BigID for CPG 235

Learn how BigID can help organizations enhance their cybersecurity posture and protect sensitive data in accordance with the Australian Prudential Regulation Authority’s (APRA) CPG 235 guidance.

Get Started

Australian Prudential Regulation Authority 's CPG 235

APRA’s CPG 235 is a prudential practice guide (PPG) that provides organizations guidance on data risk management. This PPG aims to help effectively manage an APRA-regulated entity’s data risk profile through recommended frameworks, controls, and processes. Implementing a sound data risk management practice can facilitate business initiatives and help meet various compliance mandates.

BigID helps entities across Australia meet CPG 235 guidance using a modern data intelligence platform that combines deep data discovery, next-gen data classification, and risk management.

→ Discover & classify sensitive, personal, or regulated data
→ Proactively monitor data quality
→ Document the flow of data
→ Detect vulnerable data
→ Orchestrate data remediation & retention
→ Meet compliance mandates
→ Reduce exposure and mitigate data risk

Data Quality (16 a,b,c) & Principles-based Approach (22e)

Monitor the consistency, accuracy, completeness, and validity of your data in one place using the Data Quality App. Get statistics about columns, such as the inferred data type, average data length, empty or null data, and more. Classify data in tables and columns based on metadata and the actual data. The derived confidence level produced by BigID indicates the level of data quality.

Classification by Criticality and Sensitivity (18)

Leverage both traditional classification approaches, such as regular expression (RegEX) and pattern matching, along with modern techniques using NLP and ML to classify and categorize more types of data, more accurately, at scale. Use OOB definitions or define your own sensitivity levels to highlight data at risk and implement the right controls.

Use the RoPA Data Mapping App to centrally manage Record of Processing Activities (RoPA) to assess assets, protection, breach status, locations, DPIA, 3rd-party sharing, and transfers. Map data processing and sharing to assess the risk profile for a given business process. Build a Data Protection Impact Assessment (DPIA) process that flags risks associated with third-party data sharing.

Ongoing Compliance (24)

Detect changes in scanned data and create policies to detect specific scenarios, such as new PI detected in a data source, changes in the table structure, or the presence of PI in unauthorized or risky data sources. Automatically notify the right people via email or ticket systems. Allow external reporting or BI tools to leverage information collected by BigID.

Ongoing Compliance (25)

The Data Remediation App drives remediation workflows when BigID configured policies are triggered. Determine the right remediation actions such as deletion, masking, annotating, quarantining, and more.

Ongoing Assessment of Effectiveness (26)

The Data Remediation App also helps determine SLAs for resolutions to policy violations. Track the status of the remediation action items including the performance of SLAs. These statistics can be leveraged by external reporting or BI tools to drive awareness of progress and highlight improvement areas.

Data Architecture (27)

BigID’s in-depth data discovery lets you scan metadata of data sources and provide granular context. The Data Labeling App automatically applies labels to sensitive data with accuracy and ensures consistent enforcement of security and administrative policies across all of your data. The RoPA Data Mapping App helps document the flow of data within a business process.

Data Architecture (28)

BigID’s ML-driven Data Catalog provides deep data classification and cataloging with better accuracy, comprehensive insights, and shorter time to value. Get deep insights into data governance by incorporating active metadata and advanced classification. Layer technical, business and operational metadata to see data attributes and relationships for added context. Integrate and enrich existing MDM solutions to enhance functionality on both ends.

Retention (36, 37) & Publication (40, 41)

The Data Retention App helps centrally enact policy-driven retention management. Use data retention policies and business rules, define custom policies and apply them consistently across all of your data. Detect retention violations and integrate with the Data Remediation App to drive workflows. BigID’s open, REST-first architecture also allows you to easily integrate with third-party tools to drive last-mile remediation and retention actions.

Disposal (42)

By leveraging the Data Remediation and Data Retention App, ensure that the appropriate actions are taken when data reaches its end of life or the end of its retention period. Ensure that no sensitive data exists on data sources scheduled to be decommissioned.

Desensitization (44)

By leveraging the Data Remediation App and integrating with data security tools across your stack, leverage your most sensitive data to fuel digital transformation programs across analytics, data lake, machine learning, and artificial intelligence initiatives.

Get a demo

BigID Solutions for CPG 235