TM
APRA CPS234 & Salesforce
If you're an APRA regulated entity, you need to be compliant with APRA CPS234.
The parts of CPS234 as related to your Salesforce environment are detailed below:
-
Information security capability
-
An APRA-regulated entity must maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity​
-
-
Policy framework
-
Information asset identification and classification
-
Implementation of controls ​commensurate with
-
the criticality and sensitivity of the information assets
-
the potential consequences of an information security incident
-
-
Incident management
-
An APRA-regulated entity must have robust mechanisms in place to detect and respond to information security incidents in a timely manner​
-
Managing all relevant stages of an incident, from detection to post-incident review
-
-
Testing control effectiveness​
​
Let Platinum7 assist you with understanding how you can use Salesforce's built-in and optional security features to comply with these parts of CPS234.