Loading

SOCI Act 2018 for food and grocery

​The legal obligations you have if you own, operate, or have direct interests in critical infrastructure assets are outlined in the Security of Critical Infrastructure Act 2018 (the SOCI Act). The SOCI Act also outlines how the government can support you if an incident occurs that impacts your critical infrastructure asset. 

If you own a critical food and grocery asset, you need to comply with the following regulatory obligations:

  • Notify your third-party data storage or processing provider that the provider is storing or processing business critical data for a critical infrastructure asset.
  • Provide operational and ownership information to the Register of Critical Infrastructure Assets.
  • Report cyber incidents.
  • Adopt, maintain and comply with a written critical infrastructure risk management program.

If your asset is a System of National Significance, you may also need to meet Enhanced Cyber Security Obligations.

The SOCI Act also includes Government Assistance measures. These measures outline how the government can help industry respond to cyber security incidents. These measures only apply to incidents that will cause serious harm to Australia’s prosperity, national security, or defence.

Food and grocery critical infrastructure assets

Critical food and grocery assets include networks that are both:

  • used for the distribution or supply of essential food or groceries; and
  • owned or operated by an entity that is a critical supermarket retailer, food wholesaler, or grocery wholesaler.

In consultation with industry, the definition has been refined through the Security of Critical Infrastructure (Definitions) Rules (LIN 21/039) 2021 to specify that these assets are:

  • Woolworths Group
  • Coles Group
  • Aldi
  • Met​cash.