September 16th, 2024 | Sterling

Top 10 questions talent leaders have about the SOCI ACT 2018

If you have missed our last Sterling LIVE session where we deep-dive into the SOCI legislation August update, you can watch it here.  Read on to find out the top 10 key questions and updates talent leaders need to take note of:

#1 What is the SOCI Act 2018?

Unfamiliar with the SOCI Act? Enacted in 2018, the SOCI Act has undergone subsequent amendments to establish a comprehensive framework for safeguarding Australia’s critical infrastructure which covers 11 sectors in Australia, including transport, education, and financial services. This legislation identifies potential threats to the organisations e.g. personnel hazards, and outlines mitigation strategies specifically designed to combat cyber threats.

#2 Why has the SOCI Act 2018 been amended?

In light of the escalating sophistication and frequency of cyberattacks, the recent expansion of the Security of Critical Infrastructure (SOCI) Act 2018 is a critical and timely measure.

#3 What has changed?

The SOCI Act previously covered the electricity, gas, water, and maritime sectors, but has now been broadened to 11 sectors in Australia:

  1. Communications
  2. Financial services and markets
  3. Data storage and processing
  4. Defence
  5. Higher education and research
  6. Energy
  7. Food and grocery
  8. Healthcare and medical
  9. Space technology
  10. Transport
  11. Water and sewerage

#4 What are the key dates for organisations to take note of?

Organisations must take note of the following key dates to maintain compliance with the requirements of the SOCI Act:

#5 How does CIRMP impact talent leaders?

CIRMP is one of the key security obligations set out under the SOCI Act. The requirement for CIRMP is to identify each potential hazard posing significant risk to a critical infrastructure asset. Talent leaders need to be aware that “Personnel Hazard” is one of the hazards identified which can pose a threat to critical infrastructure assets.

Personnel Hazards encompasses individuals whose actions or inactions could threaten the security and integrity of critical infrastructure. The personnel risk framework to address Personnel Hazards should be addressed and documented by talent managers in CIRMP.

#6 Is every organisation going to be impacted by the Act’s update?

Inclusion within one of the eleven key sectors does not necessarily mean that your organisation must comply to the need for a CIRMP. Nuances exist, such as varying tiers of roles and sensitivity for critical infrastructure, and differing asset class descriptions and tier classifications within sectors like banking and finance, education, healthcare, or water supply and transportation.

#7 What is recommended to mitigate Personnel Hazards?

The SOCI Act requires responsible entities to proactively assess and manage the risk presented by personnel. A background check is one of the recognised and recommended methods to effectively manage personnel risk.

Background checks can help to evaluate an individual’s character, competency, and trustworthiness to determine their suitability and reliability to perform a particular role.

#8 What is a common misconception on personnel risk mitigation?

There is a widespread misconceptions in the market that a standard risk approach or one-size-fits-all screening package is enough to manage or mitigate personnel risk as part of CIRMP.

Effective risk management requires a tailored approach. Organisations should ensure their personnel risk framework aligns with the inherent risks of their industry. For instance, banking and financial services would need to prioritise screening programs that emphasise criminal background checks for fraud, creditworthiness assessments, and employment verification.

Conversely, the risk management framework for personnel in the energy, water, or transportation sectors, such as electricians, plumbers, and drivers, would focus on different areas. This framework might prioritise safety certifications, employment history, and driving record checks.

By implementing a well-designed screening program, organisations can have significant cost savings while minimising unnecessary delays within the screening process.

#9 What should talent leaders take note of when implementing a personnel risk framework?

Organisations with a global workforce, encompassing both local and international employees, necessitate comprehensive global background checks. These checks should ideally cover criminal history, employment verification, and due diligence investigations. To ensure seamless execution across borders, partnering with a screening provider with extensive global capabilities, such as Sterling, is highly recommended.

#10 What if I am still unsure if my organisation is impacted?

With the critical deadline for SOCI Act compliance rapidly approaching:

  • Organisations unsure of their SOCI Act applicability can download us free SOCI Guide to gain a clear understanding.
  • For personalised guidance, reach out to our team today – we are here to assist you in navigating the SOCI Act to help protect your organisation.

This content is offered for informational purposes only. First Advantage is not a law firm, and this content does not, and is not intended to, constitute legal advice.  Information in this may not constitute the most up-to-date legal or other information.

Readers of this content should contact their attorney or lawyer to obtain advice concerning any particular legal matter.  No reader, or user of this content, should act or refrain from acting on the basis of information in this content without first seeking legal advice from counsel or lawyers in the relevant jurisdiction.  Only your individual attorney or legal advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation.  Use of, and access to, this content does not create an attorney-client relationship between the reader, or user of this presentation and First Advantage.