<!-- This is the markdown version of https://www.fixinc.io/disciplines/business-continuity-plan-for-cps-230-compliance -->
<!-- Canonical URL: https://www.fixinc.io/disciplines/business-continuity-plan-for-cps-230-compliance -->

# Business Continuity Plan for CPS 230

> Develop and maintain a Business Continuity Plan that meets CPS 230 obligations, protecting critical operations, defining tolerance levels, and providing boards and executives with confidence in meeting APRA's expectations.

*This content is available in full at: https://www.fixinc.io/disciplines/business-continuity-plan-for-cps-230-compliance*

CPS 230 requires APRA-regulated entities to maintain credible, board-approved Business Continuity Plans (BCPs) that ensure critical operations continue within tolerance levels during disruptions. Without a compliant BCP, organisations risk regulatory penalties, board-level accountability gaps, and weakened resilience. A well-structured plan provides compliance assurance, protects customers, and demonstrates operational strength.

## Service Delivery Approach

Fixinc delivers CPS 230-aligned BCPs through a four-step methodology:

1. **Plan**: Agile, first-principles planning ensures a smooth rollout of the refreshed program
2. **Do**: Business Continuity Plan for CPS 230 Compliance is rolled out smoothly across the organisation
3. **Check**: Draft plans are validated through testing and review processes
4. **Act**: Teams are prepared to activate the Business Continuity Plan in real-life disruption scenarios

## Service Deliverables

The service delivers a CPS 230-aligned BCP tailored to the organisation's business mix and complexity. The plan includes:

- Register of critical operations
- Defined tolerance levels
- Disruption response actions
- Resource and dependency mapping
- Communications strategy
- Support for annual reviews
- Board sign-off documentation
- APRA reporting requirements compliance

## Engagement Process

### Initial Consultation

A link will be sent via email from the Advisory team to schedule a convenient time for discussion via phone, Teams, Zoom, or in person. The 30-45 minute consultation discusses objectives, shares methodology, and addresses questions. A proposal and quote are delivered within 24 hours detailing scope of work. The final quote is provided for signing following a one-week discussion period. Proposals not signed within five weeks are considered not proceeding.

### Delivery Phases

**Review and Health Check**: All implementations start with a deep review of existing arrangements, setting benchmarks from best practice and ISO standards.

**Design and Develop**: With appropriate involvement from client teams, the Business Continuity Plan is built to the highest quality standards available.

**Validate**: Where appropriate, testing and validation provides tangible evidence of capability and maturity to stakeholders.

**Maintain**: A plan is built to ensure the Business Continuity Plan runs annually, maintaining momentum for embedded resilience.

## Frequently Asked Questions

**What is a CPS 230 Business Continuity Plan?**

A CPS 230 Business Continuity Plan is a board-approved framework that sets out how an APRA-regulated entity will maintain its critical operations within defined tolerance levels during disruptions. It is a mandatory requirement under APRA's Prudential Standard CPS 230.

**Why is a CPS 230 Business Continuity Plan important?**

CPS 230 requires financial institutions to demonstrate they can continue operating critical functions through severe but plausible disruptions. A compliant BCP ensures regulatory confidence, customer protection, and board assurance, while reducing the risk of penalties or intervention from APRA.

**What should a CPS 230 Business Continuity Plan include?**

A compliant BCP typically covers:

- A register of critical operations and tolerance levels
- Triggers for disruption and BCP activation
- Roles, responsibilities, and escalation pathways
- Recovery strategies for people, technology, and service providers
- Communications strategies for customers and stakeholders

**How does Fixinc support the development of a CPS 230 Business Continuity Plan?**

Fixinc designs, documents, and implements BCPs aligned to both ISO 22301 and CPS 230. This includes mapping critical operations, setting tolerance levels, integrating material service provider dependencies, and preparing board-ready documentation to meet APRA's expectations.

**How often should a CPS 230 Business Continuity Plan be reviewed and updated?**

CPS 230 requires BCPs to be reviewed at least annually, or sooner if changes occur in operations, technology, or service provider arrangements. Fixinc provides ongoing review and testing services to keep BCPs current and compliant.

**How do CPS 230 Business Continuity Plans link to testing and audits?**

CPS 230 requires that BCPs are regularly tested through scenario exercises and reviewed through internal audits. Fixinc integrates BCPs with a structured testing and audit cycle, ensuring both compliance and operational resilience.

**What role does the Board have in a CPS 230 Business Continuity Plan?**

Under CPS 230, boards are accountable for approving BCPs, setting tolerance levels, and overseeing testing outcomes. Fixinc ensures BCPs are structured for board oversight, providing the evidence and clarity directors need to meet their obligations.

## Related CPS 230 Compliance Disciplines

- [Business Impact Analysis for CPS 230](https://docs.fixinc.io/disciplines/business-impact-analysis-for-cps-230.md): Identify critical operations, dependencies, and tolerance levels to meet CPS 230 requirements
- [ISO 22301-Aligned BIA Review for CPS 230](https://docs.fixinc.io/disciplines/iso-22301aligned-bia-review-for-cps-230.md): Review and align existing Business Impact Analysis to APRA standards
- [ISO 22301 Gap Assessment for CPS 230 Compliance](https://docs.fixinc.io/disciplines/iso-22301-gap-assessment-for-cps-230-compliance.md): Identify gaps in operational resilience frameworks against ISO 22301 and CPS 230
- [Business Continuity Training for CPS 230 Compliance](https://docs.fixinc.io/disciplines/business-continuity-training-for-cps-230-compliance.md): Equip teams and executives to meet CPS 230 obligations
- [Desktop Scenario Exercises for CPS 230](https://docs.fixinc.io/disciplines/desktop-scenario-exercises-for-cps-230.md): Test ability to maintain critical operations within tolerance levels
- [Business Continuity Program Review and Audit for CPS 230](https://docs.fixinc.io/disciplines/business-continuity-program-review-and-audit-for-cps-230.md): Independent reviews and audits assessing compliance and resilience
- [ISO 22301-2019 Internal Audit Support for CPS 230](https://docs.fixinc.io/disciplines/iso-223012019-internal-audit-support-for-cps-230.md): Support internal audit teams to test business continuity controls

---

**View this page online:** https://www.fixinc.io/disciplines/business-continuity-plan-for-cps-230-compliance

For program inquiries: [Contact Fixinc](https://www.fixinc.io/contact) | info@fixinc.org | +64 800 349 462