Get our free CPS 230 eBook

Earlier this year we published a series of articles on APRA Prudential Standard CPS 230 Operational Risk Management (CPS 230).

In June, APRA finalised its Prudential Practice Guide on CPS230 (CPG 230).

We’ve now combined our articles and updated them for CPG 230 in a free eBook which you can download by clicking on the button below.

Day One Checklist

APRA has also published a handy “day one checklist” which summarises CPS 230 requirements and sets out a suggested order of implementation. The requirements in order are:

1. Critical Operations (COs) are identified.

2. Tolerances are defined and approved by the Board for COs (time, data loss, and service level).      

3. Material Service Providers (MSPs) are identified.          

4. Notifications are operational for material events, tolerance breaches and MSP changes.            

5. Board Governance & Oversight is in place and clear roles and responsibilities are set.              

6. Risk Profiles & Reporting is established and supporting oversight accountabilities.  

7. Accountability for COs, MSPs, and monitoring is in place.        

8. Contract Updates have an extension of 12 months per paragraph 7 of the standard.

9. Business Continuity Management (BCM) shifts to a Critical Operations focus.

10. Scenarios align with BCM uplift and focus on severe yet plausible scenarios for Critical Operations and Material Service Providers.  

Need help with CPS 230?

If you are an APRA regulated entity, remember to contact us if you need assistance with legal issues when implementing CPS 230.

Kathleen Harris and Patrick Dwyer
Legal Directors