30/08/2024
The Security of Critical Infrastructure Act 2018 (the SOCI Act) creates a framework for the regulation and protection of critical infrastructure assets across the following 11 sectors:
- Communications
- Financial services and markets
- Data storage and processing
- Defence
- Higher education and research
- Energy
- Food and grocery
- Healthcare and medical
- Space technology
- Transport
- Water and sewerage
On 17 February 2023, the Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (CIRMP Rules) were registered under the SOCI Act and set out mandatory requirements for responsible entities.
From 17 August 2023, responsible entities that are subject to this obligation were required to comply with section 8 of the CIRMP Rules and must establish and maintain a process or system in the entity’s CIRMP under section 7 of the CIRMP Rules. Additionally, the inaugural board-approved annual report must be submitted by 28 September 2024.
When submitting the 2024-2025 CIRMP Annual Report, responsible entities must ensure the CIRMP establishes and maintains a process/system to comply with one of the below specified cyber frameworks or an equivalent framework:
The CIRMP obligations apply to the following assets:
- a critical broadcasting asset;
- a critical domain name system;
- a critical data storage or processing asset;
- a critical electricity asset;
- a critical energy market operator asset;
- a critical gas asset;
- a designated hospital;
- a critical food and grocery asset;
- a critical freight infrastructure asset;
- a critical freight services asset;
- a critical liquid fuel asset;
- a critical financial market infrastructure asset mentioned in paragraph 12D(1)(i) of the Act;
- a critical water asset.
The CIRMP Rules also provide for the CIRMP obligations to apply to ‘designated hospitals’ and assets used in connection with the operation of specific payment systems, being those that are critical to the security and reliability of the financial services and markets sector.
For more information or to see how Griffin Legal can assist you, email us at enquiries@griffinlegal.com.au