Managing risk when using outsourced cloud computing services is key

  • APRA's prudential standards, while specific to APRA-regulated entities, set out a useful risk management matrix for all companies using OCCS.
  • APRA has recently published an updated information outlining their requirements.
  • Under the outsourcing prudential standards, companies are required to notify APRA after entering into a material outsourcing agreement.

APRA-regulated entities increasingly use OCCS (outsourced cloud computing services) to reduce margins and optimise the customer experience. Indeed, OCCS is now considered standard in many industries. To help APRA-regulated entities using OCCS, APRA has recently published an updated information paper titled ‘Outsourcing involving Cloud Computing Services’ outlining their requirements. 

APRA's prudential standards relevant to regulated entities include CPS Outsourcing [CPS 231]SPS 231 Outsourcing [SPS 231], and HPS 231 Outsourcing [HPS 231]. While the information paper and prudential standards are specific to APRA-regulated entities, they set out a useful risk management matrix for all companies using OCCS. In this article, we summarise these requirements to give APRA-regulated entities an overview of APRA's approach to risk management and prudential guidance principles.

This article is exclusive to Governance Institute members and subscribers.

To read the full article…

or Become a member