Having come to the end of the Australian financial year 2023-2024, the nation’s Cyber and Infrastructure Security Centre (CISC) outlined that the Critical Infrastructure Risk Management Program (CIRMP) Annual Report for this period should be submitted between July 1, 2024, and Sept. 28, 2024, using the Responsible Entity Risk Management Program – Annual Report Form. Additionally, by Aug. 17, 2024, responsible entities are required to establish and maintain a cybersecurity framework under Section 8 of the Security of Critical Infrastructure (SOCI) CIRMP Rules.
On the CIRMP Annual Report compliance, the CISC said “We have conducted a limited series of trial audits with responsible entities in preparation for determining industry compliance with SOCI Act obligations. We found that many entity’s existing processes and procedural documents meet SOCI obligations. However, they had not been packaged into a CIRMP Annual Report.”
It added that there is no need for a responsible entity to repackage, rewrite, or deconstruct existing material. A responsible entity can meet its CIRMP Annual Report obligation by creating an overarching document that references existing internal…
