💼 33 It is common for APRA-regulated entities to leverage existing business continuity impact analyses to assess an information asset’s criticality. APRA-regulated entities would also typically maintain processes to systematically assess information asset sensitivity.