Meeting the requirements of the Security of Critical Infrastructure Act 2018 Cth (SOCI Act)— including Positive Security Obligations (PSOs) and Enhanced Security Obligations (ESOs) — can be complex, especially given how performance of the obligations has impacts across the enterprise – affecting how companies manage areas indirectly related to cyber security such as personnel, physical and supply chain risk management.
A successful approach starts with clear stakeholder mapping and strong executive sponsorship to align security and business priorities. Understanding who the obligations apply to — from technical teams to business leaders — is key to building an effective, compliant security program.
Connect with our SOCI experts to ensure your organisation achieves resilience and compliance.
We've developed checklists, practical approaches and a timeline to clarify what needs to be in place before your next attestation date—whether under Risk Management Program (RMP) Rules or Enhanced Cybersecurity Obligations (ECSO's). Our tailored solutions span penetration testing, business continuity planning, and risk management alignment to help you meet compliance requirements efficiently.
Risk Management Program Attestation
On 28th September 2025 a large segment of organisations captured by the legislation will be required to attest to the effectiveness of their risk management practices. This annual obligation requires that entities review their risk management programs.
