Critical Infrastructures, Are You Ready for the CISC Audits? (Here’s What You Need to Know)

If you’re a critical infrastructure, I would hope that you’ve heard of the Security of Critical Infrastructure Act 2018 (SOCI). But I want to make sure you’re aware of some imminent deadlines that will impact your organisation:?

?

• Compliance Deadline: You need to adopt a Critical Infrastructure Risk Management Program (CIRMP) by 18 August 2024.?

?

• Designated Frameworks: You must ensure compliance with a designated cyber security framework (or an equivalent framework) by the same deadline.?

?

• Annual Report Requirements: You must prepare an annual report including an attestation by the board. Submit this within 90 days of the end of the financial year (or by 28 September of every year, 2024 included).?

?

• Regulatory Posture Transition: Are you aware of the Cyber and Infrastructure Security Centre’s (CISC) shift to a firmer compliance regulatory posture???

?

The SOCI’s Mission?

By doing so the SOCI aims to:?

• Safeguard Australian’s critical infrastructure from significant threats?
• Outline the legal responsibilities of entities owning or operating critical infrastructure?
• Clarify government assistance measures in case of grave cyber security incidents?

?

Do you need to comply? Yes, if you are in any of these sectors:?

1. Communications?
2. Financial services and markets?
3. Data storage and processing?
4. Defence?
5. Higher education and research?
6. Energy?
7. Food and grocery?
8. Healthcare and medical?
9. Space technology?
10. Transport?
11. Water and sewerage?

?

Trial Audits in Effect?

In the third and fourth quarters of FY23-24, the CISC undertook a series of trial audits. These will measure industry compliance with SOCI Act obligations; their outcomes will guide the regular compliance audit activities in FY24-25.?

?

Critical infrastructure entities in Queensland need to act fast! Here are four simple steps I recommend you follow:?

?

1. Understand the SOCI Act: Familiarise yourself with the key provisions and requirements of the Act.?
2. Identify your obligations: Determine how the Act specifically impacts your entity.?
3. Prepare for the audit: Develop a compliance plan. Conduct internal audits to ensure you are meeting obligations.?
4. Seek professional advice: Engage with GDRC experts to make sure you’re on the right track.?

?

Remember, these audits are there to secure our future. By complying with the SOCI Act, we become part of the collaborative effort to protect our country.??

?

I invite you to review the best practices for securing your critical infrastructure outlined in ADITS’ new article: Emergency Response & Cyber Security: Ensuring Continuity for Critical Infrastructure in Queensland.?