Comply with SOCI Positive Security Obligation (PSO) per sector
Sector-specific cyber + risk obligations under SOCI Part 2.
Who must comply
Responsible entities for captured CI assets.
What triggers it
Designation under SOCI.
When due
Continuous; periodic attestation.
Evidence required
PSO implementation evidence; CIRMP; board attestation.
Max penalty
Civil penalties; ministerial direction powers under Part 3A
Summary
Captured sectors include energy, communications, financial services, data storage/processing, defence, education, food, water, healthcare, space technology, transport. Sector-specific PSOs apply via subsidiary rules.
Enforced by
Source legislation
Topics
Related obligations
- CWLTHReport cyber security incidents to ASD (SOCI)Critical infrastructure asset operators must report critical incidents within 12 hours and other incidents within 72 hours.
- CWLTHAdopt and maintain a Critical Infrastructure Risk Management Program (CIRMP)Covered critical infrastructure entities must adopt a CIRMP addressing cyber, physical, personnel, and supply-chain hazards.
- CWLTHGovernment cyber incident reporting via ASD ACSCFederal entities + critical infrastructure report cyber incidents to ASD ACSC.
- CWLTHComply with APRA CPS 234 (Information Security)APRA-regulated entities must maintain information security capability commensurate with the size and extent of threats.
- CWLTHAdopt Essential Eight Maturity Level 2 (federal subcontractors)Federal government contractors handling OFFICIAL: Sensitive must meet Right Fit For Risk (RFFR) including E8 ML2.
- CWLTHRegister as a responsible entity / direct interest holder under SOCICaptured critical-infrastructure assets must be registered with Home Affairs.
Frequently asked questions
- Who must comply with SOCI Positive Security Obligation (PSO) per sector?
- Responsible entities for captured CI assets.
- What triggers SOCI Positive Security Obligation (PSO) per sector?
- Designation under SOCI.
- When is SOCI Positive Security Obligation (PSO) per sector due?
- Continuous; periodic attestation.
- What is the maximum penalty for SOCI Positive Security Obligation (PSO) per sector?
- Civil penalties; ministerial direction powers under Part 3A
- What evidence is required for SOCI Positive Security Obligation (PSO) per sector?
- PSO implementation evidence; CIRMP; board attestation.
Source: https://cisc.gov.au/legislation-regulation-and-compliance/critical-infrastructure-risk-management-program. Rules Mate is not a law firm. Always verify against the live regulator source before acting.