Prudential Standard CPS 234

The Australian Prudential Regulation Authority (“APRA”) is an independent statutory authority that supervises institutions across banking, insurance and superannuation. The APRA Prudential Standard CPS 234 Information Security (“Prudential Standard CPS 234”) aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyberattacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats.

In particular, the Prudential Standard lays out information security requirements for several domain areas including: Information Security Capability, Policy Framework, Information asset identification and classification, Implementation of Controls, Incident Management, Testing Control Effectiveness, Internal Audit and APRA Notification.

Google Cloud’s contracts, controls, and processes as described in the compliance mappings for both Google Cloud and Google Workspace address the requirements in the Prudential Standard. Google Cloud is committed to addressing the Prudential Standard requirements regardless of how institutions choose to use our services.