CPS230 NAB Notes

Question 1

What are the two main goals of CPS 230?

Answer 1

1. Strengthen Operational Resilience
2. Minimising impacts to customers from disruptions to Critical Operations.

Question 2

What are the 4 key ways CPS 230 aims to strengthen operational resilience?

Answer 2

1. Identifying Critical Operations and minimising the impact of disruptions across these.
2. Strengthening the management of operational risks.
3. Improving business continuity planning.
4. Enhancing third-party risks management.

Question 3

What CPS will CPS 230 operate alongside of?

Answer 3

CPS 234 Information Security

Question 4

What CPS’s will CPS 230 replace?

Answer 4

• CPS 231 Outsourcing
• CPS 232 Business Continuity Management

Question 5

What are our three key compliance dates (applicable at a Group-wide level)?

Answer 5

• 31 Dec 2024 - Internal Readiness Target as recommended by NAB Board
• 1 July 2025 - APRA effective date of new standard
• 1 July 2026 - APRA effective date for all pre-existing Contacts with Material Service Provides to be updated.

Question 6

Why do we need Program Work Streams to comply with CPS 230?

Answer 6

A gap analysis identified areas we need to uplift - this will be done by the Program Work Streams

Question 7

What are the 5 Program Work Streams delivering some kind of uplift to achieve compliance with CPS 230?

Answer 7

1. Critical Operations Framework
2. Service Provider Management
3. Business Continuity Management
4. Operational Risk Management
5. Compliance Frameworks

Question 8

What are the 3 Enabling Activities supporting the Program Work Streams?

Answer 8

1. Governance & Reporting
2. Technology Enablement
3. IT Resilience