Software to manage CPS 230 & CPS 234
A GRC platform for APRA-regulated entities
APRA have introduced 2 new standards – CPS 230 for Operational Risk Management and CPS 234 for Information Security. APRA regulated entities in Australia have until 1st July 2025 to align their processes to meet the new requirements. Discover how the Camms GRC platform can support organizations to easily structure their processes with these new standards.
Operational Risk Management
Implement a best-practice operational risk management program to assess risk exposure and establish controls to mitigate risk.
Incident Management
Enable staff to log incidents, hazards, and near misses as they happen, carry out investigations, understand organizational impact, and monitor cases until they’re resolved.
Information Security
Get visibility of cyber risk and implement effective controls. Log and resolve cyber incidents. Maintain a critical information assets log and easily report data security incidents to APRA.
Operational Resilience
Prepare for unexpected disruptions and ensure long-term sustainability with our leading business continuity and business process modelling capabilities.
Third-party risk management
Establish processes for effective third-party risk management, incorporating workflows for third-party risk assessments, vendor benchmarking, and continuous performance monitoring.
CPS 230 & CPS 234 software capabilities
Operational Risk Management
Create a best-practice operational risk management program. Build risk registers, categorize and rate risk, set KRIs, and perform online risk assessments. Monitor risk levels and establish a risk appetite. Set controls to reduce risk and perform control testing. Formulate risk treatment plans with automated workflows and alerts. Easily report on risk with a variety of out-of-the-box reports & dashboards.
Third-Party risk management
Implement a best-practice vendor risk management process to effectively manage the risks associated with third parties. Build a vendor library capturing – critical data around contract details, cost, contacts, and monitor ongoing performance against SLAs and KPIs. Roll out vendor risk assessments online via our vendor portal. Link to third-party risk intelligence providers via API integrations to understand vendor risk in terms of financial stability, ethical standpoint, legal & regulatory convictions, and cybersecurity posture. Report on vendor performance and third-party risks via a series of automated dashboards & reports.
Manage & resolve incidents
To align with the new CPS 230 & CPS 234 standards, the Camms software includes best-practice incident reporting capabilities. Staff can easily log incidents, hazards, near-misses or cyber incidents via online forms with all data feeding directly into the platform. Automated workflows escalate the incident to the relevant stakeholders and facilitate effective case management and route cause analysis – until the incident is resolved and closed. Teams can run reports to understand where incidents are occurring to implement effective controls, and incidents can easily be linked back to the relevant risks.
Implement business continuity plans
To comply with CPS 230 requirements, utilize the Camms platform to establish effective business continuity plans – ensuring operational resilience during a crisis. Identify critical business processes and develop a business process register. Create BCM plans, conduct online Business Impact Assessments (BIAs), perform business process modelling, activate BCM plans based on logged incidents, and monitor the status of recovery operations.
Information Security
Uphold information security standards to align with CPS 234 requirements by managing cyber risk, implementing effective controls, and performing regular control & vulnerability testing. Use the platform to clearly define information security roles & responsibilities, capture & resolve incidents, and establish a defined process to notify APRA of information security incidents.
Policy management
Establish a policy library and manage policy changes, approvals, signoffs, and attestations. Capture critical details regarding each policy (including IT Security policies) and view reports on compliance and employee attestations.
Audit management
Plan and schedule any internal and external audits (including your APRA CPS 230 and CPS 234 audits). Use best-practice workflows and forms to schedule and map out audit requirements. Internal auditors can enter the findings using online forms to feed the data into the platform. Recommendations can be implemented using best-practice case management workflows. Teams can track recommendations and actions by linking audits back to risks and risk treatments where relevant. This provides complete transparency and enables adequate reporting.
Demonstrate compliance
Firms can use the Camms platform to demonstrate compliance with CPS 230, CPS 234 and other obligations, regulations, standards, and policies. Organizations can set up an obligations library and monitor compliance by implementing step-by-step workflow processes and checks. Receive notifications of regulatory updates from your preferred regulatory provider directly into the platform and implement a best-practice regulatory change management process.
Why choose the Camms platform to manage APRA requirements?
Contemporary user interface
Our leading GRC solution offers a modern, intuitive user experience – meaning staff of all levels can use the platform, from operational staff logging incidents and completing risk assessments and control checks, to senior leaders who want to use the data to make business decisions and everyone in between.
Data security & privacy
The Camms platform is highly secure and certified to cybersecurity standards such as SOC Type 1 & 2, ISO 27001, and Cyber Essentials. It features a structured permissions hierarchy, encryption, and audit trails to safeguard data privacy and ensure compliance with security regulations.
Discover more about the Camms APRA aligned platform
Resources relating to APRA CPS 230 and CPS 234
Managing CPS 230 Requirements: A guide for APRA-Regulated Entities and Financial Institutions
To help your organization operate in line with the new CPS 230 operational risk management standard, Camms have created this useful eBook to guide you
Operational Resilience Unveiled: The Integral Role of Business Continuity Planning in CPS 230
Robust operational resilience strategies are at the core of a successful, sustainable business. To support organisations to emerge stronger in the face of adversity, the
Beyond Recovery: How CPS 230 Empowers Businesses to Thrive Amidst Disruption
Why is CPS 230 so critical? Operational disruptions, whether they stem from internal processes, external events, or digital vulnerabilities, have the potential to disrupt business
Get started and request a demo of our APRA enabled GRC software platform
Fill out our simple form to see how the Camms’ platform can your support your organization to meet CPS 230 & CPS 234 requirements.