Rules Mate

Comply with SOCI Positive Security Obligation (PSO) per sector

Sector-specific cyber + risk obligations under SOCI Part 2.

criticalcurrentongoing

Who must comply

Responsible entities for captured CI assets.

What triggers it

Designation under SOCI.

When due

Continuous; periodic attestation.

Evidence required

PSO implementation evidence; CIRMP; board attestation.

Max penalty

Civil penalties; ministerial direction powers under Part 3A

Summary

Captured sectors include energy, communications, financial services, data storage/processing, defence, education, food, water, healthcare, space technology, transport. Sector-specific PSOs apply via subsidiary rules.

Enforced by

Source legislation

Topics

socicyber

Related obligations

Frequently asked questions

Who must comply with SOCI Positive Security Obligation (PSO) per sector?
Responsible entities for captured CI assets.
What triggers SOCI Positive Security Obligation (PSO) per sector?
Designation under SOCI.
When is SOCI Positive Security Obligation (PSO) per sector due?
Continuous; periodic attestation.
What is the maximum penalty for SOCI Positive Security Obligation (PSO) per sector?
Civil penalties; ministerial direction powers under Part 3A
What evidence is required for SOCI Positive Security Obligation (PSO) per sector?
PSO implementation evidence; CIRMP; board attestation.

Source: https://cisc.gov.au/legislation-regulation-and-compliance/critical-infrastructure-risk-management-program. Rules Mate is not a law firm. Always verify against the live regulator source before acting.