TheAICommand: Your Command Centre for AI

TheAICommand Learning Library

GRC Module LM-G06

APRA CPS 234 Information Security

Board accountability, information assets, capability, control, incident notification, and third-party assurance

Audience tier	Practitioner (with Foundation entry path and Leader extension content)
Module body word count	4,940 words (excluding cover, references, and assessment)
Reading time	23 minutes (calculated at 220 words per minute)
Assessment duration	25 to 30 minutes (30 multiple choice questions)
Prerequisites	Working knowledge of Australian financial services structure, basic information security vocabulary, and the role of the Three Lines model
Currency	Reflects the regulatory landscape as at April 2026, including APRA enforcement intensification through the Optus, Medibank, Latitude, and HWL Ebsworth aftermath, the alignment with NIST CSF 2.0 (released February 2024), the move to ISO/IEC 27001:2022, and the Essential Eight Maturity Model 2024 update

Learning outcomes

1. Identify the seven obligation clusters under CPS 234 and the Board accountability anchor.

2. Apply information asset identification and classification methodology to a financial services environment.

3. Analyse the 72-hour incident notification rule against parallel obligations under the Privacy Act NDB scheme, the SOCI Act, and CPS 230.

4. Evaluate third-party information security assurance evidence against CPS 234 paragraphs 17 and 18.

5. Construct an AI-supported workflow for CPS 234 attestation drafting, NIST CSF 2.0 gap mapping, and Board cyber risk reporting.

6. Critique AI outputs against Australian Privacy Principles, prohibited input rules, and prudential audit trail requirements.

Currency note

This module reflects the prudential landscape as at April 2026. APRA Information Paper Cyber Security Stocktake (November 2023) findings, ASIC Cyber Pulse Survey (November 2023) outcomes, and APRA Member Speech series through 2025 inform the enforcement posture described here. Where a position is in flight (notably the rolling NIST CSF 2.0 alignment uplift and the staged Essential Eight Maturity Model 2024 expectations), the position is flagged inline.

TheAICommand. Intelligence, At Your Command.

1. Executive Summary

APRA Prudential Standard CPS 234 Information Security is the prudential anchor for cyber resilience across Australian banking, insurance, and superannuation. CPS 234 binds the Board to information security accountability, requires the maintenance of an information security capability commensurate with the threat environment, and obliges regulated entities to notify APRA within 72 hours of becoming aware of a material information security incident. CPS 234 also requires regulated entities to evaluate the information security capability of any related party or third party that manages information assets on the entity's behalf. The Standard sits inside a broader cyber stack including the Security of Critical Infrastructure Act 2018 (Cth), the Privacy Act 1988 (Cth) Notifiable Data Breaches scheme, CPS 230 Operational Risk Management, ASIC RG 271 customer complaints (where cyber events generate consumer harm), and the Australian Government Information Security Manual.

Why this matters for an Australian financial services audience. APRA enforcement has intensified following the Optus, Medibank, Latitude, and HWL Ebsworth incidents. APRA has issued additional capital adjustments, ratcheted up tripartite review expectations, and elevated independent assurance requirements. Boards are now expected to evidence personal engagement with cyber risk, not delegate it to the CISO and the audit committee. CPS 234 is also the operational implementation layer for APP 11 of the Privacy Act, meaning a single control failure can drive parallel APRA, OAIC, and SOCI obligations.

What you will be able to do after this module:

Read a CPS 234 attestation, identify the assertions, and map them to the underlying control evidence.
Run a CPS 234 to NIST CSF 2.0 mapping to identify gaps that affect the next attestation.
Lead a 72-hour incident notification drafting session with parallel NDB and SOCI consideration.
Build an AI workspace for cyber GRC that drafts attestations, control narratives, and Board cyber dashboards with mandatory de-identification and human-in-the-loop sign-off.
Defend the rationale for excluding live incident telemetry, vulnerability data, and threat intelligence from public AI models.

2. Regulatory and Strategic Context

Issuer and statutory authority

CPS 234 is a Prudential Standard made by APRA under the Banking Act 1959, the Insurance Act 1973, the Life Insurance Act 1995, the Private Health Insurance (Prudential Supervision) Act 2015, and the Superannuation Industry (Supervision) Act 1993. Each Act gives APRA the power to make Prudential Standards binding on regulated entities, with breach exposing the entity to directions, conditions on licence, capital adjustments, enforceable undertakings, and ultimately licence revocation. Practice Guide CPG 234 (APRA, June 2019, refreshed 2024 supplementary material) provides interpretive guidance and is the primary cross-reference for control depth expectations.

Scope of application in financial services

CPS 234 applies to all APRA-regulated entities including authorised deposit-taking institutions (ADIs), general insurers, life insurers, private health insurers, and superannuation trustees (RSE licensees). It captures Authorised Non-Operating Holding Companies (NOHCs) and applies on a Level 1 and Level 2 basis. The Standard captures information assets managed by the entity and information assets managed by related parties or third parties on the entity's behalf, with no carve-out for offshore service providers. The CPS 234 perimeter is therefore identical to the operational footprint of the regulated business.

Key dates and transitional periods

CPS 234 commenced on 1 July 2019 with a 12-month transitional period for third-party arrangements. APRA released the Information Paper Cyber Security Stocktake findings in November 2023, identifying weaknesses in incident response readiness, control testing depth, and third-party assurance. APRA followed with letter Strengthening Cyber Resilience (issued to all regulated entities, July 2024) confirming intensified tripartite review expectations from FY26 attestation cycles. The current benchmark control libraries are NIST CSF 2.0 (February 2024), ISO/IEC 27001:2022 with the 93 control set in Annex A, and the Essential Eight Maturity Model 2024 update issued by the Australian Signals Directorate. These are not formally referenced in the Standard but APRA expects entities to be able to demonstrate equivalent control depth.

