Other Industry Regulations and Standards

Other Industry Regulations and Standards

Cyberspace has no borders, so Australia is also affected by the rapidly changing environment. Organisations need to be able to respond flexibly to existing threats and new vulnerabilities to defend against increasingly sophisticated methods of attackers. The Australian Government has therefore responded and developed the CPS 231 and CPS 234 standards.  

What is CPS? 


CPS is an Australian standard designed and implemented by the Australian Prudential Regulation Authority (APRA). The purpose of CPS is to ensure that regulated entities have sufficient information security protections implemented. Regulated entities include, in particular, the banking and insurance sectors. These requirements only apply to Australian branches.

Why do we need a CPS?


From 1 July 2020, third parties who handle regulated entities' information assets are required to comply with the CPS standard. The CPS is used to understand the sensitivity and criticality of information assets, incident management and establish security policies, among other things. By complying with the CPS, your organization will be able to objectively measure improvements in its cybersecurity posture.

BDO's approach


BDO provides companies with the ability to ensure compliance with Australian CPS standards either from the outset or to lose or consult on existing established practices. We will first review your documentation in detail and then commence verification work. Our output is a comprehensive CPS report that includes compliance sections according to the CPS standards. If you do not have the necessary documentation to verify the CPS standard, we can provide consultancy to create it in the pre-assessment phase.

What is HIPAA? 


HIPAA stands for the Health Insurance Portability and Accountability Act, which among other things sets forth privacy and security provisions for the protection of medical information. The HIPAA Privacy Rule addresses the use and disclosure of individuals' health information called "Protected Health Information (PHI)."

Why do you need HIPAA?


The HIPAA Privacy Rule is intended to ensure that an individual's health information is appropriately protected, while allowing for the protection of an individual's necessary health information that is needed to provide and support quality health care. The HIPAA Privacy Rule permits necessary uses of information while protecting the privacy of people seeking health care.

BDO's Approach 


If your organization is required to be HIPAA compliant, we can provide audit work to determine HIPAA compliance status and assist with the preparation of supporting documentation. 

Information security throughout the entire lifecycle can be classified as an important topic in the daily functioning of an organisation. The automotive industry is no exception, and here too it is advisable for suppliers and service providers to reassure customers that their information is safe. As a consequence, the TISAX Standard has been published.

What is TISAX?


The TISAX standard was developed by the registered trademark of the European Automotive Industry Association ENX. TISAX represents a certain standardisation of the level of security in the automotive sector. It also includes the key criteria of ISO 27001. Organisations in the automotive industry must prove compliance with the security criteria every three years.

Why do you need TISAX?


Assurance that their information is properly secured is important to clients. The German Association of the Automotive Industry (VDA) publishes a catalogue that contains key requirements and criteria to ensure the necessary level of security. Compliance with the VDA requirements can be demonstrated by TISAX certification. TISAX certification increases the level of security for organizations and thus their performance. TISAX is used to standardize and also to mutually recognize ISMS auditing in accordance with ISO 27001.

Main contacts