AWS Security Blog
Two New Documents to Help You Navigate Australian Prudential Regulation Authority (APRA) Requirements
Note from May 28, 2020: The features and services described in this post have changed since the post was published and the procedures described might be out of date and no longer accurate. Please see https://aws.amazon.com/blogs/security/new-guidance-navigate-australian-prudential-regulation-authority-requirements/ for the most recent information.
AWS has published two new documents to help Financial Services customers understand how to operate in the cloud within the requirements of the Australian Prudential Regulation Authority (APRA). These documents continue AWS’s efforts to help customers navigate Australian regulatory requirements in a shared responsibility environment.
The two new APRA-related documents are:
- AWS User Guide to Financial Services Regulations and Guidelines in Australia – Summarizes APRA requirements and recommendations related to outsourcing, IT risk, and the cloud. This 34-page whitepaper is intended for APRA-regulated institutions looking to run material workloads in the cloud. It’s particularly useful for leadership, security, risk, and compliance teams that need to understand APRA requirements about outsourcing policies, agreements, and notification and consultation with APRA.
- The APRA CPG 234 Workbook (download through AWS Artifact; an AWS account is required) – Includes a detailed analysis of the APRA CPG 234 guidelines and how they map to AWS controls. APRA-regulated institutions can use this 53-page guide when conducting technical due diligence before running material workloads in the cloud.
These documents join existing guides for other jurisdictions in the Asia Pacific, such as India, Singapore, and Hong Kong. We will release additional AWS Financial Services resource guides in 2018 to help you navigate regulatory requirements in other markets around the world.
– Oliver