Understanding the updated SOCI legislation 

Act now to comply with the new SOCI amendments 

The recent updates to the Security of Critical Infrastructure Act (SOCI) bring significant implications for Australian businesses, including those based in New South Wales. It’s crucial to grasp the implications of the amendments and take proactive steps to ensure your compliance.  

NHN Group is here to assist you in navigating these changes effectively. Our veteran security experts can help you audit your business against the updated SOCI requirements and implement new strategies to bring you into compliance.  

Book a consultation with our team today. 

The purpose of the latest SOCI amendments 

The latest amendments to the SOCI 2018 Security of Critical Infrastructure Act accomplish two goals: 

  1. Expand the purview of the Act to encompass a greater number of critical industries 
  2. Require businesses within these industries to adopt new, more stringent security measures and compliance strategies 

Let’s explore what this means in terms of expanded industry coverage, the four security pillars, and the necessary steps for compliance. 

The industries covered by the SOCI 2018 Act amendments 

The original 2018 Security of Critical Infrastructure Act restrained its purview to four critical amenities: gas, electricity, water and ports. The new amendments expand its scope to include 11 more industries.  

The revised list of applicable industries is as follows: 

  1. communications 
  2. data storage or processing 
  3. defence industry 
  4. electricity 
  5. energy 
  6. financial services and markets 
  7. food and grocery 
  8. gas 
  9. health care and medical 
  10. higher education and research 
  11. ports 
  12. space technology 
  13. transport 
  14. water and sewerage 

If you own or operate a business within these industries, you must now assess your operations for vulnerabilities and ensure they safeguard your systems and data against threats. The new legislation defines four categories of risk that you must review. 

Understanding the Four Security Pillars 

The new legislation emphasises four primary areas of security: 

  1. Cyber and Information Security 
    Protecting data and information systems from cyber threats is crucial. Businesses need to implement strong cybersecurity measures, conduct regular security assessments, and update their systems to address new vulnerabilities. 
     
  1. Personnel Security 
    Ensuring that individuals with access to sensitive information or critical systems are properly vetted is key. This includes conducting background checks and providing ongoing security training to mitigate risks from insider threats. 
     
  1. Physical Security 
    Securing physical assets and infrastructure against unauthorised access and natural disasters is essential. This may involve implementing access control systems, surveillance, and other security measures. 
     
  1. Supply Chain and Business Continuity Security 
    Addressing vulnerabilities within the supply chain and developing plans to maintain operations during disruptions are critical. This requires a thorough assessment of suppliers’ security practices and the creation of robust business continuity plans. 

Steps you need to take for SOCI compliance 

Compliance with the SOCI legislation involves a comprehensive approach. You can begin to design a compliance plan using these instructions. 

  1. Cyber and Information Security 
    Deploy up-to-date cybersecurity solutions, conduct penetration testing, and promote cybersecurity awareness among employees. 
     
  1. Personnel Security 
    Carry out detailed background checks and establish ongoing security awareness programs. Consider setting up continuous monitoring for personnel with sensitive roles. 
     
  1. Physical Security 
    Implement and regularly audit access control and surveillance systems. Advanced technologies like biometric access can enhance security measures. 
     
  1. Supply Chain and Business Continuity Security 
    Assess and integrate the security practices of suppliers into risk management plans. Develop detailed business continuity plans to address potential supply chain disruptions. 

Planning and implementing these measures will require a concerted effort. NHN Group has the expertise to ensure your business is brought into perfect compliance with the latest SOCI updates.

Get in touch today to book a consultation with our New South Wales security specialists today.