Skip to content
BISTEC IT Services
Free download

CPS 234 Readiness Worksheet

A 12-question diagnostic that takes 20 minutes. Built from real APRA reviews of mid-market FS firms. Tells you which control is your weakest — before APRA tells you.

What is in it

Twelve questions across the four CPS 234 sections that drive the most APRA findings — §11 (roles and responsibilities), §13 (information-security capability), §15 (third-party assurance), and §35 (incident notification).

Each question is scored against a maturity rubric. The output is a one-page summary showing which section is your weakest control and what the next 90-day action looks like.

How it works

Download the PDF. Run through the 12 questions with your CISO and Head of Risk in one sitting — most teams complete it in 20 minutes.

The scoring is built so two reviewers should land within one point of each other on every question. The output drops into a board pack as-is.

Who it is for

APRA-regulated mid-market entities — banks, credit unions, mutuals, pension/super funds under $50bn AUM, mid-tier insurers. Specifically built for the FS-2 (CISO) and FS-3 (Head of Risk) buyer-pair.

If you are a tier-1 bank, this worksheet will not stretch you. If you are a sub-$5bn retail fund or a non-APRA-regulated fintech, it will help but other Privacy Act / NDB tools are a closer fit.

  • ISO 27001
  • Microsoft Solutions Partner
  • Great Place to Work — Asia Top 30
  • Senior security operations
  • APRA CPS 234 + CPS 230 alignment

Send me the worksheet

Email-gated. One nurture email per week, max. Unsubscribe in any email.

We will email you the worksheet at the address you provide and add you to a once-a-week nurture list. One email per week, maximum. You can unsubscribe in any email. We do not share your email with anyone. Full privacy details under Privacy Act / NDB compliance.

Submitting this form will open your email client with the message pre-filled. Or email hello@bistecitservices.com directly.

Senior security with named accountability.