The grace period ends in July

CPS 234 is active. CPS 230 already requires 24-hour notification when a critical operation moves outside tolerance. You are liable for 72-hour reporting today. By July 2026, your entire operational resilience framework must be audit-ready.

See the solution Get the CPS 230 guide

The cost of downtime is rising

The regulatory landscape has shifted. Under APRA, Boards are now ultimately accountable for operational risk. The “tick-box” approach is now a personal liability.

88%

of executives expect a major incident this year.

$1M+

Average cost per incident for Australian businesses.

$5.3B

Annual cost of operational failures to the Australian economy.

The enforcement roadmap

Key dates for Australian financial services compliance

July 2019

Mandatory 72-hour reporting to APRA is in force.

May 2023

Mandatory ransomware reporting active.

July 2023

CPS 230 commenced.

Jan 2025

Ransomware reporting enforcement (fines apply).

Mar 2025

Financial Accountability Regime (FAR) operational. New personal accountability obligations.

July 2026
Deadline

CPS 230 full compliance. Legacy contracts must be transitioned.

Dec 2026

Privacy Act AI transparency deadline. Disclosure requirements begin.

Regulation to resolution

How PagerDuty supports your APRA and Australian regulatory obligations.

24-hour disruption reporting

Regulation: CPS 230 (business continuity)

Fix: Incident acceleration

Capture and escalate disruptions to critical operations in real time. When incidents move outside board-approved tolerance levels, workflows trigger immediately to support APRA notification within the mandatory 24-hour window.

Registered critical operations

Regulation: CPS 230 (critical operations & BCP)

Fix: Automated continuity execution

Support your register of critical operations with event-driven runbooks that trigger predefined recovery actions within approved tolerance thresholds.

Tolerance monitoring

Regulation: CPS 230 (tolerance levels)

Fix: Proactive escalation

Track disruption duration and severity against board-defined tolerance thresholds. Escalate before limits are breached to reduce regulatory exposure and operational risk.

Clock Icon

Beat the 72-hour clock

Regulation: CPS 234 & SOCI (notification obligations)

Fix: Intelligent triage and routing

Surface the right incidents fast. Intelligent routing ensures operational and security events are escalated quickly, supporting 72-hour APRA notification and 12-hour SOCI reporting.

Line Graph Icon

Audit-ready evidence

Regulation: CPS 230 & FAR (governance & accountability)

Fix: Automated operational timeline capture

Every alert, incident, escalation and action is time-stamped and attributable. Generate defensible evidence to support board oversight, APRA review and accountable person obligations under FAR.

APRA readiness toolkit

Technical guides and intelligence reports for your compliance journey.

State of service reliability in Australia

New data reveals operational failures cost the Australian economy $5.3B annually.

Read the report

Ahead of the curve: AFR intelligence report

Why market leaders are shifting from firefighting to proactive resilience.

Download report

Managing operational risk with PagerDuty

A technical guide to aligning PagerDuty features with CPS 230 requirements.

Read the guide

July 1, 2026 is non-negotiable

Your spreadsheets won't survive the audit. Secure your operational resilience today.

Contact us now

Trusted by leading Australian brands, and 30,000+ organisations worldwide