The Minister for Home Affairs has issued, for consultation, draft Risk Management Program (RMP) requirements under the Security of Critical Infrastructure Act (Cth) 2018 (SOCI Act). Part 2A of the SOCI Act requires entities to adopt and maintain an RMP in relation to their critical infrastructure assets. Once the draft Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 22/018) 2022 come into effect, RMP obligations under the SOCI Act will be switched on.
The draft Rules propose:
- responsible entities will be required to plan for a range of hazards relating to physical and technical security, personnel and supply chain issues and natural hazards; and
- entities must adopt an independent IT security standard or equivalent framework (such as ISO 27001 or the Australian Cyber Security Centre’s Essential Eight Maturity Model.
Organisations impacted by the Rules should consider making a submission or participating in virtual town hall events.
Application of RMP Rules
The Minister proposes to switch on the RMP Rules for the following asset classes of “critical infrastructure assets”:
What is a Risk Management Plan (RMP)?
An…
