On this page💼 28 Incident management - Incident response testing ID: /frameworks/apra-cpg-234/28 Stats​ not available Description​ Empty... Similar​ Internal ID: dec-b-b27927d4 Sub Sections​ SectionSub SectionsInternal RulesPoliciesFlagsCompliance💼 74 Under CPS 234, an APRA-regulated entity must annually review and test its information security response plans to ensure they remain effective and fit-for-purpose. It is important that the success criteria for such tests are clearly defined, including the circumstances under which re-testing would be required. Test results could be reported to the appropriate governing body or individual, with associated follow-up actions formally tracked and reported.no data