Site Search Site Search

Loading Results

Where to get started

Complying with Australia’s critical infrastructure reforms

Has your organisation mapped it out?

There are lots of things for captured entities to consider to ensure they comply with Australia’s critical infrastructure regime. To help navigate the maze, we’ve prepared a checklist of key considerations to help ensure your entity hits the mark.


Model

YesNo
Do you have a map of your organisation’s critical assets (informational, physical and digital), systems and supply chain?
Do you know where your valuable data is stored and how is it stored?
Are your business continuity planning, infrastructure schemas and other information assets important to business resumption stored and protected appropriately?
Do you know who your critical suppliers are?
Do you have adequate oversight of your supply chain and suppliers?
Do you understand the threat environment?
Have you got productive information exchanges with industry peers and local, state and federal authorities?

Assets

YesNo
Do you know what your most valuable and business-critical assets are?
Have you identified single points of failure and critical dependencies?
Do you know what your crown jewels are as it comes to organisational data?
Do you know how this data is secured?
Are your physical assets adequately secured?

People

YesNo
Do you know who your business-critical personnel are?
Do you know who has access to your critical assets and data?
Do your people present a security threat?
Do you properly vet business-critical staff?
Do you appropriately vet suppliers of critical services?

Processes

YesNo
Does your organisation have up-to-date business continuity and risk management plans?
Does your organisation have a strong security culture?
Does your organisation regularly patch systems?
Do you have a password policy, are passwords changed regularly and are all staff required to undertake basic cyber training?

Execution

YesNo
Do you fix vulnerabilities quickly when they are detected?
Do you map vulnerabilities, when they were remedied and how they were remedied?
Do you fill process gaps when they are identified?
Do you have appropriate policies to ensure employees know their obligations?

Delivery

YesNo
Have you made sure your organisation is meeting all its reporting obligations under Australia’s critical infrastructure laws?
Can your organisation illustrate it is taking reasonable steps to mitigate threats and bolster its security?
How prepared are you for the requirements?
Complete the questions above

Reach out to the team at PwC.

Our experts can help your organisation identify risks, meet its reporting obligations and become more secure.

Related content

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Policy and that you consent to our processing data in accordance with the Privacy Policy (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Robert Di Pietro

Partner, Lead of Cyber Security, PwC Australia

Tel: +61 418 533 346

Linkedin Follow Contact form
Hide