Add missing _index.org files for 7 sections: stages, ai-agents-scoping, compliance, impact, social-protocol, verification, resources — rebuild clean after file reorganization

2026-06-03 21:50:01 +00:00
parent ac99eed182
commit 9b795df14e
79 changed files with 156 additions and 77 deletions
--- a/projects/passepartout/strategy/compliance/compliance-regimes/apra-cps-234.org
+++ b/projects/passepartout/strategy/compliance/compliance-regimes/apra-cps-234.org
@@ -0,0 +1,28 @@
+:PROPERTIES:
+:ID:       904f5f12-ec9a-4cbf-854a-0b9b1e11a521
+:ID:       auto-apra-cps-234
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: APRA CPS 234 (Prudential Standard — Information Security)
+#+filetags: :passepartout:compliance:framework:apra:
+
+** APRA CPS 234 (Prudential Standard — Information Security)
+
+Australian Prudential Regulation Authority standard for regulated financial
+institutions. Requires: clearly defined information security roles and
+responsibilities, periodic cybersecurity capability assessments, robust control
+testing, timely remediation of control weaknesses, mandatory notification of
+material incidents to APRA within 72 hours.
+
+Who must comply: Banks, insurers, superannuation funds regulated by APRA.
+~500 entities.
+
+Penalties: APRA can impose capital requirements, license conditions, or
+license cancellation for non-compliance. Personal liability for board and
+senior management.
+
+Why it matters: CPS 234's control testing requirement creates demand for
+continuous verification — exactly what the gate stack and [[id:45258a2d-1675-562c-9024-5d1eb2f1ea56][evaluation harness]]
+provide. First-mover advantage: CPS 234 is mature (2019) but enforcement is
+escalating. No vendor provides a deterministic control-testing pipeline.
+