SOCI Compliance requirements – CIRMP Rules and cyber security frameworks

30/08/2024

SOCI

The Security of Critical Infrastructure Act 2018 (the SOCI Act) creates a framework for the regulation and protection of critical infrastructure assets across the following 11 sectors: 

  • Communications 
  • Financial services and markets 
  • Data storage and processing 
  • Defence 
  • Higher education and research 
  • Energy 
  • Food and grocery 
  • Healthcare and medical 
  • Space technology 
  • Transport 
  • Water and sewerage 

On 17 February 2023, the Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (CIRMP Rules) were registered under the SOCI Act and set out mandatory requirements for responsible entities. 

From 17 August 2023, responsible entities that are subject to this obligation were required to comply with section 8 of the CIRMP Rules and must establish and maintain a process or system in the entity’s CIRMP under section 7 of the CIRMP Rules. Additionally, the inaugural board-approved annual report must be submitted by 28 September 2024

When submitting the 2024-2025 CIRMP Annual Report, responsible entities must ensure the CIRMP establishes and maintains a process/system to comply with one of the below specified cyber frameworks or an equivalent framework: 

The CIRMP obligations apply to the following assets: 

  1. a critical broadcasting asset; 
  1. a critical domain name system; 
  1. a critical data storage or processing asset; 
  1. a critical electricity asset; 
  1. a critical energy market operator asset; 
  1. a critical gas asset; 
  1. a designated hospital; 
  1. a critical food and grocery asset; 
  1. a critical freight infrastructure asset; 
  1. a critical freight services asset; 
  1. a critical liquid fuel asset; 
  1. a critical financial market infrastructure asset mentioned in paragraph 12D(1)(i) of the Act; 
  1. a critical water asset.  

The CIRMP Rules also provide for the CIRMP obligations to apply to ‘designated hospitals’ and assets used in connection with the operation of specific payment systems, being those that are critical to the security and reliability of the financial services and markets sector. 

For more information or to see how Griffin Legal can assist you, email us at enquiries@griffinlegal.com.au  

Contact Us

Related Articles

Parental Leave for Casual Employees

For casual employees the unpredictability of their employment can be a major source of stress as often casual employees miss out on many of the entitlements that full-time and part-time employees enjoy. For many, this concern is further exacerbated when they learn that they are about to become a parent. It should therefore be of …
Read more

Purchasing an Off-the-Plan Property

The interest in “off-the-plan” properties is ever increasing and is becoming more popular for buyers. An off-the-plan purchase is one where the Buyer enters into a contract to purchase a property that has not yet been constructed. Due to the prolonged settlement period for an off-the-plan purchase it is imperative for buyers and sellers to …
Read more