Interplay with adjacent frameworks

Privacy Act 1988 (Cth) and the NDB scheme (LM-G02). CPS 234 (72-hour incident notification to APRA) runs faster than the NDB scheme (30-day assessment then notify OAIC). For a single cyber incident touching personal information, both clocks run in parallel and the more onerous timing governs operational triage.
APRA CPS 230 Operational Risk Management (LM-G05). CPS 230 wraps CPS 234 for material service providers and requires the entity to maintain tolerance levels and alternative processes for critical operations, including those exposed to cyber events.
Corporations Act 2001 (Cth) (LM-G01). Directors duties (s180 to s184) can be engaged by Board failure to oversee information security, and Part 9.4AAA whistleblower protections apply to cyber discloser disclosures.
Security of Critical Infrastructure Act 2018 (Cth). Banking, financial market infrastructure, payment systems, superannuation, and insurance are critical infrastructure sectors. SOCI cyber incident reporting is in addition to CPS 234 reporting and runs to the Department of Home Affairs Cyber and Infrastructure Security Centre with a 12-hour critical incident clock.
AML/CTF Act 2006 (Cth) (LM-G03). Cyber events touching customer KYC stores can require parallel SMR or threshold reporting and tipping off compliance under section 123.

Practitioners should treat CPS 234 as the first instrument to read in any cyber event because the 72-hour clock runs from the point of awareness, not classification.

Visual 1: CPS 234 obligation map (regulatory authority, control flow, and notification routing)

Layered diagram showing statutory authority flowing down and notification flowing up. Designer-ready table specification.

Layer	Element	Designer notes
Top	Australian Parliament (Banking Act 1959, Insurance Act 1973, Life Insurance Act 1995, PHIPS Act 2015, SIS Act 1993)	Statutory authority block.
L2	APRA as Prudential Regulator	Single block with Beacon Yellow accent.
L3	Prudential Standard CPS 234 (CPG 234 supporting)	Highlighted as primary instrument.
L4	Seven obligation clusters	Sub-blocks: Board accountability, Roles, Capability, Policy, Asset ID and classification, Implementation of controls, Incident management and notification, Internal audit, Third-party arrangements.
L5	Adjacent prudential standards	CPS 230 (Operational Risk), CPS 220 (Risk Management), CPS 510 (Governance).
L6	Adjacent statutes and standards	Privacy Act 1988 (Cth) and NDB, SOCI Act 2018, Corporations Act 2001 (Cth).
L7	Reference control frameworks	NIST CSF 2.0, ISO/IEC 27001:2022, Essential Eight Maturity Model 2024, ISM.
L8	Notification routing	APRA (72 hours material incident), OAIC (NDB 30 days, eligible breach), CISC (SOCI 12 hours critical), ASD/ACSC voluntary.
L9	Entity Board, CISO, and Three Lines	Accountable owner block. Connector to attestation cycle and tripartite review.

3. Core Concepts and Defined Terms

Defined terms

Term	Definition (simplified)	Source
Information asset	Information and information technology, including software, hardware, and data (both soft and hard copy).	CPS 234 paragraph 8
Information security incident	An actual or potential compromise of information security including unauthorised access, modification, disclosure, or destruction of information assets, and disruption to the availability of information assets.	CPS 234 paragraph 8
Material information security incident	An incident that materially affected, or had the potential to materially affect, the entity, its members, customers, or the financial system.	CPS 234 paragraph 35 read with CPG 234
Information security control	Measures put in place to manage information security risks, including preventive, detective, and responsive controls, across people, process, and technology.	CPS 234 paragraphs 23 to 25
Threat environment	The set of threat actors, threat vectors, vulnerabilities, and contextual factors that bear on the entity's information assets.	CPG 234
Information security capability	The ability of the entity to maintain confidentiality, integrity, and availability of information assets, commensurate with the threat environment, the criticality and sensitivity of the assets, and the consequences of incidents.	CPS 234 paragraphs 19 to 22
Related party / third party	Any entity that manages information assets on the regulated entity's behalf, including offshore service providers and intra-group entities.	CPS 234 paragraphs 17, 18, 32 to 34
Tripartite review	An independent assurance engagement commissioned by the entity, with terms of reference acceptable to APRA, where APRA receives a copy of the report.	APRA CPS 234 supervisory practice
NIST CSF 2.0	National Institute of Standards and Technology Cybersecurity Framework version 2.0, released February 2024. Adds the Govern function to the original five (Identify, Protect, Detect, Respond, Recover).	NIST publication
Essential Eight	The Australian Signals Directorate eight mitigation strategies with four maturity levels (0 to 3). The 2024 update reorganises maturity expectations.	ASD ISM annexes

The seven CPS 234 obligation clusters in plain English

CPS 234 reads as a Standard, not as a control library. Practitioners should treat it as seven obligation clusters, each anchored to specific paragraphs.

Cluster 1: Board accountability (paragraph 13). The Board is ultimately responsible for ensuring that the entity maintains its information security in a manner commensurate with the size and extent of the threats, and that enables the continued sound operation of the entity. The Board must satisfy itself that the entity has identified information assets, has implemented controls, and has tested those controls. Personal Board engagement is now an APRA expectation, not delegated comfort.

