The Federal Government launched the Security of Critical Infrastructure (SOCI) Act (2018) to promote improved preparedness and resilience of critical infrastructure assets in Australia.

Download SOCI Act Checklist

Building resilience against escalating cyber threats

The SOCI Act aims to establish Australia’s defences against escalating cybersecurity threats impacting critical infrastructure assets. The SOCI Act establishes a regulatory framework to provide continuity and reliability of service, while also bolstering the country’s capacity to respond to and recover from potential cyber-attacks and other emergencies.

Lanscape Photograph of Warragamba Dam, NSW

What Industries does the SOCI Act apply to?

The SOCI Act has been introduced to protect Critical Infrastructure assets, systems, and networks that if impacted, can significantly impact the social, economic wellbeing of Australia and/or impact national security.

The SOCI Act applies to the following 11 sectors:
  • Communications
  • Financial services and markets
  • Data storage and processing
  • Defence
  • Higher education and research
  • Energy
  • Food and grocery
  • Healthcare and medical
  • Space technology
  • Transport
  • Water and sewerage

Helping you navigate Complexity

SYSTRA ANZ are there with you every step of the way. To get you started your SOCI Act journey, we have developed a simple checklist to help you for organisations aiming to stay compliant. By using the checklist, you can identify potential vulnerabilities, implement necessary safeguards, and stay ahead of compliance deadlines, ultimately protecting your organisation and infrastructure from threats and avoiding costly penalties.

Download

What is needed to comply with the SOCI Act?

The SOCI Act imposes security obligations on businesses operating within the critical infrastructure sectors. This includes the:

  • Register of Critical Infrastructure Assets obligation
  • Risk Management obligation
  • Mandatory Cyber Incident Reporting obligation.

Critical Infrastructure Risk Management Program (CIRMP)

The CIRMP requires that:

  • an all-hazards risk assessment be undertaken including natural disasters and supply chain hazards
  • a cyber security standard be selected and incorporated
  • the entity demonstrates compliance across four security pillars: personnel security; physical security; governance security and information security, including cybersecurity.

Note: Businesses responsible for Systems of National Significance may have additional Enhanced Cyber Security Obligations applied to their assets. We can manage Protected Information discussions.

Communications satellite

What are the key dates to be aware of?

14 August 2024

Responsible Entities must incorporate the cyber security framework into their Critical Infrastructure Risk Management Programs

28 September 2024

Last date for Responsible Entities to submit Annual Report on Critical Infrastructure Risk Management Programs

Note: The Cyber and Infrastructure Security Centre (CISC) is currently trialling audits. In Q4, 2024 an audit schedule will be released.

data-security

What happens in the case of non-compliance?

Statutory obligations regarding cyber incident reporting have been live since 2022.

  • There are several penalties available depending on level of non-compliance.
  •  As well as potential reputational damage.

The statutory requirement to have a Critical Infrastructure Risk Management Program became live on 17th August 2023.

  • Entities captured by the SOCI Act without a CIRMP may be in breach of the legislation and subject to financial penalty.

How can we help?

Our team of experts are here to assist in the development of a robust SOCI Act compliance program. We offer a range of services tailored to your needs, including:

  • Compliance Assessment: Evaluate your current infrastructure against SOCI Act requirements.
  • Risk Management Programs: Develop and implement comprehensive and compliant RMPs.
  • Incident Response Planning and Exercising: Prepare your organisation to respond effectively to cyber incidents. Facilitate simulations of an incident.
  • Training and Awareness: Equip your team with the knowledge and skills to maintain compliance and security.
  • Recovery Planning: Prepare disaster recovery plans and business continuity plans

To help you quickly assess your preparedness and identify areas where you may need help, we have created a SOCI Act checklist. Download your guide now or get in touch.

Download SOCI Act Checklist
Graphic of interconnected padlock icons
  • markets

Cyber Security

Read more sur Cyber Security
Train Driver
  • services

Systems Engineering and Safety Assurance

Read more sur Systems Engineering and Safety Assurance
View of buildings against the sky
  • markets

Resilience and Critical Infrastructure

Read more sur Resilience and Critical Infrastructure

Download SOCI ACT Checklist

To download your SOCI Act Checklist, please fill in your details on using the form.

Need more information?

For more information, please get in contact with us. Alternatively, if you wish to keep in touch please hit subscribe.

Contact us
Keep in touch

Check our other activities

Stations and Buildings

Industries

Security and Technology Solutions

Energy and Sustainability

Digital Solutions

Tunnels & bridges

Rail

Urban Transit