Rules Mate

Guidance

Critical Infrastructure Risk Management Program (CIRMP)

SOCI Pt 2A: CIRMP development + annual board attestation.

In plain English

This guidance explains the Critical Infrastructure Risk Management Program, including development and annual board confirmation.

The Critical Infrastructure Risk Management Program applies to entities identified as critical infrastructure. They must develop a risk management program. This program must be reviewed and updated. The board must annually attest to the program's adequacy. More information is available on the CISC website.

Why it matters

If your business is considered critical infrastructure, this program helps manage risks. It ensures your operations remain secure and reliable. Failing to comply could impact your business’s ability to operate.

governancendbprivacy

AI-assisted summary, grounded in the source link below. Generated 2026-05-23 via gemma3:12b.

Issuing regulator

HOME-AFFAIRS-SOCI

Topics


Source: https://cisc.gov.au/legislative-information-and-reforms/critical-infrastructure. Rules Mate indexes + summarises; always verify against the regulator's live publication.