footer-logo
Get Started
Login

Compliance and Reporting

Preparing for the Critical Infrastructure Security Bill

The SOCI Act in 2023

Understanding the new compliance regulations for critical industries

What is the SOCI Act?

The Security of Critical Infrastructure Act (SOCI Act) regulates the security and resilience of critical infrastructure in Australia and has recently been amended to include a swathe of new sectors.

Companies affected have been given a six-month window to achieve compliance, ending on August 17, 2023. With this deadline fast approaching, you’ll need to begin actioning the requirements, or you’ll will be facing financial penalties for non-compliance.

Key Critical Infrastructure Industries

As part of the healthcare and medical sector, disability providers are now included under the SOCI Act’s critical infrastructure regulations.

Requirements:

  • Create and maintain a critical infrastructure Risk Management Program (RMP)
  • Register critical assets and report any cybersecurity events

Also part of an industry in the healthcare and medical sector, aged care providers are now affected by the SOCI Act’s compliance regulations.

Requirements:

  • Create and maintain a critical infrastructure Risk Management Program (RMP)
  • Register critical assets and report any cybersecurity events

Under the SOCI Act, a company is considered part of the energy and resources sector if it involves:

  • The production, transmission, distribution, or supply of electricity.
  • The production, processing, transmission, distribution, or supply of gas.
  • The production, processing, transmission, distribution, or supply of liquid fuel.

So, if your company fits those criteria, then you need to:

  • Register critical assets and report any cybersecurity events
  • Devise a Risk Management Program (RMP)

Under the SOCI Act, the financial services and markets sector includes companies in:

  • Insurance
  • Banking
  • Superannuation
  • Financial markets
  • Clearing and settlement facilities
  • Derivative trade repositories
  • Financial benchmarks
  • Payment systems
  • Credit facilities

So, if your company fits those criteria, then you need to:

  • Register critical infrastructure assets
  • Complete mandatory cyber incident reporting
  • Create a Risk Management Plan (RMP)

In the education sector, the SOCI Act affects higher education providers—in other words, universities. A university will be considered a critical education asset if it’s owned or operated by an entity that is registered as an Australian university on the National Register of Higher Education Providers.

Requirements for critical education assets:

  • Register critical infrastructure assets
  • Complete cyber incident reporting
  • Create a Risk Management Plan (RMP)

Under the SOCI Act’s critical infrastructure, utility providers must now comply with new regulations which require them to:

  • Create and maintain a critical infrastructure Risk Management Program (RMP)
  • Register critical assets and report any cybersecurity events

Does your sector need to conform to the SOCI Act?

  • Communications
  • Data storage or processing
  • Financial services and markets
  • Water and sewerage
  • Energy
  • Health care and medical
  • Higher education and research
  • Food and grocery
  • Transport
  • Space technology
  • Defence

What is your responsibility?

What is your responsibility?

The Bill requires owners of certain assets to “adopt, maintain and comply with” an all-hazards critical infrastructure risk management program. Impacted owners operate across multiple sectors including communications, transport, financial services, defence, higher education, energy, health care, water and sewerage.

According to a breakdown of the new laws by, “all-hazards” includes physical security hazards, natural hazards, cyber and information security hazards, supply chain hazards, and (crucially), personnel hazards.

The Bill requires asset owners to create a risk management program that includes a risk identification process, a risk management process for each material risk to an asset that will minimise or eliminate the risk, and a process for reviewing the program. A Critical Asset Register (CAR) includes people risk; the threat of employees, contractors and other personnel exploiting a physical or IT vulnerability.

How we can help

Prepare a risk management plan

Service your SOCI screening requirements

Provide monitored compliance oversight

Provide supply chain monitored compliance oversight

Real measurable business outcomes you can expect

  • Ongoing proactive workforce compliance management
  • Business process improvements
  • Reduced administration
  • Reduced complexity
  • Successful collaboration across organisations & supply chain
  • Report on exceptions across staff and supply chain
  • Restrict physical access to assets if non-compliant
Find Out More

Industry Insights

See how organisations across Australia are meeting the requirements of the SOCI Act.
Read More
Protecting
your privacy
Accredited, Secure
and trusted
Australian-based
support team
Safeguarding
your data

Experienced & trusted compliance services provider

Here’s why more than 26,000 businesses trust CVCheck to manage their employee screening 

Trusted and secure

Government Accredited

CVCheck is accredited by the Australian Criminal Intelligence Commission and has been providing police checks since 2007.

Experts in Screening

CVCheck is a founding member of the APAC Council of the Professional Background Screening Association.

HRD Award 2020

Award-Winning Service

Recognised as a leader in Pre-Employment Screening & Psychometric Assessments at the HRD Service Provider Awards.

ISO 27001 Certified

CVCheck is ISO 27001 certified, so you can have complete confidence in how data is handled and managed.

Pursuing Excellence

CVCheck is a member of The RegTech Association and proud to be advocating the adoption of regulatory technology.

Prioritising Data Security

Rest assured that your personal information is kept secure and protected under Australia’s privacy laws.

Leah Egginton

SENIOR CLIENT EXECUTIVE
As our key client executive working with organisations across Australia to meet the compliance requirements of the SOCI Act, Leah will work with you to implement and meet the right screening and compliance for your industry and organisation. Leveraging 22 years of experience in Australia’s workforce screening and compliance sector, Leah’s wealth of knowledge makes her one of the most commendable executives working with Kinatico customers.
Book a Call with Leah

Issa Maimoun

SENIOR CLIENT EXECUTIVE

Issa works with the vast majority of Kinatico customers looking to meet the requirements of the SOCI Act. His experience working with different stakeholders within each organisation has resulted in our top tier clients adopting the right screening and compliance solutions to fit seamlessly within their existing workforce management processes.

Book a Call with Issa

Request a Call Back From Our Team

CVCheck logo white
Rss Facebook-f Linkedin-in Twitter Youtube Instagram
New Zealand flag
Go to CVCheck New Zealand

Copyright © 2023 Kinatico Ltd

Privacy Policy
Terms of Access

Watch the business demo

See why 26,000+ employers, recruiters & talent acquisition teams trust CVCheck for their background screening needs.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Business user demo only. If you’re an individual needing help to complete your checks, click here.