APRA and the Cloud: Organisations must be able to show their working
Conclusion: IT executives in financial services organisations have expressed frustration at the seemingly vague requirements of APRA, but this misses the true intention of APRA. APRA is not anti-Cloud, but the regulator insists that financial services organisations consult with APRA so that APRA can gauge the maturity of the proposed plan. This is not a mechanism to forbid Cloud, but rather a sanity check to ensure the stability of the Australian financial market by ensuring that organisations are not abrogating their risk identification and management responsibilities.
About The Advisor
James Turner is an IBRS emeritus Advisor who specialised in cyber security and risk and facilitates the CIO Cyber and Risk Network on behalf of IBRS. James has over a decade of experience as an industry analyst and advisor; researching the cyber security industry in Australia. As an IBRS Advisor, James authored over 100 IBRS Advisory papers, led dozens of executive roundtables, and presented at numerous conferences.