| 💼 74 Under CPS 234, an APRA-regulated entity must annually review and test its information security response plans to ensure they remain effective and fit-for-purpose. It is important that the success criteria for such tests are clearly defined, including the circumstances under which re-testing would be required. Test results could be reported to the appropriate governing body or individual, with associated follow-up actions formally tracked and reported. | | | | | no data |