As organisations grapple with the complexities of the Security of Critical Infrastructure (SOCI) Act, it's clear that many are facing significant challenges ensuring compliance.
Attendees to a ReadiNow Roundtable discussion (held 24th October 2024 at the ReadiNow Innovation Centre) comprising of five critical sectors highlighted key issues and shared insights. Due to the recent impacts into the SOCI landscape there are new challenges arising with varying levels of impact across entity business functions.
Below are the key challenges identified, assessment of business functions impacted most, and a reflection on the changes anticipated going forward with maintaining compliance.
The most pressing challenge identified was resource and expertise constraints; Many organisations lack the dedicated staff or specialised knowledge needed to fully address the requirements of the SOCI Act. Several factors could contribute to this, such as changes in roles among asset holders, the intake of new assets, or the identification of additional risks. The complexity of the asset classes an organisation manages also adds to the challenge as each requires a careful analysis of both critical and networked assets.
Cybersecurity and incident reporting have become focal points, necessitating improved readiness to respond to crises and determining events as reportable or not. Engaging with third parties adds another layer of complexity, as many organizations are finding it necessary to hire full-time staff to manage these critical relationships.
Organisations also struggle with continual compliance and monitoring, highlighting the need for ongoing gap analysis and updates to asset registers. Change management issues further complicate these efforts, as integrating new staff into SOCI-related roles proves to be a challenge.
The impact of compliance efforts has reverberated through various business functions. The Legal, Risk, and Compliance sector has seen the largest changes, followed closely by IT and Operations. IT departments are enhancing their cybersecurity readiness, while operations teams must adapt to the evolving landscape of compliance.
There’s a growing need for executives and board members to be educated about their roles in ensuring compliance with the SOCI Act. Understanding how industrial actions might affect SOCI-related assets is becoming increasingly important as well.
When asked about changes to the SOCI Act that could have the greatest impact, attendees pointed to changes to regulator reporting as the top priority, with expanding definitions and modifications to data management practices also ranking highly. The anticipated reforms, including a formal audit program and updates to asset registration processes, signal a shift toward greater enforcement, emphasising the need for robust education and awareness initiatives.
Assessing preparedness for future SOCI requirements revealed a mixed picture. While 56% of organisations rated their readiness as high, there is recognition that significant change management will be necessary. Continuous improvement of existing plans and proactive engagement with both board members and frontline staff are crucial steps in fostering a culture of compliance.
As organisations face the ongoing challenges and changes to the SOCI act, be it through indirect legislation and mandates here are four essential actions for driving success:
Contact us today to learn how we can assist you in navigating the complexities of the SOCI Act and strengthening your compliance strategy!
ReadiNow’s no-code process automation platform is uniquely positioned to help organisations both meet, maintain their compliances with SOCI in both an efficient and effective manner. By providing scalable, out-of-the-box solutions tailored for framework specific compliance mandates and more, ReadiNow enables regulated institutions to automate their processes and maintain strong compliance culture. With ReadiNow, organisations can quickly move from implementation to embedding, ensuring ongoing compliance with the SOCI Act. We look forward to hosting further sessions into the future and hope to see you there.
For entities interested in information regarding assistance to the CISC we recommend contacting the outreach and engagement team of the CISC:
Government Assistance (cisc.gov.au)
For information regarding ReadiNow’s Cyber Management and Security of Critical Infrastructure Solution:
ReadiNow SOCI Module
Future Proof your Organisation With AI-powered Solutions (readinow.com).
Suite 202, Level 2
55 Clarence Street
Sydney NSW 2000
Call Us: 1800 153 153
Email Us: sales@readinow.com
No Comments Yet
Let us know what you think