The Australian Prudential Regulation Authority (APRA) is an independent statutory authority that supervises institutions across banking, insurance, and superannuation and promotes financial system stability in Australia.


ControlDescription
Roles and Responsibilities
Clearly define the information security-related roles and responsibilities of the board of the organization, senior management, governing bodies, and individuals.
Information Security Capability
Maintain an information security capability commensurate with the size and extent of threats to the organization's information assets.
Policy Framework
A policy framework would normally be informed by a set of information security principles that guide decision-making with regard to information security (refer to Attachment A for common information security principles).
Information Asset Identification and Classification
Classify these systems according to confidentiality, integrity, and availability, then further stratify them into low, medium, and high-risk levels to align sensitive data with the appropriate security ranking.
Implementation of Controls
Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls.
Incident Management

Develop an annually renewed incident management program that allows the organization to identify and respond to potential incidents in a timely manner.    

Internal Audit

Internal audit provides independent assurance that an organization's risk management, governance, and internal control processes are operating effectively.    



To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.