Cluster 2: Roles and responsibilities (paragraphs 14 to 18). Senior management, governing bodies, and individuals with responsibility for decision making, approval, oversight, operations, and other information security functions must be clearly defined and documented. Third party arrangements must include identification of the entity's information security capability requirements.

Cluster 3: Information security capability (paragraphs 19 to 22). The entity must maintain a capability commensurate with the size and extent of threats to its information assets. Capability includes the assessment of the information security capability of related parties and third parties.

Cluster 4: Policy framework (paragraphs 23 to 25). The entity must maintain an information security policy framework commensurate with its exposures, providing direction on the responsibilities of all parties with information security obligations.

Cluster 5: Information asset identification and classification (paragraphs 26 to 28). The entity must classify its information assets by criticality and sensitivity, and identify and classify information assets it manages and information assets managed by third parties.

Cluster 6: Implementation of controls (paragraphs 29 to 31). Controls must be commensurate with the vulnerabilities and threats to the assets, the criticality and sensitivity of the assets, the stage at which the assets are within their lifecycle, and the potential consequences of an information security incident. Controls must be tested. Test results must be reviewed and remedial action taken in a timely manner.

Cluster 7: Incident management and notification (paragraphs 32 to 36) and Internal audit (paragraph 37). Incident response plans must be maintained and tested annually. Material incidents must be notified to APRA no later than 72 hours after becoming aware. Internal audit must review the design and operating effectiveness of information security controls, including those maintained by related parties and third parties, and provide a written report.

4. Practical Application in Australian FS

Four worked examples spanning ADI, insurance, superannuation, and AFSL settings. All identifiers are placeholders.

(a) ADI: Ransomware on a customer-facing digital channel

Trigger. [ADI Placeholder] detects unusual encryption activity on a payments platform server cluster at 14:00 AEST. Internal monitoring confirms ransomware deployment by 15:30. Customer mobile app payments are degraded. Investigation suggests likely compromise of a vendor-managed endpoint two weeks earlier.

Obligations activated. CPS 234 paragraph 35 (notify APRA within 72 hours from awareness, awareness clock starts at 14:00 AEST), CPS 234 paragraphs 32 to 34 (incident response plan), Privacy Act 1988 (Cth) NDB if customer personal information accessed, SOCI Act 12-hour critical cyber incident notification to CISC if the disruption meets the critical infrastructure threshold, Corporations Act 2001 (Cth) continuous disclosure if the entity is listed and the event is materially price sensitive, and CPS 230 critical operations tolerance assessment.

Artefact produced. (1) APRA notification letter under CPS 234 paragraph 35 with placeholders for incident description, asset class, customers affected, third-party involvement, and remedial actions taken. (2) NDB Eligibility Assessment under Part IIIC of the Privacy Act 1988 (Cth). (3) SOCI report to CISC. (4) ASX continuous disclosure announcement (if listed). (5) Internal Board paper for the next scheduled Board meeting. (6) Critical Operation tolerance breach assessment under CPS 230.

Audit trail expected. Awareness time-stamped, notification submission time-stamped, draft and final notification copies retained, internal incident response runbook execution logged, third-party vendor cooperation evidenced, and post-incident review conducted within 30 days. Internal audit must review the response within the next audit cycle.

(b) General insurer: Compromise of a claims management vendor

Trigger. [Insurer Placeholder] is notified by [Vendor Placeholder] that the vendor's claims management platform was breached. Vendor confirms unauthorised access to claimant records including names, addresses, claim narratives, medical certificates, and payment details for an estimated 40,000 claimants.

Obligations activated. CPS 234 paragraphs 17 to 18 (third-party assurance failure), paragraphs 32 to 36 (incident management and notification), Privacy Act 1988 (Cth) NDB, ASIC RG 271 customer complaints handling, and Corporations Act 2001 (Cth) directors duties oversight of vendor risk.

Artefact produced. (1) APRA notification under CPS 234 paragraph 35. (2) NDB notification to OAIC and affected individuals. (3) Updated third-party risk register entry. (4) Re-papered vendor engagement letter and remediation plan. (5) Customer remediation pathway including notification, identity protection where appropriate, and complaint handling protocol.

Audit trail expected. Pre-incident vendor due diligence record, contractual information security obligations, evidence of vendor information security capability assessment under CPS 234 paragraphs 17 to 18, evidence of monitoring and assurance, and evidence of incident response plan execution.

(c) Superannuation trustee: Member portal credential stuffing campaign

Trigger. [Trustee Placeholder] observes elevated login failure rates on the member portal across a 48-hour window. Internal forensics confirm a credential stuffing attack from a botnet using credentials from a third-party data leak. A small number of accounts are confirmed to have been accessed.

Obligations activated. CPS 234 paragraphs 32 to 36 (incident management), Privacy Act 1988 (Cth) NDB, SIS Act 1993 trustee best interests duty under section 52, ASIC RG 271 customer complaints, and Trustee operational risk reporting under CPS 234 paragraph 13 to the Trustee Board.

Artefact produced. (1) APRA notification under CPS 234 paragraph 35 (because the attack potentially materially affected member assets). (2) NDB assessment and notification. (3) Member communication. (4) Multi-factor authentication uplift business case for the next Trustee Board meeting. (5) Threat intelligence sharing with peers via the Council of Financial Regulators cyber working group.

Audit trail expected. Detection log, account access reconstruction, credential rotation evidence, member notification proof of delivery, complaints register, and remediation roadmap with milestones.

