APRA CPS 234 & ISO 27001 Compliance & Gap Assessment

eStorm Australia assists financial and insurance firms in identifying and meeting the requirements outlined in APRA CPS 234 and ISO 27001. Achieve compliance today, with minimal disruption to your daily operations


Fast-track APRA CPS 234 Compliance & ISO 27001 Certification with eStorm Australia

Your financial or insurance organisation may already have cyber and information security policies and procedures in place, but are they enough to meet the requirements of APRA CPS 234? eStorm can help you find out!

With rises in the frequency and sophistication of cyber-attacks globally, regulations are continually evolving to stay on top of new threats and risks to information assets. Financial and insurance institutions are disproportionately targeted by adversaries due to confidential data on their networks (such as personally identifiable information and protected health information) that could lead to monetary rewards.

The APRA CPS 234 standard tackles the ever-evolving cyber security threat landscape by requiring APRA-regulated entities to continuously improve on their overall information/cyber security maturity and posture.

We help regulated-entities across Australia meet the requirements for APRA CPS 234 & ISO 27001 certification.
ISMS Experts

Having gone through the ISO 27001 certification and other regulatory Standards ourselves, we're dedicated to getting your organisation to the finish line no matter the obstacles. Fast-track your certification, achieve CPS 234 compliance, and build lasting effectiveness of your information security management system.


Meeting APRA's regulatory requirements can be an overwhelming, time-consuming and frustrating experience. We can change that. We have helped dozens of businesses across Australia achieve compliance for regulatory standards as seamlessly and painlessly as possible.

Complete Support

From consulting to implementation, eStorm Australia will provide tailored support to achieve your certification and compliance goals no matter where you are in your APRA CPS 234 or ISO 27001 journey. We promise to give you the confidence that your project is compliant with APRA standards and ready to seek official certification.


What is APRA CPS 234?

All entities regulated by APRA are required to adhere to and comply with CPS 234 requirements. CPS 234 is a prudential standard that aims to ensure financial and insurance institutions take measures to be resilient against information security incidents. CPS 234 ensures your organisation has:

  • Improved resilience against cyber attacks, data breaches and other security threats
  • Adequate risk management and policy frameworks
  • Appropriate security controls implemented and tested
  • Recognition of the information security risks and threats unique to your institution
  • Awareness of the designated information security tasks, roles and responsibilities within in your organisation
  • Identified your information/cyber security posture and maturity
  • Designed an incident response plan for notifiable cyber security incidents
iso 27001 logo

What is ISO 27001?

Covering aspects of information security, physical security, cyber security, data privacy, and business improvement, ISO 27001  is the global benchmark of security and management standards. The benefits of ISO 27001 certification include:

  • Competitive advantages and partner/client confidence by proving your organisation is committed to the protection of information and sensitive data
  • Identifies risks posing a threat to your organisation and objectives
  • Designed to comply with relevant laws and regulatory requirements globally
  • Delivers a risk-based framework for enhancing security and business development procedures
  • Provides peace of mind that your sensitive data is resilient towards evolving cyber attack trends

Combine APRA CPS 234 & ISO 27001 Certification

While APRA CPS 234 and ISO 27001 are seperate standards, there are many correlations between the two. We advise financial and insurance institutions to achieve ISO 27001 certification for a number of reasons, with the main reason being this: ISO 27001 facilitates APRA CPS 234 compliance.

Yes, you heard that right. Certification can make APRA compliance EASIER. Why? Because ISO 27001 is globally recognised as the leading information security management system, and covers every aspect of your information security. It was designed to comply with legal and prudential standards around the globe, including CPS 234.

Furthermore, most, if not all, of the requirements in CPS 234 align with the ISO 27001 Annex A controls. This means achieving ISO certification will clearly evidence you have implemented the necessary controls to meet the requirements for compliance. View this PDF for an in depth side-by-side view of the ISO 27001 controls matching each CPS 234 requirement.


eStorm's APRA CPS 234 Compliance & Assessment Services

eStorm Australia offers a host of APRA CPS 234 & ISO 27001 services ranging from complete end-to-end implementation to get you certified and compliant, gap assessments to identify compliance issues, recommendations for improvements, and more.
Cyber Security Audit

Our APRA CPS 234 and ISO 27001 cyber security audit assesses your practices to determine where your controls are lacking and how they currently map to APRA CPS 234 and ISO 27001. The audit will identify glaring risks in your IT and information security while also determining your current security sophistication and maturity.


