08 Jul New APRA Guidelines on Cloud
What are the key elements of APRA’s cloud guidelines? How will they work in practice?
APRA’s Information Paper recognises that public cloud is inevitable for financial services. The Paper provides constructive guidelines for managing risks in a cloud world. By way of exception, APRA questions the appropriateness of migrating critical systems of record to the public cloud.
APRA’s approach to risk is very broad. APRA focuses on “observed weaknesses” in current practices, and sets out useful checklists for best practice migration of APRA-regulated entities to cloud services. APRA also encourages financial sector entities to consult with APRA before entering into cloud services arrangements with a “heightened inherent risk”.
APRA’s Information Paper is not just essential reading – it warrants detailed scrutiny and analysis at a practical level. The guidelines and checklists provide an excellent starting point for implementing best practice in relation to migration to cloud services.