Home Affairs (SOCI)

Cyber and Infrastructure Security Centre — Department of Home Affairs

Administers the Security of Critical Infrastructure Act 2018 — registration, risk management programs, and mandatory cyber incident reporting for critical infrastructure assets.

Website↗

Obligations enforced

Enforcement actions tracked

Scope topics

Obligations enforced by Home Affairs (SOCI) (7)

criticalCWLTH
Comply with SOCI Positive Security Obligation (PSO) per sector
Sector-specific cyber + risk obligations under SOCI Part 2.
criticalCWLTH
Comply with Standard Business Sponsor obligations (482 + 494)
Business sponsors of 482 / 494 visas must meet labour market testing, equivalent terms + record-keeping.
criticalCWLTH
Report cyber security incidents to ASD (SOCI)
Critical infrastructure asset operators must report critical incidents within 12 hours and other incidents within 72 hours.
criticalCWLTH
SoNS — Systems of National Significance (SOCI)
Declared SoNS face enhanced cyber security obligations.
highCWLTH
Adopt and maintain a Critical Infrastructure Risk Management Program (CIRMP)
Covered critical infrastructure entities must adopt a CIRMP addressing cyber, physical, personnel, and supply-chain hazards.
highCWLTH
Register as a responsible entity / direct interest holder under SOCI
Captured critical-infrastructure assets must be registered with Home Affairs.
highCWLTH
Verify work rights via VEVO before employment
Employers must verify visa work rights via VEVO before hiring non-citizens.

Recent Home Affairs (SOCI) enforcement

Scope topics

socicritical-infrastructureincident-reportingrisk-management-program

Parent legislation

security of critical infrastructure act 2018

Source: regulator's own website. Rules Mate links and summarises — we don't republish full statutory text.