Compliance Strategy & Consulting

We have extensive experience helping organisations in the financial industry solve their cyber and information security challenges. We understand one size doesn't fit all, so we work closely with key business leaders and stakeholders to create a compliance strategy that is tailored to the specific requirements of your business.

Risk & Gap Assessment

eStorm Australia adopts a pragmatic approach when assessing your organisation's compliance against APRA CPS 234 and ISO 27001. Our gap assessment provides a set of recommendations that address identified gaps against APRA CPS 234, plus any improvement opportunities to strengthen exisiting controls.

Implementation & Microsoft Security

It's vitally important you implement the security controls in a way that aligns with the requirements to achieve certification. We can assist with deploying security solutions and effectively implementing the security controls, with minimal disruptions to your daily operations.


Get a 77% headstart with eStorm & ISMS.online

Pre-configured ISO 27001 Requirements

ISMS.online's ISO 27001 solution comes pre-configured and saves you time from setting up your own complicated folder structures, permissions and version controls which can often end up messy and difficult to follow.

Toolkits & Templates

ISMS.online provides a plethora of tools to effortlessly achieve ISO 27001 compliance while supporting business continuity. The platform comes pre-configured with ISMS elements you need for success, such as risk registers, an interested parties map, asset inventory, incident management, procedure documentation, staff awareness/compliance assurance, and much more!

Assured Results Method

The ISMS.online Rest Assured Results Method lays out a clear and practical path to first time ISO 27001 success. The method shows you how to take advantage of shortcuts and avoid pitfalls and shares simple, practical guidance through to certification.

isms_horiz_main copy

Carl Mathieson

Head of ICT | Queensland Country Bank

"As a member-owned bank we’re always looking out for the best interests of our Members so we conducted research for a suitable tool which enables us to report to APRA, our Board and Executives on our compliance against the standard. From our first encounter with the ISMS.online platform, it was clearly the tool for us to coordinate and control our Information Security Management System and Business Continuity Management System all in one place. The fact that ISMS.online was able to respond so rapidly to our data sovereignty requirement with a local hosting service was impressive, and it gives us confidence in what to expect from their future service levels. We’re really looking forward to working with ISMS.online to make this a success for us, and for other mutual financial institutions in Australia."

Talk to a consultant today!

To get started on simple, secure and fast-tracked ISO 27001 certification

Invalid Email
Invalid Number

Achieving APRA CPS 234 Compliance can be an overwhelming, time-consuming and frustrating experience.

We can change that.


Case Studies

Get business driven results with eStorm.

The internal IT Manager at Silky Oaks left with no notice and very little documentation. Silky Oaks approached eStorm to assist in keeping their systems operational while they assessed their ongoing IT requirements.


Lighthouse Christian School promoted their junior technician to a management role after the departure of their previous IT manager. The new manager felt he was still developing his IT knowledge and experience, and thus would not be able to single-handedly run the school’s IT. LCS then endeavoured to find a Managed Service Provider that could provide supplemental IT support and services.


To meet the needs of a large client, Liquid Animation worked with eStorm to architect a solution that allowed international animators to seamlessly access data. This was achieved using a combination of cloud-based work stations and Amazon Web Services.

Liquid Animation

Related Articles

The NEW Apple Classroom. Is it right for your Institution?
By eStormAdmin | April 29, 2016

SO WHAT IS APPLE CLASSROOM? First of all, Apple Classroom is not really like Google Classroom. Google Classroom is more equivalent […]

Solid State Drives vs Traditional Hard Drives. Which is right for you?
By eStormAdmin | April 19, 2016

  Gone are the days of simply choosing the drive that had the largest capacity that your budget could afford. Solid-state drives […]

Industry Standards: How does your IT provider compare?
By eStormAdmin | January 29, 2016

If you’re a non-techie who has been left to look after the IT department of your workplace, you may be […]

Work better with eStorm

See why businesses all across Australia and NZ partner with eStorm Australia