APRA CPS 234 Explained: Information Security Standard

What it covers

CPS 234 is the prudential standard APRA uses to lift information security across the entities it regulates. It took effect on 1 July 2019, with a transition allowance until 1 July 2020 for information assets managed by third parties. The objective, in APRA's words, is for an entity to maintain an information security capability "commensurate with the size and extent of threats to its information assets", so that the entity can withstand security incidents including attacks.

The standard sets out a small number of clear obligations. The Board is ultimately accountable for information security. Roles and responsibilities must be clearly defined across the Board, senior management, governance bodies and individuals. The entity must implement controls to protect information assets, including those managed by related parties and third parties, and test those controls through a systematic programme. It must maintain an incident response capability, and it must notify APRA of material incidents and material control weaknesses within set timeframes. Full detail sits in the standard itself, published at apra.gov.au.

Who it applies to

CPS 234 applies to all APRA-regulated entities across five industries: authorised deposit-taking institutions (banks, building societies and credit unions), general insurers, life companies and friendly societies, private health insurers, and superannuation RSE licensees. It also reaches the information assets those entities rely on but do not directly control, which is why third-party assurance is a central feature rather than an afterthought.

The notification rule

Two timeframes matter and are easy to confuse. An entity must notify APRA within 72 hours of becoming aware of a material information security incident, including any incident that has been notified to another regulator inside or outside Australia. Separately, an entity must notify APRA within 10 business days of becoming aware of a material information security control weakness that it expects it will not be able to remediate in a timely way. These are firm obligations, not guidance.

Where AI fits

CPS 234 predates the current wave of generative AI, but it captures AI use squarely. Where an AI tool, model or vendor processes, stores or transmits regulated information assets, that tool sits inside the information security perimeter the standard is concerned with. Three practical consequences follow.

First, AI systems must be covered by the entity's control framework, including access management, logging and testing, on the same basis as any other system handling sensitive data. Second, third-party AI services attract the same assurance expectations as any outsourced information asset, so the entity needs evidence about how the provider secures data, not just a marketing claim. Third, an AI-related security failure, for example a data exposure through a model integration, can be a material incident that triggers the 72-hour clock.

What practitioners should do

For compliance, risk and audit practitioners, the work is mapping rather than re-inventing. Build an inventory of where AI tools touch regulated information assets. Confirm each is captured in the security control framework and the incident response plan. Check that vendor contracts and assurance reports actually evidence the controls CPS 234 expects, and that the notification process recognises AI failures as in-scope. CPS 234 also sits alongside CPS 230 Operational Risk Management, which took effect on 1 July 2025, so treat AI security and AI operational resilience as connected obligations rather than separate projects.

TheAICommand. Intelligence, At Your Command.*

TheAICommand. Intelligence, At Your Command.

Frequently asked questions

When did CPS 234 come into effect?

CPS 234 took effect on 1 July 2019. APRA allowed a transition period until 1 July 2020 for information assets managed by third parties, recognising that entities needed time to obtain assurance over systems and data they relied on but did not directly control.

How quickly must we notify APRA of a security incident under CPS 234?

You must notify APRA within 72 hours of becoming aware of a material information security incident, including any incident already notified to another regulator. Separately, material control weaknesses you cannot remediate in a timely way must be notified within 10 business days.

Does CPS 234 apply to AI tools and vendors?

Yes, where an AI tool or vendor processes, stores or transmits regulated information assets it falls inside the information security framework CPS 234 governs. Third-party AI services attract the same assurance expectations as any other outsourced information asset, and AI failures can be material incidents.

Which entities does CPS 234 apply to?

It applies to all APRA-regulated entities across five industries: authorised deposit-taking institutions, general insurers, life companies and friendly societies, private health insurers, and superannuation RSE licensees. It also reaches information assets managed on their behalf by related parties and third parties.

Is CPS 234 the same as CPS 230?

No. CPS 234 covers information security and took effect in 2019. CPS 230 covers operational risk management, including service provider management and business continuity, and took effect on 1 July 2025. They are complementary, so AI security and AI operational resilience should be managed together.