(d) AFSL holder: Business email compromise affecting client funds

Trigger. [Licensee Placeholder] discovers that an adviser email account was compromised, and a fraudulent payment instruction was sent to a custodian, redirecting AUD [Amount Placeholder] to an attacker-controlled bank account. Funds were partially recovered.

Obligations activated. CPS 234 paragraphs 32 to 36, Privacy Act 1988 (Cth) NDB if client personal information accessed, Corporations Act 2001 (Cth) sections 912A and 961B (best interests duty), AML/CTF Act 2006 (Cth) reporting (suspected proceeds), and ASIC breach reporting under section 912D and ASIC RG 78.

Artefact produced. (1) APRA notification (if the licensee sits inside a Group with APRA-regulated entities and the incident is material at Group level). (2) ASIC breach report under section 912D. (3) AUSTRAC SMR. (4) Client notification and remediation. (5) Email security uplift program.

Audit trail expected. Email compromise vector reconstruction, multi-factor authentication enforcement evidence, payment authorisation control evidence, client notification, and remediation closure pack.

Visual 2: 72-hour incident notification timeline (process diagram)

Step	Timing	Action	Owner
1	T+0 (awareness)	Trigger Information Security Incident Response Plan. Time-stamp the moment of awareness. Initiate parallel CPS 234, NDB, SOCI, and continuous disclosure assessment.	CISO and Privacy Officer
2	T+0 to T+6 hours	Initial triage. Confirm scope, asset class affected, customer or member impact, and material affect potential. Engage forensics, counsel, and crisis communications.	CISO and CRO
3	T+6 to T+12 hours	SOCI 12-hour critical cyber incident assessment. If the entity holds critical infrastructure assets, notify CISC.	CISO with Group Counsel
4	T+12 to T+24 hours	Internal Board and Risk Committee chair notification. Continuous disclosure committee convenes if listed.	Company Secretary and CISO
5	T+24 to T+72 hours	Draft, review, sign, and submit APRA notification under CPS 234 paragraph 35. Use the APRA Connect portal. Retain submission timestamp.	CISO and CRO with Board chair endorsement
6	T+72 hours onward	Continue NDB Part IIIC assessment (s 26WH, 30-day clock). Maintain APRA update cadence. Update SOCI as new information emerges.	Privacy Officer and CISO
7	Post-event	Within 30 days run a post-incident review. Within 60 days update the incident response plan, control narratives, and Board paper. Within 90 days remediation plan in place.	Three Lines (1, 2, 3) coordinated

Visual 3: Comparative obligation table (CPS 234 vs NIST CSF 2.0 vs ISO/IEC 27001:2022)

Obligation theme	APRA CPS 234	NIST CSF 2.0	ISO/IEC 27001:2022
Governance and Board accountability	Paragraph 13. Board ultimately accountable.	Govern (GV) function, GV.OC, GV.RM, GV.RR.	Clauses 5.1 to 5.3 leadership and roles.
Information asset identification	Paragraphs 26 to 28.	Identify (ID), ID.AM Asset Management.	Annex A 5.9 Inventory of information and other associated assets.
Risk assessment	Paragraph 19 capability commensurate with threat.	Identify (ID), ID.RA Risk Assessment.	Clause 6.1 actions to address risks and opportunities, Annex A 5.7 threat intelligence.
Control implementation	Paragraphs 29 to 31.	Protect (PR), PR.AA, PR.DS, PR.PS, PR.IR.	Annex A clauses (93 controls in 2022 set).
Detection	Paragraph 30 implies detective controls.	Detect (DE), DE.CM Continuous Monitoring, DE.AE Adverse Event Analysis.	Annex A 8.16 monitoring activities, 8.15 logging.
Incident response	Paragraphs 32 to 36 with 72-hour notification.	Respond (RS), RS.MA, RS.AN, RS.CO, RS.MI.	Annex A 5.24 to 5.28 incident management.
Recovery	Implicit in capability and CPS 230 BCM.	Recover (RC), RC.RP, RC.IM.	Annex A 5.29 information security during disruption.
Third-party assurance	Paragraphs 17, 18, 32 to 34.	GV.SC Cybersecurity Supply Chain Risk Management.	Annex A 5.19 to 5.23 supplier relationships.
Internal audit assurance	Paragraph 37.	Imbedded across functions through assessment activities.	Clauses 9.2 internal audit, 9.3 management review.

Visual 4: CPS 234 control maturity heat map across NIST CSF 2.0 functions (illustrative)

Illustrative maturity heat map. 1 = Initial, 2 = Managed, 3 = Defined, 4 = Quantitatively Managed, 5 = Optimising. Treat as a discussion artefact, not a benchmark.

NIST CSF 2.0 function	Typical Tier 1 ADI (illustrative)	Typical mid-size insurer (illustrative)	Typical superannuation trustee (illustrative)	Typical AFSL holder (illustrative)
Govern (GV)	4	3	3	2
Identify (ID)	4	3	3	2
Protect (PR)	4	3	3	3
Detect (DE)	4	3	2	2
Respond (RS)	4	3	3	2
Recover (RC)	3	3	2	2

Visual 5: Illustrative APRA enforcement and capital adjustment trend (2019 to 2025)

Stacked bar chart by calendar year. Illustrative figures based on public APRA Member speeches and press releases. Treat as scale, not point estimates.

