See What Foreign Software Is Running in Your Environment
Contact Us
833-292-7732
Back to Blogs Back to Press Releases
Australian federal government - SOCI Act of 2018
September 11, 2024
Informative

How to Stay Compliant with the Now-Enforceable SOCI Act

Table of Contents

Text Link

How to Stay Compliant With the Now-Enforceable SOCI Act

The Security of Critical Infrastructure Act (SOCI), introduced by the Australian federal government in 2018, outlines the obligations for any organisation involved in critical infrastructure. With the grace period for the Critical Infrastructure Risk Management Program (CIRMP) ending on 17 August 2024, your organisation may now be required to comply with this enforceable regulation.

What Is the SOCI Act?

The SOCI Act provides a framework for managing risks related to critical infrastructure assets. If you own, operate, or are involved in critical infrastructure, this could impact you.

Are You Affected?

If your organisation handles any of the following critical infrastructure assets, you’re required to implement and maintain a written CIRMP:

  • Broadcasting
  • Domain Name Systems
  • Data storage or processing
  • Electricity
  • Energy market operator
  • Gas
  • Liquid fuels
  • Financial market infrastructure (Payment Systems only)
  • Food and grocery
  • Hospitals
  • Freight infrastructure
  • Freight Services
  • Water

Your Regulatory Obligations

To stay compliant, you must:

Identify hazards that pose material risks to your critical infrastructure assets.

  • Minimise or eliminate these risks.
  • Mitigate the impact of such hazards.

In addition, your organisation is required to submit an annual report on your CIRMP. The first board-approved report must be submitted by 28 September 2024. If your organisation has a governing body, it must approve the report before submission.

Are You in an Impacted Sector?  

Beyond critical infrastructure, the SOCI Act also affects organisations in various sectors. You must ensure compliance if you operate within:

  • Communications
  • Financial services and markets
  • Data storage or processing
  • Defence industry
  • Higher education and research
  • Energy
  • Food and grocery
  • Health care and medical
  • Space technology
  • Transport
  • Water and sewerage  

If your organisation is in one of these sectors, you're required to report cyber incidents, maintain a written risk management program, and register with the Federal Register of Legislation.

Resources for Compliance

Beyond SOCI: Strengthening Your Cybersecurity

Even if SOCI doesn't directly apply to you, building a risk management program is a smart move. Identifying and mitigating risks is key to a resilient cybersecurity strategy.

ThreatLocker helps organisations stay SOCI-compliant by offering a free Software Health Report. This report reveals what’s running in your environment and helps mitigate risks like shadow IT, foreign software, and unpatched vulnerabilities.

As a Zero Trust endpoint protection platform, ThreatLocker secures your environment with application allowlisting, ringfencing, endpoint privilege management, network controls, and data storage protection. ThreatLocker also supports compliance with frameworks like Essential Eight, Cyber Essentials, HIPAA, and NIST.

To learn more about how ThreatLocker can fortify your defences, book a demo or sign up for a free trial today.

Recent Posts
What is a C&C Command?
September 18, 2024
Danny Jenkins Accepted Into Forbes Technology Council
September 12, 2024
ThreatLocker Hosts UCF’s Award-Winning Hacking Team
September 9, 2024
Get a Free Software Audit From ThreatLocker®