Submission

Friday, 8 June 2018

Draft CPS 234 – Information Security

AIST supports CPS 234 as a useful mechanism to promote increased focus on information security and to promote continuous improvement. AIST believes that the requirement to notify incidents to APRA within 24 hours should be clarified with respect to levels of seriousness, with less material breaches set to 5 working days. Clarification of notification of control weaknesses should also be clarified.