Australian Prudential Regulation Authority (“APRA”)
is an independent statutory authority that supervises
institutions across banking, insurance and superannuation.
APRA Prudential Standard CPS 234 Information Security (“Prudential
Standard CPS 234”) aims to ensure that an APRA-regulated
entity takes measures to be resilient against information
security incidents (including cyberattacks) by maintaining
an information security capability commensurate with
information security vulnerabilities and threats.
In particular, the Prudential Standard lays out information
security requirements for several domain areas including:
Information Security Capability, Policy Framework,
Information asset identification and classification,
Implementation of Controls, Incident Management, Testing
Control Effectiveness, Internal Audit and APRA Notification.
Google Cloud’s contracts, controls, and processes as
described in the compliance mappings for both GCP and Google
Workspace address the requirements in the Prudential
Standard. Google Cloud is committed to addressing the
Prudential Standard requirements regardless of how
institutions choose to use our services.