APRA CPS234 & Salesforce

If you're an APRA regulated entity, you need to be compliant with APRA CPS234.

 

The parts of CPS234 as related to your Salesforce environment are detailed below:

  • Information security capability

    • An APRA-regulated entity must maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity​

  • Policy framework

  • Information asset identification and classification

  • Implementation of controls ​commensurate with

    • the criticality and sensitivity of the information assets

    • the potential consequences of an information security incident

  • Incident management

    • An APRA-regulated entity must have robust mechanisms in place to detect and respond to information security incidents in a timely manner

    • Managing all relevant stages of an incident, from detection to post-incident review

  • Testing control effectiveness​

Let Platinum7 assist you with understanding how you can use Salesforce's built-in and optional security features to comply with these parts of CPS234.