APRA CPS234 & Salesforce

If you're an APRA regulated entity, you need to be compliant with APRA CPS234.

 

The parts of CPS234 as related to your Salesforce environment are detailed below:

• Information security capability

  • An APRA-regulated entity must maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity​

• Policy framework

• Information asset identification and classification

• Implementation of controls ​commensurate with

  • the criticality and sensitivity of the information assets

  • the potential consequences of an information security incident

• Incident management

  • An APRA-regulated entity must have robust mechanisms in place to detect and respond to information security incidents in a timely manner​

  • Managing all relevant stages of an incident, from detection to post-incident review

• Testing control effectiveness​

​

Let Platinum7 assist you with understanding how you can use Salesforce's built-in and optional security features to comply with these parts of CPS234.