The Security of Critical Infrastructure Act 2018 (SOCI Act) includes the Critical Infrastructure Risk Management Programme (CIRMP) as a key element. Starting 1 July 2024, responsible entities must submit their initial CIRMP Annual Report by 28 September 2024. This report will comprehensively outline the cyber and information security framework for the financial year 2024-2025.
Entities must adhere to the cyber and information security framework requirements by 17 August 2024. Following the CIRMP requirements, organisations strengthen the resilience and security of critical infrastructure, safeguard national interests, and boost public trust in essential services.
Entities must incorporate a strong cyber and information security framework within their CIRMP. This framework must outline the processes that manage risks and the security measures that comply with the SOCI Act. Deputy Secretary Hamish Hansford emphasised that thorough risk assessment protocols and incident response strategies are required by the framework to protect critical infrastructure. During the Town Hall on 30 July 2024, Hansford stated, “The cyber and information security framework is critical in ensuring that all aspects of risk management are covered comprehensively.”
The CIRMP Annual Report should demonstrate that it adheres to the stipulations set forth by the SOCI Act. The comprehensive documentation of cybersecurity measures, comprehensive risk assessments, and effective mitigation strategies are essential. The report must discuss any incidents or near-misses and detail the measures implemented to mitigate vulnerabilities. This requirement ensures clarity and responsibility in managing significant infrastructure risks.
The SOCI Act underscores the significance of upholding a regulatory compliance stance that includes following designated security standards and practices. The compliance stance requires organisations to consistently revise risk management approaches, adapt to shifts in the threat environment, and maintain continuous alignment with the evolving stipulations of the SOCI Act. The Town Hall focused on this crucial aspect and underscored the importance for organisations to remain aligned with regulatory expectations.
The CIRMP greatly improves cybersecurity within the public sector by fostering a culture of proactive risk management. Organisations must systematically evaluate and tackle vulnerabilities, which in turn minimises the chances of cyber incidents that could interfere with critical services.
The Cyber and Infrastructure Security Centre (CISC) assists and directs organisations as they implement and comply with the Critical Infrastructure Risk Management Programme (CIRMP). The CISC acknowledges the necessity of delivering prompt support to accountable organisations to ensure they can manage risks effectively and uphold the resilience of essential infrastructure assets. The CISC urges responsible entities to proactively connect with the Centre if they foresee challenges in meeting CIRMP requirements.
The CISC states, “Proactive engagement with our team ensures that responsible entities can develop a comprehensive forward plan for achieving compliance.” Engaging with the CISC at an early stage allows organisations to collaborate effectively and craft customised solutions and strategies to navigate compliance challenges. This method prompts actions and executes essential steps to adhere to timelines and uphold compliance with regulations.
Public Spectrum is the first knowledge-sharing platform in Australia to embrace the entire public sector. This website is a platform where you can connect, collaborate, empower, inspire, and upskill with public sector professionals.
Today’s Pick
19th Social Media For Gov
October 30, 2024
11th Annual Aus Goverment Data Summit
April 1, 2025
7th Annual NZ Government Data Summit
May 5, 2025
Subscribe
We send emails,
but we do not spam
Join our mailing list to be on the front lines of healthcare , get exclusive content, and promos.
AI appointment Australia Australian boosts business businesses covid-19 cyber cyber attack cybersecurity cyber security data data breach data management defence Digital Education employment enhances Featured Leader fraud funding government grants Healthcare infrastructure Innovation Lockdown new zealand NSW NZ online Procurement Public Sector queensland renewable energy scams Social Media Technology telecommunications vaccine victoria WA Workplace
Last Viewed