New Australian Risk Legislation deep-dive: Managing your critical infrastructure with sub-contractors and personnel
At a glance
Risk management regulations are now in place for organisations owning or operating critical infrastructure. The Security and Resilience of Critical Infrastructure (SOCI) Act requires those entities responsible for managing defined critical infrastructure to develop and endorse a Critical Infrastructure Risk Management Program (CIRMP) for assets covered by the regulations. This article explores managing the risk across stakeholder groups.
Handling risk profiles outside of owners and operators
Who’s paying for what?
Collaboration and information exchanges are critical to assess the risk level in your supply chain accurately. A commercial agreement that was put in place before introducing the new regulations may no longer stack up. Does the usual compliance with law provisions extend far enough? Are the administrative costs of collating and handing over the relevant information, participating in risk assessments, or changing the nature of the services being provided?
Information exchange, collaboration and rethinking commercial and operational terms and conditions should be undertaken using a reasonably practicable approach. Resetting current commercial arrangements, entering future agreements or undertaking due diligence during acquisition will require considering how those who contribute to the ongoing operation of a critical asset will play their part in the continuing security and resilience.