Skip to main content

APRA Connect information security

APRA has temporarily suspended the project to replace APRA’s Direct to APRA (D2A) data collection solution with APRA Connect in response to the COVID-19 situation. APRA will advise when the project recommences. 


Last updated: 12 March 2020

All information collected through APRA Connect will be encrypted in transit and at rest in both the test and production environments. This applies to all interactions with and functions of APRA Connect including user authentication and access.

Data storage

APRA Connect is hosted in APRA’s data centre in Australia and data provided by entities will remain within Australia.

Information Security Registered Assessors Program (IRAP) assessment

APRA is engaging with an independent party to conduct an Information Security Registered Assessors Program (IRAP) assessment, to ensure compliance with the Australian Government Information Security Manual. This process will ensure that APRA Connect’s security controls are appropriate and effective. APRA will also ensure APRA Connect successfully passes a vulnerability assessment and penetration test.

Security standards and guidance

APRA requires reporting entities to comply with the Prudential Standard CPS 234 Information Security, and take the necessary measures to be resilient against information security incidents. This includes protecting sensitive data in non-production environments. Entities are responsible for maintaining a secure environment when accessing the new solution from their own environment.

Draft data is stored in APRA’s database

Once return data is uploaded into APRA Connect, it is visible to APRA. This means that draft data uploaded, or data partially completed and saved in APRA Connect is accessible by APRA.

Subscribe for APRA Connect updates

You can register for APRA Connect email updates straight to your inbox.  

Contact us

You can contact us at