APRA CPS 230
Mapping APRA CPS 230 to your AI tooling: a practical checklist
Translating CPS 230 material service obligations to Microsoft 365 Copilot, ChatGPT Enterprise, and Claude deployments — what changes when an AI vendor becomes a material service provider.
Incident response
Ransomware response, CPS 230, and the 24-hour decision
The technical incident response is the easier half. The harder half is the decision your executive will be asked to make at the 6-hour mark and again at the 24-hour mark, and whether your organisation has actually decided how to make it.
Third-party risk
Third-party risk after the supply-chain attack era
Most third-party risk programs in mid-market financial services are questionnaire factories. They produce paperwork; they do not produce risk reduction. After several years of supply-chain incidents, the realistic position has changed — here's what actually works.
Browse other topics
Get started
Bring AI risk under board oversight in two weeks.
A thirty-minute discovery call costs nothing. We confirm fit, scope, and timing, then issue a fixed-fee statement of work within two business days.