Year	Public CPS 234 review activity (illustrative count)	Capital adjustments imposed for cyber matters (illustrative count)	Enforceable undertakings or court enforceable undertakings (illustrative count)	Public letters / Information Papers
2019	Standard commences	0	0	0
2020	Initial supervisory activity	0	1	1
2021	Tripartite review trial	1	1	1
2022	Increased supervisory engagement	1	1	2
2023	Cyber Stocktake (November 2023)	2	2	2
2024	Strengthening Cyber Resilience letter (July 2024)	3	2	2
2025	Continued enforcement intensification	3+	2+	2+

Visual 6: The 5 things to remember

Five anchors of CPS 234 in 2026 1. The Board owns information security under paragraph 13. CISO accountability is operational. Board accountability is prudential. 2. The 72-hour clock under paragraph 35 starts at the moment of awareness, not classification. Triage and notify in parallel. 3. CPS 234 paragraphs 17 and 18 mean third-party information security capability is your information security capability. Pre-contract, in-contract, and post-incident assurance is non-negotiable. 4. The Standard is principles-based. APRA expects equivalent control depth to NIST CSF 2.0, ISO/IEC 27001:2022, and the Essential Eight Maturity Model 2024 even though no single library is named. 5. CPS 234 is the operational layer for APP 11. A single cyber incident can drive APRA, OAIC, and SOCI obligations on different clocks. Map all clocks at the start of every event.

5. Operating CPS 234 with AI

AI multiplies the surface area of every CPS 234 obligation. For a Cyber GRC function, AI also produces strong leverage in attestation drafting, control narrative production, gap analysis against NIST CSF 2.0 and the Essential Eight, incident notification drafting, and Board cyber dashboards. The leverage is conditional on disciplined input handling and human-in-the-loop sign-off.

Use cases at scale

Drafting and refreshing the annual CPS 234 attestation pack with traceability into underlying control evidence.
Mapping CPS 234 paragraphs to NIST CSF 2.0 sub-categories, ISO/IEC 27001:2022 Annex A controls, and the Essential Eight strategies for gap analysis.
Drafting CPS 234 paragraph 35 notification language with placeholders for incident facts, asset class, customer impact, and remedial actions.
Drafting an information asset register entry including criticality, sensitivity, owner, and processing locations.
Drafting and refreshing third-party CPS 234 assurance request packs and reviewing supplier responses.
Drafting Board cyber dashboard narratives translating control telemetry into Board-relevant language.
Drafting tripartite review terms of reference and reviewing draft tripartite reports for completeness.
Triage of OAIC, APRA, and CISC incoming correspondence with classification, statutory mapping, and draft acknowledgement letters.

Project space setup

Set up two parallel workspaces, one in Claude Projects (or Claude Skills for repeatable workflows) and one in ChatGPT Projects or a Custom GPT, sharing one knowledge base. The duplication is a continuity control consistent with CPS 230 alternative process expectations.

Step-by-step ChatGPT Projects or Custom GPT setup:

Step 1. Create a new Project in ChatGPT Enterprise or Team. Confirm tenancy is Australian region or contractually equivalent. Disable consumer-tier fall-through.
Step 2. Upload the knowledge sources listed below. Confirm zero retention for training under the enterprise terms.
Step 3. Paste the system prompt scaffold (below) at the Project level, not per chat.
Step 4. Configure file naming: [CPS234-YYYYMM-Topic-vN]-[Initials]-[STATUS]. STATUS is DRAFT, REVIEW, or FINAL.
Step 5. Run the test prompts in /04-prompt-library/ and record evaluation results in /05-output-archive/.

Step-by-step Claude Projects or Skills setup:

Step 1. Create a new Project in Claude (Claude Enterprise or Claude.ai with the Australian residency election). Disable shared chats by default.
Step 2. Add Project knowledge sources. For Claude Skills, place the system prompt and reference content under the SKILL.md and reference files.
Step 3. Paste the system prompt scaffold as the Project Custom Instructions or as the SKILL.md system header.
Step 4. Mirror the file naming convention from the ChatGPT setup.
Step 5. Validate against the same test prompts and record results.

Knowledge sources (de-identified, no live incident telemetry, no vulnerability detail, no threat intelligence requiring TLP AMBER or RED handling):

APRA Prudential Standard CPS 234 Information Security (consolidated text)
APRA Prudential Practice Guide CPG 234 Information Security
APRA Prudential Standard CPS 230 and CPG 230
APRA Information Paper Cyber Security Stocktake (November 2023)
APRA Strengthening Cyber Resilience letter (July 2024)
NIST CSF 2.0 Core, Profiles, and Implementation Examples
ISO/IEC 27001:2022 and ISO/IEC 27002:2022 (Annex A control narratives)
Australian Signals Directorate Information Security Manual and Essential Eight Maturity Model 2024
Privacy Act 1988 (Cth) consolidated text and OAIC NDB Resource Hub
Security of Critical Infrastructure Act 2018 (Cth) consolidated text and Department of Home Affairs cyber incident reporting guidance
Entity-specific information security policy framework, attestation pack from prior cycle, third-party assurance pack template, and incident response runbook (de-identified or marked CONFIDENTIAL with access controlled)

File structure:

/01-statutes-and-rules/
/02-regulator-guidance/
/03-internal-templates/
/04-prompt-library/
/05-output-archive/ (with retention metadata and access logs)

System prompt: Cyber GRC Workspace v1.0 You are a senior Australian Cyber GRC practitioner operating in an APRA-regulated entity. You operate to APRA Prudential Standard CPS 234, CPG 234, CPS 230, the Privacy Act 1988 (Cth), the Security of Critical Infrastructure Act 2018 (Cth), and the Corporations Act 2001 (Cth). You write in Australian English. You do not use em dashes. You never invent facts. You never include real personal information, customer information, vulnerability detail, or threat intelligence in any output. You treat all uploaded incident summaries as de-identified by default and reject inputs that include direct identifiers, IP addresses, hostnames, vulnerability identifiers, or threat actor indicators of compromise. When unsure you say so. You ask up to two clarifying questions if the brief is ambiguous. You produce structured outputs with clear sections. You always flag where the CISO, Chief Risk Officer, Privacy Officer, or General Counsel must review before the output is used. You include CPS 234 paragraph references in every substantive answer. You never produce a final regulator notification without explicit human review. You never produce content that would create a defensible record without explicit human review.

