Compliance Standards
CPS 230 seeks to bring greater operational oversight into IT and business operations where APRA considers that there are currently unmonitored, operational risks associated with 3rd and 4th parties.
APRA is seeking to use CPS230 to address the following:
Control & Monitoring of failures:
Growing intolerance for disruptions:
Users and customers now rely on digital service delivery at unprecedented levels. There is an expectation that digital services work well and are always performing. Service delivery evolves to monitor dependencies and obligations.
Growing dependency on a critical number of service providers:
APRA-regulated organisations have a growing reliance on the service providers they partner with to maintain business operations. Monitoring of how service providers are delivering compliant services and reducing the risk of a technically complex supply chain. This includes ‘fourth parties’ and other downstream providers who are sub-contracted to a prime contractor.
Where does the board fit in monitoring Service Compliance?
APRA considers there is no expectation that the board is directly involved in day-to-day operational risk management. However, APRA does expect that the board has a precise knowledge of accountabilities for each entity which can impact operational risk management, business continuity and the governance and monitoring of service provider arrangements.
The Ikara Service Compliance platform uniquely provides the ability to assign specific controls or service warranties to independent or interdependent service teams and contractors. C-Level and boards can now be confident that there are no gaps in accountabilities and monitoring is purposefully aligned to protect 3rd and 4th party risks.