SOCI AcT Compliance /
Protect your organisation with a structured approach to the SOCI Act, OT cybersecurity, and modern critical infrastructure risk management.
Our solutions help operators achieve compliance, improve resilience, and reduce operational risk across industrial environments.
Security of Critical infrastructure /
Your operational technology is now a target – not just a tool. Critical infrastructure is facing increasing cyber threats and operational disruption risks. In response to these growing threats, the SOCI Act has been introduced to strengthen national resilience and uplift security obligations across essential services. Without clear governance and a structured approach to risk, organisations can be exposed across cyber, physical, personnel, and supply chain domains.
To address these challenges, organisations must establish governance frameworks aligned to national critical infrastructure requirements. This includes clearly defined accountability, integration of SOCI obligations into enterprise risk management, and the development of defensible compliance strategies.
Tier16 advantage/
We help strengthen the security and resilience of critical infrastructure assets across three interconnected domains. Each domain and its sub-components play a critical role in securing your complex environments, and by strengthening each component, we reinforce the entire system. This holistic approach to cybersecurity and resilience integrates people, process, and technology to deliver measurable, sustainable protection.
Governance and Policy /
Establishes the foundation for managing operational technology (OT) environments through clear governance structures, policies, and standards. This includes supporting risk assessment and CIRMP requirements to ensure consistent oversight, compliance, and effective management of critical infrastructure risks:
- OT Security Program Management
- CIRMP Management
- Risk Assessment and Management
- OT Governance Framework
- OT Policies and Standards
- CIRMP Reporting
security and architecture /
Strengthens protection and visibility across OT environments through secure architecture design, access and identity management, logging and monitoring, vulnerability management, third-party security oversight, and incident response to detect, manage, and respond to threats effectively:
- Access and Identity Management
- OT Architecture
- Security Logging and Monitoring
- Vulnerability Management
- Third Party Security
- Incident Response
Asset Management /
Ensures strong visibility and control across operational technology (OT) environments by maintaining accurate asset inventories and mapping relationships between systems. Supports the full asset lifecycle. Disaster recovery planning is also incorporated to ensure operational continuity and resilience:
- Asset Inventories
- Asset Relationships
- Assets Lifecycles
- Change Management
- Configuration Management
- Disaster Recovery
soci COMPLIANCE delivery services/
We deliver end-to-end OT security services designed to protect industrial environments and ensure SOCI compliance in practice. This includes OT cybersecurity architecture design, threat detection, secure remote access, and incident response capabilities tailored to operational technology environments. We also provide OT audits, SOCI gap assessments, and industrial cybersecurity assessments to validate your security posture and identify compliance gaps before they become regulatory or operational risks.
soci gap assessment /
We assess your organisation’s current security and risk posture against SOCI Act obligations to identify compliance gaps, vulnerabilities, and priority uplift areas. This gives you a clear, evidence-based roadmap to achieve regulatory readiness and reduce exposure to enforcement or operational risk.
cIRmp And Risk framework design /
Our approach provides a tailored Critical Infrastructure Risk Management Program (CIRMP) aligned with SOCI requirements, integrating cyber, physical, and supply chain risk into a single structured framework. This enables consistent, auditable risk decision-making and strengthens resilience across industrial operations.
Compliance Governance /
We design and implement SOCI-aligned compliance governance structures supported by practical, operational policies that define clear roles, responsibilities, and decision-making authority. This ensures regulatory obligations are consistently embedded into day-to-day operations, improving accountability, audit readiness, and executive oversight.
incident response and reporting /
This service develops and refines incident response and SOCI-mandated reporting processes to ensure rapid, compliant handling of cyber and operational disruptions. This reduces response time, limits business impact, and ensures statutory notification requirements are met with confidence.
AESCSF AssesSment
We assess your cybersecurity maturity against the Australian Energy Sector Cyber Security Framework (AESCSF) to benchmark current capabilities and identify improvement priorities. This provides a structured pathway to strengthen cyber resilience aligned with sector expectations and best practice.
ongoing soci support
With continuous SOCI advisory and compliance support we keep your organisation aligned with evolving regulatory requirements and threat landscapes. This ensures sustained compliance, improved resilience, and ongoing readiness for audits, incidents, and regulatory change.
