🇦🇺 Live Medical Devices & Diagnostics

Security of Critical Infrastructure Act 2018

Imposes security obligations on operators of critical infrastructure assets in Australia, including risk management programs, incident reporting, and government assistance measures. Covers sectors such as energy, communications, transport, and financial services.

View official source document

10

Rules extracted

32

Obligations decomposed

3.2x

Avg obligations per rule

🇦🇺 Australia

Jurisdiction

About this regulation

This source covers Parts 1-6A of the SOCI Act: objects and definitions, critical infrastructure asset register, positive security obligations (critical infrastructure risk management programs), cyber security incident reporting obligations, directions and information gathering powers, government assistance (last resort powers), and enhanced obligations for systems of national significance. The Act applies to responsible entities across 11 critical infrastructure sectors.

What AuditDSS covers

Source

1

Regulation

Extracted

10

Rules

Decomposed

32

Obligations

3.2x

Decomposition ratio

Each rule is decomposed into an average of 3.2 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 32 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in SOCI Act 2018 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
Security of Critical Infrastructure Act 2018
Regulatory body
Cyber and Infrastructure Security Centre
Jurisdiction
🇦🇺 Australia
Document type
primary-legislation
Effective date
April 2, 2022
Issuing authority
Australian Government (Department of Home Affairs / CISC)
Industry
Medical Devices & Diagnostics
Official source
View source document ↗

Who this applies to

responsible entities for critical infrastructure assets

Key requirements

  • asset register
  • risk management program
  • cyber incident reporting (12h/72h)
  • enhanced obligations for systems of national significance

Frequently asked questions about SOCI Act 2018

What is SOCI Act 2018?
This source covers Parts 1-6A of the SOCI Act: objects and definitions, critical infrastructure asset register, positive security obligations (critical infrastructure risk management programs), cyber security incident reporting obligations, directions and information gathering powers, government assistance (last resort powers), and enhanced obligations for systems of national significance. The Act applies to responsible entities across 11 critical infrastructure sectors.

Who does SOCI Act 2018 apply to?
SOCI Act 2018 applies to responsible entities for critical infrastructure assets.

How many obligations does SOCI Act 2018 contain?
AuditDSS has decomposed SOCI Act 2018 into 32 atomic obligations from 10 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of SOCI Act 2018?
The key requirements include: asset register, risk management program, cyber incident reporting (12h/72h), enhanced obligations for systems of national significance.

How can I assess my SOCI Act 2018 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 32 SOCI Act 2018 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces SOCI Act 2018?
SOCI Act 2018 is enforced in Australia by Cyber and Infrastructure Security Centre.

When did SOCI Act 2018 come into effect?
SOCI Act 2018 became effective on April 2, 2022.

What industry does SOCI Act 2018 apply to?
SOCI Act 2018 is primarily relevant to the Medical Devices & Diagnostics industry. AuditDSS covers 64 regulations in this industry sector.

Build a SOCI Act 2018 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for SOCI Act 2018 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering SOCI Act 2018 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine SOCI Act 2018 with other regulations into a single unified compliance pack for your business.

Build SOCI Act 2018 compliance pack

Already have a policy? Assess it against SOCI Act 2018

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 32 obligations

Your document is scored against every obligation in SOCI Act 2018. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Medical Devices & Diagnostics

🇺🇸 Live

Anti-Kickback Statute

38 rules, 1,238 obligations
🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

TGA Act 1989

13 rules, 199 obligations
🇦🇺 Live

Model WHS Act

10 rules, 41 obligations

Assess your SOCI Act 2018 compliance

Upload your document and get a risk-scored gap analysis against 32 SOCI Act 2018 obligations in under 5 minutes.

Start assessment Browse all regulations