Skip to content

Featured Search

APRA's CPS 230 and Protecht ERM

Need to meet CPS 230? Meet our solution.

Cover all the requirements of the upcoming CPS 230 standards with Protecht’s single, off-the-shelf ERM software solution. Ensure that risk stakeholders, executives and the board have insight into critical operations, material service providers, risks and controls.

Request a demo Read brochure
Built by risk experts with deep experience in implementing solutions for Australian financial services, our solution delivers market leading features such as our CPS 230 reporting pack, critical process mapping, and purpose-built registers. 

Visualise and monitor critical operations.

Identify, understand and monitor your critical operations​.

  • Purpose-built tool lets you visually map critical operations end-to-end – to identify potential gaps, weaknesses and points of failure​

  • Know what processes, resources and managed services providers are necessary to deliver the critical operation with integrated data ​

  • Define and monitor tolerances in critical operations registers – time, data loss and service levels

  • Integrated data links critical operations to the plausible scenarios that may disrupt your business, so you can plan continued operation​

Elevate your governance with robust controls.

Strengthen your controls program to enhance board and senior management oversight​.

  • Analytic dashboards and reports help you identify areas of concern and remediation​

  • Controls design, implementation, review and assurance in a structured library that captures rich controls data linked to risks, obligations, incidents and frameworks ​

  • Ensure robust controls testing with testing templates and automation​

  • Link controls to the CPS 230 Framework library for compliance oversight

Simplify business continuity management.

Streamline your business continuity management​ and deal with incidents effectively.

  • The resilience and BCM module’s registers and dashboards delivers a single source of truth for business impact analysis, business continuity plans, recovery testing​

  • Integrate incident management data with risks, controls and business continuity records throughout the system​

  • Track and manage all APRA communications in register of regulator communications with automated workflow notifications​

Manage service providers with confidence.

Monitor and manage your material service providers​.

  • Identify and risk-manage material service providers (plus other third party service providers) in a dedicated workspace of registers, analytics, risk intelligence and metrics

  • Ensure CPS 230 compliance with our APRA-aligned report, making it easy to submit your material service provider register

  • Streamline due diligence with a portal for your vendors to complete questionnaires and complete follow up actions supported with workflow notifications

  • Know where MSPs impact critical operations through integrated data​

  • ​Dashboard to identify fourth parties and their concentration risk​

  • Consolidate contract information in the workspace​

Protecht ERM CPS 230 brochure.

How Protecht's integrated CPS 230 solution can streamline your journey towards not just compliance, but operational excellence and resilience.

Read brochure

CPS 230: How to apply the operational risk management standard.

Our eBook is a guide to compliance and a blueprint for enhancing operational risk management.

Download now

CPS 230 readiness checklist.

Assess your compliance with APRA’s CPS 230 using our structured readiness checklist.

Get the checklist

Operational resilience eBook.

How to integrate risk management, governance and continuity planning to protect your organisation and respond effectively to crises.

Read eBook

Webinar on demand

The road to CPS 230: Bringing resilience to life through scenarios.

Business continuity plans aren’t new to regulated entities, but CPS 230 introduces a significant shift: the requirement to set and measure tolerance levels for operational disruptions. This new standard elevates the importance of scenario testing as a key tool in assessing resilience effectiveness.

Join David Tattam, Chief Research & Content Officer, and Michael Howell, Senior Manager, Research & Content, as they explore practical strategies to enhance your scenario and exercising capability. Learn how to identify vulnerabilities, improve response coordination, and protect your stakeholders from real-world disruptions.

Watch on demand

Updated eBook

CPS 230: How to apply the operational risk management standard.

