
Security of Critical Infrastructure Compliance
Supporting Critical Infrastructure to Meet the Moment
The Security of Critical Infrastructure Act requires operators across energy, water, health, data, transport, and other essential sectors to:
- Identify and manage material risks
- Protect against cyber, personnel, supply chain and physical hazards
- Maintain a fit-for-purpose Critical Infrastructure Risk Management Program (CIRMP)
- Report annually to the Department of Home Affairs
- Comply with Positive Security Obligations and, where applicable, Enhanced Cyber Security Obligations
Escalate Consulting helps you meet these obligations while embedding a more mature, effective risk and resilience posture across your organisation.
Our SOCI Compliance & Capability Framework
We deliver structured support across all key components of the SOCI Act:
CIRMP Development & Integration
- Develop and document your Critical Infrastructure Risk Management Program
- Align with the “all hazards” model: cyber, personnel, supply chain, physical and natural hazards
- Integrate with existing enterprise risk, continuity and emergency frameworks
- Structure governance and assurance processes around Board oversight and reporting
- Prepare for audits and regulator engagement
Risk Identification & Mitigation
- Identify material risks that could impact asset functionality or safety
- Conduct risk workshops with key functions and leadership
- Support risk treatment design and alignment to “reasonably practicable” standards
- Establish clear thresholds for risk acceptance, escalation and incident classification
Business Continuity & Resilience Uplift
- Align your Business Continuity Planning program to SOCI requirements
- Conduct Business Impact Analyses to confirm critical functions and interdependencies
- Define recovery timeframes and resilience objectives
- Deliver testing programs that validate continuity and crisis arrangements
- Ensure that continuity is not just documented but executable
Supply Chain Resilience
- Map material dependencies and third-party arrangements
- Identify risks introduced by external service providers and key vendors
- Support uplift of procurement, assurance, and contractual controls
- Develop or refine your Service Provider Management and Material Outsourcing frameworks
Annual Reporting & Board Assurance
- Develop templates and procedures for Board-approved annual reporting
- Create governance packs and executive dashboards to track SOCI compliance
- Prepare narrative reports for submission to the Department of Home Affairs
- Support presentation and endorsement at Risk and Audit Committees
Simulation Exercises & Readiness Testing
- Facilitate scenario-based testing to validate continuity and CIRMP responses
- Include multi-hazard scenarios (e.g., cyber + physical + supply chain)
- Deliver After Action Reviews and support continuous improvement
- Help your teams build confidence and clarity in real-world activation
Your Outcomes
Why Escalate Consulting?
- Experienced Across Sectors – Supporting energy, utilities, health, financial services, government and more
- Practical Approach – We design plans and programs that actually work under pressure
- Integrated Capability – Deep expertise across continuity, crisis, cyber, operational risk, and supply chain
- Board-Ready Documentation – Professional outputs that satisfy internal and external scrutiny
- Not Just Advice—Implementation – We stay with you through design, delivery, training, and assurance