OT software asset management /
This SOCI delivery services framework is underpinned by a comprehensive OT Asset Assessment, which establishes whether and how SOCI obligations apply to your organisation and critical infrastructure assets.
Complete visibility of the operational technology environment is achieved through structured asset discovery and classification services. This includes identifying all OT systems and devices, mapping interdependencies across critical infrastructure networks, and maintaining an accurate, continuously validated asset inventory.
This foundational understanding reduces unknown risk, strengthens compliance accuracy, and enables effective decision-making across SOCI compliance and CIRMP aligned risk management and OT cybersecurity programs.
enabling & Defending Australia's critical Infrastructure /
Forward-looking organisations are starting to manage OT software as a living, strategic asset. Do not miss the chance to join Rheinhardt Peens for an in-depth session on how industrial organisations are transforming the way they manage their OT software. By invitation from the Electric Energy Society of Australia, he will present at Engineers Australia Perth on 27 May 2026. Read more
Compliance is not just about checking a box. The organisations that get it right don’t rush to document everything before an audit – they build software asset governance into daily operations. They keep their software and tools continuously aligned to support reliable, resilient facilities. That’s what sets them apart. Read more
Tier16 was engaged by an integrated energy company operating generation, wind, and storage assets to support compliance with Australia’s Security of Critical Infrastructure (SOCI) Act and alignment with the Australian Energy Sector Cyber Security Framework (AESCSF). Read more
Our comprehensive approach, goes beyond assessment, design, implementation and support. We take a holistic approach to cyber security and resilience covering aspects around people, process and technology. Download below:
SOCI ACT & OT SECURITY - faq/
What is SOCI Act?
The Security of Critical Infrastructure (SOCI) Act 2018 is Australian legislation designed to protect critical infrastructure assets by requiring operators to identify, manage, and report risks that could impact national security, essential services, or economic stability. It establishes mandatory obligations for risk management, cyber security preparedness, and incident reporting across key sectors such as energy, water, transport, health, and communications. The SOCI Act has been updated several times, with the most recent amendments in 2025/2026 further strengthening Australia’s critical infrastructure security and resilience obligations in response to evolving and increasingly sophisticated threats.
What are SOCI obligations?
SOCI obligations are the legal requirements placed on operators of critical infrastructure under the Security of Critical Infrastructure Act 2018 to identify, manage, and report risks that could impact essential services or national security. These include implementing a Critical Infrastructure Risk Management Program (CIRMP), maintaining up-to-date asset registers, complying with cyber security incident reporting timeframes, and meeting government directions or information-sharing requirements when requested.
What are the benefits of CIRMP?
The critical infrastructure risk management program (CIRMP) is the core compliance mechanism under the SOCI Act. CIRMP implementation under the SOCI Act strengthens an organisation’s ability to systematically identify, assess, and manage cyber, physical, and supply chain risks across critical infrastructure assets. It improves resilience, reduces the likelihood and impact of disruptive incidents, and ensures compliance with mandatory regulatory requirements.
It also provides clearer governance and accountability for risk decisions, enabling better executive visibility and more consistent, audit-ready reporting. Over time, it helps organisations move from reactive incident response to proactive risk management and continuous improvement.
Why Tier16 for Security of Critical Infrastructure?
We support critical infrastructure operators across the energy, mining, defence, and industrial sectors in securing and modernising complex operational environments, including control systems, SCADA platforms, and distributed infrastructure assets.
In partnership with Astra Cyber, we deliver integrated capability across industrial cybersecurity and operational resilience.
Our expertise in IT/OT convergence and industrial systems architecture enables organisations to improve visibility, strengthen resilience, and maintain secure, reliable operations in increasingly connected and regulated environments.
securing critical infrastructure /
We are proud to partner with Astra Cyber to go beyond regulatory compliance – delivering a holistic approach to building resilience that helps your business thrive, adapt quickly, and consistently deliver value for long-term success.