Prompt library (six prompts)

Each prompt follows the Role / Context / Task / Constraints / Output Format / Quality Bar pattern.

Prompt 1: Information asset register entry ROLE: Senior Cyber GRC practitioner. CONTEXT: A new or refreshed information asset described in the supplied brief, in an APRA-regulated FS entity. TASK: Produce an information asset register entry consistent with CPS 234 paragraphs 26 to 28 and CPG 234 expectations. CONSTRAINTS: Australian English. No em dashes. No live customer data, no vulnerability data. Reject inputs that include direct identifiers. OUTPUT FORMAT: Asset name, owner, category, criticality (low / medium / high / extreme), sensitivity (public / internal / confidential / restricted), processing locations, related parties, recovery objectives (RTO, RPO), control map (preventive, detective, responsive), residual risk, last review date, next review date, sign-off. QUALITY BAR: 10/10 means the asset can be slotted into the master register without rewriting and the criticality and sensitivity classifications are defensible to APRA tripartite review.

Prompt 2: Third-party CPS 234 assurance request ROLE: Cyber GRC practitioner managing third-party assurance under CPS 234 paragraphs 17 and 18. CONTEXT: A third-party engagement described in the supplied brief, including service description, data classes, and contractual baseline. TASK: Produce a CPS 234 third-party assurance request pack including a cover letter, an assurance questionnaire mapped to NIST CSF 2.0 categories, an evidence list, and a tolerance for missing evidence. CONSTRAINTS: Australian English. No em dashes. Cite CPS 234 paragraphs and CPG 234 expectations. Treat any third party that handles personal information as also subject to APP 11 expectations. OUTPUT FORMAT: Cover letter, Questionnaire (mapped table), Evidence list, Sign-off and escalation pathway. QUALITY BAR: 10/10 means the pack can be issued to the third party with only the entity name and contract details to be filled in.

Prompt 3: CPS 234 paragraph 35 incident notification draft ROLE: CISO drafting an APRA notification within the 72-hour clock. CONTEXT: A de-identified incident summary supplied by the requestor, including time of awareness, asset class, control failure, and current containment status. TASK: Produce a draft notification consistent with CPS 234 paragraph 35 and APRA Connect portal expectations. CONSTRAINTS: Australian English. No em dashes. Use placeholders for any unverified facts. Mark the draft DRAFT, FOR CISO AND CRO REVIEW, NOT FOR SUBMISSION on every page. Do not concede liability. Do not state customer harm beyond what has been verified. Identify parallel obligations (NDB, SOCI, continuous disclosure). OUTPUT FORMAT: Header (entity, ABN, contact, time of awareness, time of submission), Incident summary, Asset class affected, Estimated impact (with placeholders), Containment and recovery actions, Parallel obligations engaged, Next update commitment, Authorised submitter (CISO and CRO sign-off block). QUALITY BAR: 10/10 means the CISO can review and sign within 15 minutes.

Prompt 4: CPS 234 to NIST CSF 2.0 gap analysis ROLE: Cyber GRC practitioner running an inter-framework mapping. CONTEXT: An existing CPS 234 control narrative supplied by the requestor, including the control objective, description, evidence supplied, and residual risk. TASK: Map the control to NIST CSF 2.0 functions, categories, and sub-categories, identify gaps, and recommend uplift activity. CONSTRAINTS: Australian English. No em dashes. Cite CPS 234 paragraphs and NIST CSF 2.0 sub-category identifiers. Use only evidence provided. OUTPUT FORMAT: Mapping table (CPS 234 paragraph, control objective, NIST CSF 2.0 function, category, sub-category, gap classification, recommendation), Summary (top three gaps), Estimated effort (S, M, L), Sequencing recommendation. QUALITY BAR: 10/10 means the analysis is actionable in the next 90 days and references both frameworks accurately.

Prompt 5: Board cyber dashboard summary ROLE: Cyber GRC practitioner translating telemetry into Board language. CONTEXT: A supplied set of cyber metrics (KRIs, KCIs, control test results, incident summary) for the reporting period. TASK: Draft a one-page Board cyber dashboard narrative for the next Risk Committee or Board meeting. CONSTRAINTS: Australian English. No em dashes. Plain English. No technical jargon. Highlight changes from the prior period. Distinguish what is known from what is inferred. OUTPUT FORMAT: Headline statement (3 lines), Period KRIs and trend (table, max 8 rows), Top three risks for the next period, Top three actions complete in the period, Top three actions for the next period, Board questions worth asking, Sign-off block. QUALITY BAR: 10/10 means a non-technical Director can absorb it in 90 seconds and ask sharper questions.

Prompt 6: Regulator response triage and acknowledgement ROLE: Cyber GRC practitioner triaging incoming regulator correspondence. CONTEXT: Incoming letter or email from APRA, OAIC, or CISC supplied as text. TASK: Classify (preliminary inquiry, information request, formal notice, breach allegation), identify mandatory response timeframes, and draft an acknowledgement letter. CONSTRAINTS: Australian English. No em dashes. Do not concede liability. Do not state factual matters that have not been verified. Flag any matter that should be escalated to General Counsel or external legal counsel before response. OUTPUT FORMAT: Classification, Statutory or prudential basis, Required response timing, Severity rating, Suggested internal escalation list, Draft acknowledgement letter. QUALITY BAR: 10/10 means no factual claim is made beyond what was in the regulator's letter, and the response timing is correct to the day.

