Comply with SOCI Positive Security Obligation (PSO) per sector
Sector-specific cyber + risk obligations under SOCI Part 2.
Who must comply
Responsible entities for captured CI assets.
What triggers it
Designation under SOCI.
When due
Continuous; periodic attestation.
Evidence required
PSO implementation evidence; CIRMP; board attestation.
Max penalty
Civil penalties; ministerial direction powers under Part 3A
Summary
Captured sectors include energy, communications, financial services, data storage/processing, defence, education, food, water, healthcare, space technology, transport. Sector-specific PSOs apply via subsidiary rules.
Enforced by
Source legislation
Topics
Source: https://cisc.gov.au/legislation-regulation-and-compliance/critical-infrastructure-risk-management-program. Rules Mate is not a law firm. Always verify against the live regulator source before acting.