APRA CPS 234 Assessment

Answer a short questionnaire to get a quick posture score.

APRA CPS 234 Assessment
Information Security Capability

Are there specific individuals or teams (e.g., CISO, SecOps) formally assigned to manage security?

Is there a budget and headcount allocated for security tools, personnel, and training?

Is security a regular topic at board meetings, with clear metrics and risk reporting?

Implementation of Controls

Do you have technical and procedural controls like MFA, firewalls, encryption, and access reviews in place?

Is there a scheduled process (e.g., quarterly, annually) to assess and update security controls?

Testing Program

Do you perform vulnerability scans, penetration tests, or red team exercises?

Has a third party (e.g., an external auditor) reviewed your security controls within the last 12-18 months?

Please answer all questions to calculate your score.