Cloud infrastructure makes life for financial service institutions far more simple via a consolidated toolbox, streamlined collaboration, less downtime, and more IT hours allocated for innovation. That said, the largest obstacle in this industry is compliance.

If you can’t keep your customer’s data safe, you don’t have a business. That’s why the Australian Prudential Regulation Authority (“APRA”) ensures that financial services meet security requirements to protect customers and institutions alike. 

To better help the financial service sector modernise with the cloud, we are highlighting APRA’s Prudential Standard CPS 234 as well as Atlassian’s outsourcing guidance on how to use and handle data as to meet APRA’s requirements. 

The objectives of Prudential Standard CPS 234

CPS 234 is meant to corroborate APRA-regulated companies’ defence against cybersecurity threats and ensure their capabilities scale with ever-evolving vulnerabilities. In this prudential standard, APRA-regulated companies are also called upon to maintain due diligence obligations for when said companies outsource information assets to a third-party.

CPS 234 declares that APRA-regulated companies must:

  • detail strict data security roles and responsibilities
  • be able to match their security capabilities at scale with their threats
  • execute consistent testing of implemented controls to protect information
  • immediately alert APRA of data security incidents
Outsourcing Guidance:

For more information on how your APRA-regulated enterprise can stay CPS 234-compliant, head over to our outsourcing guide.

Contrary to many cloud misconceptions, migrating can actually improve data security. With Atlassian Cloud your organisation’s data is stored in state-of-the-art data centers with zero trust security leveraging multiple stages of checks and re-checks of credentials. This allows for accelerated detection of data breaches and further mitigates the effects of a worse case scenario breach.

According to Jodie Vlassis, a Senior Cyber Security SME for Atlassian’s Trust team, states Trust & Security will always remain our number 1 top priority for securing customer data.

APRA 234 is designed to guarantee regulated bodies possess strong capabilities for preventing, detecting, and responding to cyber security threats. By addressing APRA 234 as part of our Compliance program, we provide that assurance to our customers that we are aligned to these regulated industries and grow confidence with our customers we have robust mechanisms in place to protect our customer data.”

Atlassian has compiled an all-in-one compliance portal called Trust Center to help customers view real-time status reports on security, reliability, privacy, and compliance between all Atlassian tools which helps APRA-regulated institutions meet due diligence requirements of third-party platforms and apps. For financial services who have yet to migrate to the cloud due to compliance concerns, our Trust Center provides a list of all data security certifications that Atlassian Cloud meets so that you can know for sure that you’ll be completely APRA compliant.

Our APRA 234 outsourcing guidance offers specific mappings to each requirement and how Atlassian Cloud Enterprise assists you in meeting your obligations, including information on audit rights, the right to issue instructions, data security, termination, and chain outsourcing.

Atlassian’s approach to security:

To learn more about our commitment to safeguarding customer data, visit our Security Practices page.

Next stop, Atlassian Cloud

Now that financial services can compliantly be migrated to cloud infrastructure for improved security as well as future-flexibility from improved visibility and pivot times, where does one begin? Atlassian’s Migration Program Planning Center is a great way to find all the resources your enterprise can use to assess your migration needs while developing and testing your runbook.

The best way to start visualising your change management plan is with Atlassian’s Cloud Adoption Toolkit. Although security can be improved with Atlassian Cloud, an unsupported migration can bring unforeseen challenges into play, in the meantime make sure to check out our Cloud migration guide to know what to expect and how to leverage the help you will need.

FinServ Compliance: A cloud-based approach to APRA’s CPS 234