APRA Prudential Standard CPS 231 and Okta
Institutions regulated by the Australian Prudential Regulation Authority (“APRA”) must comply with Prudential Standard CPS 231 Outsourcing (“CPS 231”) when outsourcing a material business activity. A material business activity is “one that has the potential, if disrupted, to have a significant impact on the APRA-regulated institution’s or group’s business operations or its ability to manage risks effectively,” taking into account a variety of factors. The regulated institution must determine what it considers a material business activity.
This document is designed to help institutions regulated by APRA consider CPS 231 in the context of using the Okta Service, focusing on paragraphs 28 to 30 of CPS 231 (The Outsourcing Agreement).