Our CPS 230 serves as both a guide to compliance and a blueprint for enhancing operational risk management. It lists the key requirements of CPS 230 and shows you how you can address them with Protecht ERM. Ensure your organisation is ready to meet the deadline.
Download now

Protecht ERM and CPS 230 requirements:

Protecht_Solutions_Icons_01_RiskManagement

Key principles

Protecht ERM helps entities to manage their operational risks, maintain critical operations, and manage service provider risks:

  • • Core ERM registers and dashboards
  • • BCM and operational resilience
  • • Vendor risk management

Protecht_Solutions_Icons_02_ComplisanceManagement

Operational risk management

Ensure you’re not only compliant but equipped with real-time insights and views of your risk landscape:

  • • Conduct risk assessments across the organisation, linked to controls management and assurance
  • • Consolidate policy, obligations and risk management
  • • Understand and monitor your risk profile
  • • Integrate controls management and assurance
  • • Monitor, escalate and manage incidents and manage incidents.

Protecht_Solutions_Icons_05_VendorRisk

Roles and responsibilities

Delineate roles, streamline processes, and make informed decisions in line with CPS 230 mandates:

  • • Users can be assigned as owners, reviewers, or be assigned actions in the system
  • • Automated notifications and reminders to achieve follow-up
  • • Analytics and dashboards provide actionable insights to make better and faster decisions
  • • Drill down to divisions and business units as required

Protecht_Solutions_Icons_03_OperationalResilience

Risk management framework

Ensure that your risk strategies are in harmony with your overarching objectives requirements:

  • • Governance, continuity plans and service provider management
  • • Consistent taxonomies and categorisation allow you to aggregate information for different audiences

Protecht_Solutions_Icons_06_AuditManagement

Business continuity

Always be prepared, with tools for visual mapping, tolerance level capturing, and recovery testing:

  • • Identify and manage critical operations and their disruption tolerance levels
  • • Identify and evaluate disruption scenarios, and link them to impacted processes, to critical operations and their tolerance levels
  • • Manage business impact analysis, business continuity planning and testing
  • • Map critical operations to supporting processes, people, resources and technology

Protecht_Solutions_Icons_07_WHSRisk

Management of service provider arrangements

Ensure you and your vendors can meet material service provider requirements:

  • • Identify and risk-manage all third-party service providers, including material service providers
  • • Streamline service provider due diligence with capabilities such as SIG questionnaires and integration with cyber risk ratings
  • • Consolidate contract information
  • • Find out where service providers impact your critical operations

On demand CPS 230 webinars:

Trusted by well known regulated financial services providers

  • australian_securities_investment_commission_(asic)-1
  • asx_operations_pty_ltd
  • bank_of_sydney_ltd
  • victoria_teachers_limited_(bank_first)
  • mystate_financial_ltd
  • nib_health_funds_limited

FAQ

These are some of the most common questions we receive from people around Protecht ERM and CPS 230. We have a wealth of additional resources available, so please get in touch if you don’t see your question answered here.

Contact us

What is the significance of operational risk management in CPS 230?

Operational risk management is a central component of CPS 230. The standard underscores the importance of robust controls management and a comprehensive understanding of critical operations. Entities must adopt a holistic view of operational risks, emphasising the safeguarding of critical operations. Protecht ERM provides solutions that align with CPS 230, offering tools for incident and breach management, regulator communications, and giving real-time insights into the risk landscape.

CPS 230 broadens APRA’s existing requirements on outsourcing to encompass a wider range of third parties. The introduction of the concept of material service providers necessitates enhanced due diligence and risk management for all providers supporting critical operations. This not only impacts regulated entities but also the service providers themselves. Entities must ensure consistent and robust service provider management across the board.

Business Continuity Plans (BCPs) are vital in CPS 230 to ensure that entities can continue their critical operations without disruption, even in adverse situations. The standard mandates that entities must have a BCP in place and regularly test its effectiveness. Protecht ERM aids organisations in aligning with this requirement by offering tools that ensure robust business continuity plans are in place and can be executed when needed.

APRA-regulated entities are required to adhere to the guidelines set out in CPS 230, which focus on managing operational risks and ensuring the continuity of critical operations. This includes maintaining comprehensive policies, conducting regular assessments, managing material service providers, and ensuring robust business continuity plans. Protecht ERM offers solutions tailored to help APRA-regulated entities meet these requirements, ensuring compliance and operational resilience.