Requirements for APRA regulated entities

If your company is an Authorised Deposit Taking Institution, General Insurer, Superannuation company, Life Insurer or Friendly Society and regulated by the Australian Prudential Regulation Authority (APRA) - you are required to carry out annual business continuity testing.

See here for the APRA Standard CPS 232.

In particular, the following clauses specifically address testing requirements:

28. A regulated institution must review and test its BCP at least annually, or more frequently if there are material changes to business operations, to ensure that the BCP can meet the BCM objectives. The results of the testing must be formally reported to the Board or to delegated management. 

29. The BCP must be updated if shortcomings are identified as a result of the review and testing required under paragraph

Continuity Matters makes it simple for your staff to carry out annual disaster recovery testing at a location away from your normal offices.

Other relevant standards

Please note that APRA has also released CPS Prudential Standard “CPS 220 Risk Management”, which covers all the aspects of Risk Management for regulated entities, including the appointment of the Chief Risk Officer.

See here for the APRA Standard CPS 220.