<!-- This is the markdown version of https://www.fixinc.io/service/cps230 -->
<!-- Canonical URL: https://www.fixinc.io/service/cps230 -->

# CPS 230 Compliance

> Prudential standard advisory services helping APRA-regulated financial institutions meet operational resilience requirements through business continuity planning, risk assessments, and compliance frameworks within 5 to 10 weeks. 

*This content is available in full at: https://www.fixinc.io/service/cps230*

Fixinc is a boutique, Sydney-based resilience consultancy that reviews current CPS 230 capability requirements to help organisations meet this regulation. The firm provides corporate resilience advisory services across Australia, New Zealand, and Malaysia.

## About CPS 230

CPS 230 is a prudential standard introduced by APRA to strengthen the operational resilience of financial services institutions in Australia. It requires organisations to establish frameworks that manage operational risks, ensure continuity of critical operations, and maintain third-party arrangements. Achieving CPS 230 compliance involves:

- Detailed risk assessments
- Business continuity planning
- Scenario testing
- Board-level oversight

The standard applies to banks, insurers, and superannuation trustees, ensuring they can withstand and recover from disruptions that could impact the broader financial system.

## CPS 230 Compliance Disciplines

A modular approach to building CPS 230 compliance programs through 8 disciplines that, if validated annually, ensure resilience. Each discipline can be adopted individually or combined to form a comprehensive compliance program.

### Business Continuity Plan for CPS 230 Compliance

Develop and maintain a Business Continuity Plan (BCP) that meets CPS 230 obligations. Plans protect critical operations, define tolerance levels, and provide boards and executives confidence in meeting APRA expectations.

- [Business Continuity Plan for CPS 230 Compliance](https://docs.fixinc.io/disciplines/business-continuity-plan-for-cps-230-compliance.md): BCP development meeting APRA requirements

### Business Impact Analysis for CPS 230

Meet CPS 230 requirements by identifying critical operations, dependencies, and tolerance levels. The BIA process ensures APRA-regulated entities can demonstrate resilience and compliance across banking, insurance, superannuation, and health sectors.

- [Business Impact Analysis for CPS 230](https://docs.fixinc.io/disciplines/business-impact-analysis-for-cps-230.md): Critical operations identification and analysis

### Business Continuity Training for CPS 230 Compliance

Equip teams and executives to meet CPS 230 obligations with tailored business continuity training. Training builds awareness, capability, and confidence to manage disruptions and critical operations in line with APRA requirements.

- [Business Continuity Training for CPS 230](https://docs.fixinc.io/disciplines/business-continuity-training-for-cps-230-compliance.md): Team and executive resilience training

### ISO 22301-Aligned BIA Review for CPS 230

Review and alignment of existing Business Impact Analysis to CPS 230 standards. Ensures compliance with APRA requirements on critical operations, tolerance levels, and service provider dependencies.

- [ISO 22301-Aligned BIA Review](https://docs.fixinc.io/disciplines/iso-22301aligned-bia-review-for-cps-230.md): BIA review and alignment services

### Business Continuity Program Review and Audit for CPS 230

Independent reviews and audits that assess compliance, resilience, and readiness to maintain critical operations. Provides board confidence that business continuity programs meet CPS 230 requirements.

- [Business Continuity Program Review and Audit](https://docs.fixinc.io/disciplines/business-continuity-program-review-and-audit-for-cps-230.md): Independent compliance assessment

### ISO 22301-2019 Internal Audit Support for CPS 230

Strengthens audit capability with independent support ensuring CPS 230 compliance. Helps internal audit teams test business continuity controls, identify weaknesses, and provide assurance to boards and APRA.

- [ISO 22301-2019 Internal Audit Support](https://docs.fixinc.io/disciplines/iso-223012019-internal-audit-support-for-cps-230.md): Internal audit support services

### Desktop Scenario Exercises for CPS 230

Test ability to maintain critical operations within CPS 230 tolerance levels through practical, board-level scenario exercises. Exercises demonstrate compliance and strengthen resilience across APRA-regulated entities.

- [Desktop Scenario Exercises](https://docs.fixinc.io/disciplines/desktop-scenario-exercises-for-cps-230.md): Board-level scenario testing

### ISO 22301 Gap Assessment for CPS 230 Compliance

Align operational resilience frameworks with both ISO 22301 and CPS 230. Gap assessment identifies where APRA-regulated entities fall short on business continuity, critical operations, and service provider oversight.

- [ISO 22301 Gap Assessment](https://docs.fixinc.io/disciplines/iso-22301-gap-assessment-for-cps-230-compliance.md): Compliance gap identification

## Program Approach

Fixinc approaches CPS 230 compliance by simplifying processes, returning to first principles, and standardising programs so anyone can adopt planning and response methods. Programs are delivered through collaborative partnerships with strong communication.

**Key Program Elements**:

1. **Phase**: CPS 230 Compliance is the Planning Phase of the [Tungsten Diamond](https://docs.fixinc.io/tungsten-diamond.md) lifecycle
2. **Maturity**: Involves 8 [Disciplines](https://docs.fixinc.io/disciplines.md) to reach full maturity
3. **Maintenance**: Makes up a third of the [Maintenance Program](https://docs.fixinc.io/maintenance-program.md) offering
4. **Action**: Start a CPS 230 Compliance program within 48 hours with a [Consultation package](https://docs.fixinc.io/consultation.md)

## The Tungsten Diamond

The Tungsten Diamond model measures CPS 230 compliance maturity across the full corporate resilience spectrum, from compliance and planning through to real-time response and technology.

