System maintenance

​​​​​​​​​​SOCI Compliance - Upcoming Form Changes​

The Cyber and Infrastructure Security Centre (CISC) is committed to listening to industry feedback and ensuring our regulatory web forms are clear and easy to use.

We have prepared updates to our Security of Critical Infrastructure Act 2018 (SOCI Act) regulatory web forms.

We have made these changes based on industry feedback that a single update to web forms each year is preferred. By committing to one update each year, we can provide certainty to industry about what information they need to report. The changes will address common issues with completed forms and improve functionality and the user experience. They will also include additional help text and clarify what information we require.

We have outlined the changes we have made to the SOCI Act Part 2 Register of Critical Infrastructure Assets web forms and the SOCI Act Part 2A Critical Infrastructure Risk Management Program (CIRMP) annual report web form below.

The web form updates do not change or alter reporting obligations under the SOCI Act. The CISC has no ability to extend deadlines or grant exemptions. If you submit a form outside of the prescribed timeframes, this may result in compliance and enforcement action. Further guidance on timeframes for submitting Asset Register and/or CIRMP web forms is available on the CISC website.

Register of Critical Infrastructure Assets Forms

We will update the asset registration forms to include new drop down menus in a number of questions. They will also include additional text boxes to allow for further explanation on why assets are critical. We have also introduced more helpful tips throughout the forms to help you complete them.

We will apply the update to the asset registration forms from 21 March 2025 to 6 April 2025. During this period you will not be able to save forms as draft. If you need to complete a form, you must complete and submit the form in one session.

This form update will not change or alter reporting obligations. Entities must still meet the legislated timeframes for registering new assets or updating existing registration regardless of the draft function being temporarily unavailable.

Registering a new asset form

• Responsible Entity of a Critical Infrastructure Asset registration form
• Direct Interest Holder of a Critical Infrastructure Asset registration form

Changing the registration of an existing asset form

• Responsible Entity: Notification of change to an existing registration on the Register of Critical Infrastructure Assets
• Direct Interest Holder: Notification of change to an existing registration on the Register of Critical Infrastructure Assets

CIRMP Annual Reporting Form

We will update the CIRMP Annual Reporting form on 7 April 2025. The next reporting period for the 2024-25 financial year commences from 1 July 2025.

We have:

• included new questions
• clarified existing questions
• added help text along the way to support entities to complete the form.

We have included some additional questions to assist industry with assessing their maturity. This includes:

• whether assurance activities where performed during the reporting period
• the type of asset that the risk management plan covers
• what the highest priority risks for the entity are, including how often these risks are assessed, and whether supply chain risk is considered.

The next annual reporting period covers the period 1 July 2024 until 30 June 2025. The reports will be due between 1 July and 28 September 2025.

CIRMP Annual Reporting form

• Responsible Entity Risk Management Program - Annual Report

Contact us!

If you have any questions email enquiries@cisc.gov.au

To stay up to date with the latest news and advice, follow CISC on Twitter and LinkedIn.

Join the Trusted Information Sharing Network (TISN). Find more information on our webpage Trusted Information Sharing Network.

If you are interested in joining the TISN, complete the application form.