Expanded rules to the Security of Critical Infrastructure Act (the SOCI Act) may catch many businesses unaware. The Act came into effect on 8 April 2022 with a grace period of three months, ending on 8 July 2022.
The expanded rules include the mandatory reporting of cyber security incidents to the Australian Cyber Security Centre (ACSC) by regulated entities under Part 2b of the SOCI Act. Within these organisations, if you become aware that a critical cyber security incident has occurred or is occurring, AND the incident has had, or is having, a significant impact on the availability of your asset, you must notify ACSC within 12 hours after you become aware of the incident. If you become aware that a cyber security incident has occurred or is occurring, AND the incident has had, is having, or is likely to have, a relevant impact on your asset, you must notify ACSC within 72 hours after you become aware of the incident.
In the information provided by the Cyber and Infrastructure Security Centre, the SOCI Act now applies to 11 critical infrastructure sectors:
The SOCI Act has three essential security obligations that can be activated at different times for particular sectors. Certain entities will be required to:
The importance of data and cyber security has never been as crucial as it is now. With statistics of over 67,500 cybercrimes reported to ACSC during the 2020-21 financial year, up 13% from the prior year, these numbers are expected to increase again when the 2021-22 report is released. The time to act is now! Make sure to implement an Incident Response Plan today and test this regularly as it’s no longer a case of if but when.
Introducing Lawcadia’s powerful automation engine, Lawcadia Intelligence™. Highly configurable, no-code automation and logic-based workflows, with a unique plug-in architecture to support new functionality and ease of systems integrations.
Discover the power of possibilities.
Transform your legal operations with the award-winning, two-sided intelligent platform built for in-house legal teams and their law firms with legal intake & triage, matter management, workflow automation, spend management, collaboration and customisable reporting.