- The [Advisory Board](https://docs.fixinc.io/advisory-board.md) supports end response
- The Directory and Resilience Services provide ongoing access to [tools](https://docs.fixinc.io/technology.md), insights, and partnerships needed to strengthen planning
- [Tungsten Diamond](https://docs.fixinc.io/tungsten-diamond.md): Resilience framework and maturity model

## Technology Solutions

### Digital Business Impact Analysis

Online toolkit for conducting and managing business impact assessments with multi-channel communication during critical events.

- [Business Impact Analysis Software](https://docs.fixinc.io/technology/business-impact-analysis.md): Digital BIA platform

### Client Portal and Advisory Board

Client portal access with emergency notification and crisis management capabilities through FACT24 platform.

- [Client Portal](https://docs.fixinc.io/technology/client-portal.md): Digital client management platform

### Digital Business Continuity Plans

Centralised platform for developing and maintaining continuity plans with integrated response coordination.

- [Online Business Continuity Plans](https://docs.fixinc.io/technology/online-business-continuity-plans.md): Digital BCP platform

## Lead Advisor

Brad Law serves as Global Head of Consulting with over 30 years in business continuity, IT, and crisis leadership across the UK, Europe, Asia, and Oceania. He is the architect behind the Tungsten Diamond framework and has supported governments, banks, universities, and utilities through real-world crises.

**Experience Highlights**:

- Frontline crises to boardroom strategy across four continents and major sectors
- Actionable advice grounded in real events rather than generic frameworks
- Focus on co-creation of resilience with client organisations
- [Book a Consultation](https://docs.fixinc.io/consultation.md): Schedule a session with Brad Law

## Frequently Asked Questions

**How do we begin working with your organisation?**

Start with an initial consultation through a 45-minute discovery call, followed by a digital proposal outlining services, approach, timeframes, and investment. An engagement meeting is conducted within a 4-week window after signing, then the program begins.

**How do you ensure program adoption across the organisation?**

Combination of engagement strategies including stakeholder workshops, training sessions, communication campaigns, and practical exercises. Relationships with key team members are built through email campaigns, one-on-one meetings, and professional networking.

**Do you provide ongoing support after the program is implemented?**

Yes, ongoing support is a core service offering outcome. Fixinc seeks to build lifelong partnerships with individuals and organisations to support continuous resilience capability growth.

**What makes Fixinc different from other resilience solutions?**

Simplicity of programs. Resilience can be a simple, modern skill developed through building a culture of resilience and removing complexity from bulky plans and poor technology.

**How long does it typically take to implement a comprehensive resilience program?**

Implementation timeframes vary based on organisation size and complexity, typically ranging from 6 to 9 months. Programs can be phased to address priority areas first. Quickest program rollout was 4.5 weeks.

**How does Fixinc customise resilience programs for different industries?**

Programs are tailored based on industry-specific risks, regulatory requirements, and business goals through detailed assessments. Technology partnerships provide access to threat intelligence data sets for tailored programs.

**What information do you need from us to get started?**

Understanding of current resilience capabilities, regulatory obligations, key risks, and strategic objectives. Detailed information request provided once engagement scope is agreed via client portal.

**How do you determine the cost of your services?**

Pricing based on scope of services, organisation size, and complexity. Detailed proposals with clear deliverables provided. Typical client business continuity budget ranges from $45,000 annually to $55,000-$100,000 for entire resilience programs.

**How do your services help organisations become more resilient?**

Comprehensive services help organisations prepare for, respond to, and recover from disruptions through integrated approaches to emergency management, crisis management, IT disaster recovery, and business continuity planning aligned with international standards and local regulatory requirements.

**How long does it take for a program to be rolled out?**

Typically a single program takes between 5 weeks and 3 months. Streamlined project management processes and technology create implementation plans for seamless delivery.

**What ROI can organisations expect from implementing these programs?**

Benefits include reduced impact of disruptions, improved stakeholder confidence, competitive advantage, and reduced insurance premiums. Case studies demonstrating value realisation available.

**What types of organisations do you typically work with?**

Medium to large-sized organisations across New Zealand, Australia, and Malaysia in public and private sectors. Clients include financial institutions, government agencies, healthcare providers, and major corporations. See [Industries](https://docs.fixinc.io/industries.md) for full list.

**What support do you provide for CPS 230 compliance in Australia?**

Specialised consulting services including risk assessment of third and fourth party suppliers, operational resilience framework development, and implementation support aligned with regulatory obligations.

**How much does a typical program cost?**

Programs typically start from $10,000 AUD. Reviews are as little as a few thousand. Initial quotes provided within the same day of enquiry. Flexible arrangements available for budget constraints.

---

**View this page online:** https://www.fixinc.io/service/cps230

For program inquiries: [Contact Fixinc](https://www.fixinc.io/contact) | info@fixinc.org | +64 800 349 462