Software to manage CPS 230 & CPS 234

A GRC platform for APRA-regulated entities

APRA have introduced 2 new standards – CPS 230 for Operational Risk Management and CPS 234 for Information Security. APRA regulated entities in Australia have until 1st July 2025 to align their processes to meet the new requirements. Discover how the Camms GRC platform can support organisations to easily structure their processes with these new standards.

Dashboard of Camms risk management software

Operational Risk Management

Implement a best-practice operational risk management program to assess risk exposure and establish controls to mitigate risk.

Incident Management

Enable staff to log incidents, hazards, and near misses as they happen, carry out investigations, understand organizational impact, and monitor cases until they’re resolved.

Information Security

Get visibility of cyber risk and implement effective controls. Log and resolve cyber incidents. Maintain a critical information assets log and easily report data security incidents to APRA.

Operational Resilience

Prepare for unexpected disruptions and ensure long-term sustainability with our leading business continuity and business process modelling capabilities.

Third-party risk management

Establish processes for effective third-party risk management, incorporating workflows for third-party risk assessments, vendor benchmarking, and continuous performance monitoring.

CPS 230 & CPS 234 software capabilities

Operational Risk Management

Create a best-practice operational risk management program. Build risk registers, categorize and rate risk, set KRIs, and perform online risk assessments. Monitor risk levels and establish a risk appetite. Set controls to reduce risk and perform control testing. Formulate risk treatment plans with automated workflows and alerts. Easily report on risk with a variety of out-of-the-box reports & dashboards.

Third-Party risk management

Implement a best-practice vendor risk management process to effectively manage the risks associated with third parties. Build a vendor library capturing – critical data around contract details, cost, contacts, and monitor ongoing performance against SLAs and KPIs. Roll out vendor risk assessments online via our vendor portal. Link to third-party risk intelligence providers via API integrations to understand vendor risk in terms of financial stability, ethical standpoint, legal & regulatory convictions, and cybersecurity posture. Report on vendor performance and third-party risks via a series of automated dashboards & reports.

Manage & resolve incidents

To align with the new CPS 230 & CPS 234 standards, the Camms software includes best-practice incident reporting capabilities. Staff can easily log incidents, hazards, near-misses or cyber incidents via online forms with all data feeding directly into the platform. Automated workflows escalate the incident to the relevant stakeholders and facilitate effective case management and route cause analysis – until the incident is resolved and closed. Teams can run reports to understand where incidents are occurring to implement effective controls, and incidents can easily be linked back to the relevant risks.

Implement business continuity plans

To comply with CPS 230 requirements, utilize the Camms platform to establish effective business continuity plans – ensuring operational resilience during a crisis. Identify critical business processes and develop a business process register. Create BCM plans, conduct online Business Impact Assessments (BIAs), perform business process modelling, activate BCM plans based on logged incidents, and monitor the status of recovery operations.

Operational risk register for third-party risk management software, detailing risk codes, risk titles, responsible persons, reporting periods, and risk levels.
- Camms' dashboard showing cyber risk assessment in a systemised and clear way

Information Security

Uphold information security standards to align with CPS 234 requirements by managing cyber risk, implementing effective controls, and performing regular control & vulnerability testing. Use the platform to clearly define information security roles & responsibilities, capture & resolve incidents, and establish a defined process to notify APRA of information security incidents.

Policy management

Establish a policy library and manage policy changes, approvals, signoffs, and attestations. Capture critical details regarding each policy (including IT Security policies) and view reports on compliance and employee attestations.

Compliance management software screen displaying policies and procedures with codes, titles, types, responsible officers, and priorities.
Audit register showing audit management capabilities

Audit management

Plan and schedule any internal and external audits (including your APRA CPS 230 and CPS 234 audits). Use best-practice workflows and forms to schedule and map out audit requirements. Internal auditors can enter the findings using online forms to feed the data into the platform. Recommendations can be implemented using best-practice case management workflows. Teams can track recommendations and actions by linking audits back to risks and risk treatments where relevant. This provides complete transparency and enables adequate reporting.

Demonstrate compliance

Firms can use the Camms platform to demonstrate compliance with CPS 230, CPS 234 and other obligations, regulations, standards, and policies. Organizations can set up an obligations library and monitor compliance by implementing step-by-step workflow processes and checks. Receive notifications of regulatory updates from your preferred regulatory provider directly into the platform and implement a best-practice regulatory change management process.

Why choose the Camms platform to manage APRA requirements?

Quick implementation

Our GRC solutions are deployed quickly to help you meet APRA CPS 230 and CPS 234 requirements. Our go live time can be as quick as 8 weeks for standard implementations.

Easy to configure

Compared to other platforms, our solution is highly configurable. Use our templates and forms that align operations with the APRA requirements and alter them further to meet any bespoke company needs.

Built on the latest technology

Our software provides a range of GRC capabilities utilizing the latest modern responsive technology, ensuring a stable and secure system with screens that load in under one second.

Contemporary user interface

Our leading GRC solution offers a modern, intuitive user experience – meaning staff of all levels can use the platform, from operational staff logging incidents and completing risk assessments and control checks, to senior leaders who want to use the data to make business decisions and everyone in between.

Mobile app

Our APRA-compliant software includes a mobile app, allowing staff to conduct risk assessments and checks, log incidents, and perform risk-related activities on the go.

Multiple languages

Our GRC tool is available in many languages – ensuring staff from all regions and locations can use the software in their own language.

Manage CPS 230 & CPS 234

Our software enables organizations to manage the operational risk management requirements of CPS 230 and the information security requirements of CPS 234 in one platform.

Data security & privacy

The Camms platform is highly secure and certified to cybersecurity standards such as SOC Type 1 & 2, ISO 27001, and Cyber Essentials. It features a structured permissions hierarchy, encryption, and audit trails to safeguard data privacy and ensure compliance with security regulations.

API integrations

The Camms GRC platform offers API integrations to assist firms to integrate risk, operational, and cyber data from other spreadsheets and data sources directly into the platform – ensuring a single source of truth for data across all sites and departments.

Discover more about the Camms APRA aligned platform

Resources relating to APRA CPS 230 and CPS 234

The latest and hottest pieces of content relating to APRA CPS 230 and CPS 234 to keep you in the loop.

Get started and request a demo of our APRA enabled GRC software platform

Fill out our simple form to see how the Camms’ platform can your support your organisation to meet CPS 230 & CPS 234 requirements.

Complete your details to request a demo

Scroll to Top