multi-cloud for complete security and compliance without performance loss and at scale. With data tokenization in place, replace sensitive data to prevent data exposure while putting it work.
Encryption Key Management
Meet cybersecurity requirements for cryptography with centralized and simplified key lifecycle management for the hybrid multicloud, through a single-pane-of-glass. Store keys in natively integrated FIPS 140-2 level 3 certified HSM, available on-premises or SaaS.
Secure AppDev
Enforce secure code standards across the storage, control and management of secrets, credentials, certificates, API keys, and tokens from a centralized solution with enterprise-grade controls. Cryptographically sign code to verify the authenticity and integrity of applications, ensuring they are not altered or corrupted.
Zero Trust Architecture
Implement essential cybersecurity controls with granular Role-Based Access Controls and other advanced operational and security features. Ensure that only authorized users can access encryption keys or see decrypted data for a specified duration of the business case.
Featured Resource
APRA Prudential Standards CPS 234: Proactive Protection Policies & Procedures
Highlights
Stay up to date with the latest developments.