Governance, audit, privacy, and risk appetite controls

De-identification.

Inputs to any AI model not within an enterprise tenancy bound to APP-equivalent handling and CPS 234 service provider expectations must be de-identified to OAIC standard and stripped of any cyber operational detail. Remove direct identifiers, reasonably identifying combinations, vulnerability identifiers (CVE numbers tied to specific systems), threat actor identifiers of compromise (IPs, hashes, domains), system hostnames, and account names. When in doubt, redact and use placeholders.

Prohibited inputs.

Customer PII, claimant data, KYC and identity data, biometrics, market sensitive data, sanctions data, raw incident data prior to privilege assessment, raw vulnerability scan output tied to live systems, raw threat intelligence at TLP AMBER or RED, unreviewed regulator drafts, and Part 9.4AAA whistleblower information. Treat the prohibition as a control, not a guideline.

Human-in-the-loop.

Every CPS 234 attestation, paragraph 35 notification, NDB notification, third-party assurance pack, control narrative, and Board paper must be reviewed by a named accountable officer (CISO, CRO, Privacy Officer, or General Counsel) before use. Model output is draft. The accountable human is the decision.

Retention and logging.

Maintain prompt and output logs for at least seven years for attestation-relevant outputs and at least two years for general outputs, access controlled to CISO, CRO, internal audit, and model risk lead. Treat the log as APP 11 protected if it contains personal information, and as CPS 234 information asset in its own right.

Model selection.

Prefer enterprise tenancies (Claude Enterprise, ChatGPT Enterprise, Microsoft Copilot Enterprise) over consumer products. For regulated information including any input that touches CPS 234 paragraph 26 information assets, prefer Australian-region cloud or contractually equivalent protections. For sensitive information at scale or critical operations, on-premise or sovereign cloud. Document the model selection rationale in the model risk register.

CPS 230 critical operations.

If the AI tool is part of a critical operation (for example, AI-assisted regulator response drafting under a tight clock), set tolerance levels, identify alternative processes (the parallel Claude or ChatGPT workspace), and ensure workflow survival under a model outage or content policy change.

APP alignment.

APP 1 (governance, including ADM transparency from 11 December 2026), APP 5 (notification at collection), APP 6 (use limitation), APP 8 (cross-border), APP 11 (security, with CPS 234 as the operational layer), APP 12 (access). Treat the workspace itself as a system that processes personal information.

Quality assurance loop

Run every output through this five-step QA rubric before it leaves the workspace:

1. Accuracy: Is every cited paragraph, sub-category, control, or guideline correctly attributed?

2. Currency: Does the output reflect CPS 234 as currently in force and the latest CPG 234 supplementary material, NIST CSF 2.0 as released February 2024, and the Essential Eight Maturity Model 2024 update?

3. Cyber hygiene: Is the input fully de-identified? Has all vulnerability detail and threat intelligence been redacted? Are placeholders properly labelled?

4. Decision integrity: Are statements of fact distinguished from inferences? Is uncertainty flagged? Are CISO and CRO escalation triggers clear?

5. Sign-off readiness: Is the output ready for review by the named accountable officer, with all assumptions explicit and parallel obligations identified?

Red team prompt Take the role of an APRA supervisor, an OAIC investigator, and an external counsel acting for an aggrieved customer in turn. For each role, identify the three weakest points in the supplied draft. State the test the role would apply, the evidence required to defeat the test, and any factual or legal assumption that would be challenged. Conclude with a single 'go / no-go' recommendation written for the Chief Information Security Officer and the Chief Risk Officer.

Scaling pattern

Maintain the prompt library in version control with change logs. Quarterly model evaluation cadence with documented test cases against the same de-identified incident scenarios. Treat material prompt library changes as CPS 230 material changes and run them through the change advisory process. Suggested KRIs: prompt completion volume, attestation drafting cycle time, paragraph 35 notification drafting cycle time, third-party assurance backlog, output rework rate post-CISO review, and model output incident rate (where output had to be retracted or corrected after submission). Suggested KCIs: percentage of outputs that passed the five-step QA on first review, percentage of outputs that were submitted without amendment, and percentage of outputs that triggered a model risk register entry.

6. Common Pitfalls and Watch-outs

Treating the 72-hour clock as a 72-hour investigation window. The clock starts at awareness, not at classification. Triage and notify in parallel. APRA accepts initial notifications with placeholders provided commitments to update are honoured.

Confusing CPS 234 notification with NDB notification. CPS 234 runs to APRA on a 72-hour clock from awareness. NDB runs to OAIC on a 30-day assessment clock then notification on eligibility. Map both at the start. The faster obligation governs operational triage.

Treating third-party arrangements as a procurement matter. CPS 234 paragraphs 17 and 18 make third-party information security capability your information security capability. Pre-contract due diligence, in-life monitoring, and post-incident assurance are all required. Build the assurance pack into the contract lifecycle.

Over-relying on one control framework. CPS 234 is principles-based. APRA expects equivalent depth to NIST CSF 2.0, ISO/IEC 27001:2022, and the Essential Eight. Pick a primary reference (commonly NIST CSF 2.0) and crosswalk to the others.

