Draft rules which will switch on obligations relating to Critical Infrastructure Risk Management Programs under the SOCI Act are now open for consultation.
The Minister for Home Affairs has issued, for consultation, draft Risk Management Program (RMP) requirements under the Security of Critical Infrastructure Act (Cth) 2018 (SOCI Act). Part 2A of the SOCI Act requires entities to adopt and maintain an RMP in relation to their critical infrastructure assets. Once the draft Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 22/018) 2022 come into effect, RMP obligations under the SOCI Act will be switched on.
The draft Rules propose:
- responsible entities will be required to plan for a range of hazards relating to physical and technical security, personnel and supply chain issues and natural hazards; and
- entities must adopt an independent IT security standard or equivalent framework (such as ISO 27001 or the Australian Cyber Security Centre’s Essential Eight Maturity Model.
Organisations impacted by the Rules should consider making a submission or participating in virtual town hall events.
Application of RMP Rules
The Minister…
