September 16th, 2024 | Sterling
Top 10 questions talent leaders have about the SOCI ACT 2018
If you have missed our last Sterling LIVE session where we deep-dive into the SOCI legislation August update, you can watch it here. Read on to find out the top 10 key questions and updates talent leaders need to take note of:
#1 What is the SOCI Act 2018?
Unfamiliar with the SOCI Act? Enacted in 2018, the SOCI Act has undergone subsequent amendments to establish a comprehensive framework for safeguarding Australia’s critical infrastructure which covers 11 sectors in Australia, including transport, education, and financial services. This legislation identifies potential threats to the organisations e.g. personnel hazards, and outlines mitigation strategies specifically designed to combat cyber threats.
#2 Why has the SOCI Act 2018 been amended?
In light of the escalating sophistication and frequency of cyberattacks, the recent expansion of the Security of Critical Infrastructure (SOCI) Act 2018 is a critical and timely measure.
#3 What has changed?
The SOCI Act previously covered the electricity, gas, water, and maritime sectors, but has now been broadened to 11 sectors in Australia:
- Communications
- Financial services and markets
- Data storage and processing
- Defence
- Higher education and research
- Energy
- Food and grocery
- Healthcare and medical
- Space technology
- Transport
- Water and sewerage
#4 What are the key dates for organisations to take note of?
Organisations must take note of the following key dates to maintain compliance with the requirements of the SOCI Act:
#5 How does CIRMP impact talent leaders?
CIRMP is one of the key security obligations set out under the SOCI Act. The requirement for CIRMP is to identify each potential hazard posing significant risk to a critical infrastructure asset. Talent leaders need to be aware that “Personnel Hazard” is one of the hazards identified which can pose a threat to critical infrastructure assets.
Personnel Hazards encompasses individuals whose actions or inactions could threaten the security and integrity of critical infrastructure. The personnel risk framework to address Personnel Hazards should be addressed and documented by talent managers in CIRMP.
#6 Is every organisation going to be impacted by the Act’s update?
Inclusion within one of the eleven key sectors does not necessarily mean that your organisation must comply to the need for a CIRMP. Nuances exist, such as varying tiers of roles and sensitivity for critical infrastructure, and differing asset class descriptions and tier classifications within sectors like banking and finance, education, healthcare, or water supply and transportation.
#7 What is recommended to mitigate Personnel Hazards?
The SOCI Act requires responsible entities to proactively assess and manage the risk presented by personnel. A background check is one of the recognised and recommended methods to effectively manage personnel risk.
Background checks can help to evaluate an individual’s character, competency, and trustworthiness to determine their suitability and reliability to perform a particular role.
#8 What is a common misconception on personnel risk mitigation?
There is a widespread misconceptions in the market that a standard risk approach or one-size-fits-all screening package is enough to manage or mitigate personnel risk as part of CIRMP.
Effective risk management requires a tailored approach. Organisations should ensure their personnel risk framework aligns with the inherent risks of their industry. For instance, banking and financial services would need to prioritise screening programs that emphasise criminal background checks for fraud, creditworthiness assessments, and employment verification.
Conversely, the risk management framework for personnel in the energy, water, or transportation sectors, such as electricians, plumbers, and drivers, would focus on different areas. This framework might prioritise safety certifications, employment history, and driving record checks.
By implementing a well-designed screening program, organisations can have significant cost savings while minimising unnecessary delays within the screening process.
#9 What should talent leaders take note of when implementing a personnel risk framework?
Organisations with a global workforce, encompassing both local and international employees, necessitate comprehensive global background checks. These checks should ideally cover criminal history, employment verification, and due diligence investigations. To ensure seamless execution across borders, partnering with a screening provider with extensive global capabilities, such as Sterling, is highly recommended.
#10 What if I am still unsure if my organisation is impacted?
With the critical deadline for SOCI Act compliance rapidly approaching:
- Organisations unsure of their SOCI Act applicability can download us free SOCI Guide to gain a clear understanding.
- For personalised guidance, reach out to our team today – we are here to assist you in navigating the SOCI Act to help protect your organisation.
This publication is for informational purposes only and nothing contained in it should be construed as legal advice. We expressly disclaim any warranty or responsibility for damages arising out this information. We encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.