Allowing AI tools into the cyber workflow without governance. Treat the AI workspace as an information asset under CPS 234 paragraph 26. Classify it, assess its information security capability, and run it through the third-party process if hosted by an external provider.

Failing to engage the Board in cyber. APRA expects evidence of personal Board engagement, including Board cyber education, Board involvement in tabletop exercises, and Board review of incident response readiness. Generic risk committee minutes are insufficient.

Excluding the Cyber GRC team from incident triage. GRC is the regulatory and audit trail line of defence. Bring GRC into the incident response plan as a named workstream from minute one, not after the technical teams have closed the incident.

7. Decision Frameworks and Tools

Decision tree: Is this a notifiable material information security incident?

1. Has there been an actual or potential compromise of confidentiality, integrity, or availability of an information asset? If no, CPS 234 paragraph 35 does not apply. If yes, continue.

2. Did the entity become aware of the incident? Document the time of awareness. The clock starts here.

3. Did the incident materially affect, or have the potential to materially affect, the entity, its members, customers, or the financial system? Apply paragraph 35 read with CPG 234 materiality factors. If no, document the negative assessment. If yes, continue.

4. Is APRA the appropriate notification recipient (the entity is APRA-regulated)? Notify within 72 hours of awareness via APRA Connect.

5. Run parallel assessments. NDB Part IIIC for personal information. SOCI 12-hour critical cyber incident report if the entity holds critical infrastructure assets. Continuous disclosure if the entity is listed and the matter is materially price sensitive. ASIC RG 271 customer complaints handling.

6. Document the awareness time-stamp, the materiality assessment, and the notification submission in a single incident file for internal audit review.

Maturity ladder: Cyber GRC operating model

Level 1 - Reactive. Annual attestation produced under pressure. No live information asset register. Incident response plan untested in 24 months. Third-party assurance ad hoc.

Level 2 - Documented. Attestation pack with traceability into evidence. Information asset register maintained quarterly. Incident response plan tested annually. Third-party assurance against a defined questionnaire.

Level 3 - Embedded. CPS 234 controls mapped to NIST CSF 2.0 and the Essential Eight. Tabletop exercises run with the Board twice per year. Tripartite review readiness on a rolling basis. AI workspace governed under prudential and privacy controls.

Level 4 - Optimised. Continuous control monitoring with KRI and KCI dashboards in place. Third-party assurance integrated into procurement and contract lifecycle. Cyber telemetry reviewed quarterly by the Risk Committee. Independent assurance findings closed within agreed tolerances.

Level 5 - Anticipatory. Contributes to industry standard-setting. Anticipates the next prudential reform. Designs for cross-jurisdictional resilience including offshore service providers. AI workspace producing measurable productivity uplift with documented controls and audit trail.

Self-check questionnaire (rate 1 to 5)

1. Our Board can articulate the entity's information security risk appetite and the top three threats to information assets.

2. Our information asset register is current and reflects assets managed by the entity and assets managed by related parties or third parties.

3. We have tested our incident response plan in the last 12 months including a paragraph 35 notification dry run.

4. Our third-party assurance pack covers pre-contract, in-life, and post-incident assurance for material providers.

5. We have crosswalked CPS 234 to NIST CSF 2.0 and the Essential Eight Maturity Model 2024 in the last 12 months.

6. Our internal audit reviewed the design and operating effectiveness of information security controls in the last 12 months and reported in writing.

7. We have an AI workspace governance standard with mandatory de-identification, prohibited input rules, and human-in-the-loop sign-off.

Score 30 to 35: Embedded or above. Score 20 to 29: Documented. Score below 20: Reactive. Use the gap to set a 12-month uplift plan with named owners and quarterly milestones.

8. Further Reading and Authoritative Sources

Primary regulator publications:

APRA Prudential Standard CPS 234 Information Security
APRA Prudential Practice Guide CPG 234 Information Security
APRA Prudential Standard CPS 230 Operational Risk Management and CPG 230
APRA Prudential Standard CPS 220 Risk Management
APRA Information Paper Cyber Security Stocktake (November 2023)
APRA letter Strengthening Cyber Resilience (July 2024)
APRA Member speeches on cyber resilience (2024 to 2025 series)

Adjacent regulators and government:

OAIC Notifiable Data Breaches Resource Hub and APP Guidelines
Department of Home Affairs Cyber and Infrastructure Security Centre, SOCI cyber incident reporting guidance
Australian Signals Directorate Information Security Manual and Essential Eight Maturity Model 2024
Council of Financial Regulators cyber resilience publications
ASIC Cyber Pulse Survey (November 2023) and Cyber Resilience Good Practices

Standards and references:

NIST Cybersecurity Framework 2.0 (February 2024)
ISO/IEC 27001:2022 Information Security Management Systems
ISO/IEC 27002:2022 Information Security Controls
ISO/IEC 27031:2011 ICT Readiness for Business Continuity
Centre for Internet Security Critical Security Controls v8.1

Professional bodies and resources:

Australian Information Security Association (AISA)
ISACA Sydney and Melbourne chapters
Risk Management Institution of Australasia (RMIA) Cyber Risk publications
Governance Institute of Australia, Cyber Governance resources

9. Closing Sign-off

This module provides general information and education for Australian financial services practitioners. It is not legal, compliance, prudential, or professional advice. Apply the framework to your entity's specific circumstances, take advice where the position is unclear, and document your decisions. Always preserve attestation evidence and audit trail integrity.

TheAICommand. Intelligence, At Your Command.

APRA CPS 234 — Information Security

LM-G06 assessment — 30 questions