AWS Advanced Tier PartnerISO 9001:2015 CertifiedISO 27001:2022 Certified
Book Free Review →
For SOCI Act-Captured Critical Infrastructure

SOCI Critical Infrastructure on AWS, CIRMP, Cyber Incident Reporting, Risk Management

Build a SOCI-aligned AWS workload with documented Critical Infrastructure Risk Management Programs (CIRMP), 72-hour incident notification readiness, and ransomware payment reporting. Including 2024 SOCI amendments covering data storage systems.

Book Free SOCI Review →Download SOCI + AWS Mapping
AWS Advanced Tier Partner
Google Cloud Partner
RedHat Partner
Google Cloud Partner
ISO 27001:2022 Certified
ISO 9001:2015 Certified
SOCI Act 2018Expanded Nov 2025

Data storage systems are now in scope.

11
Sectors
72h
Incident Notify
Annual
Board Attestation
$50M
Max Penalty
The 2024 SOCI amendments brought data storage systems into scope. Most existing CIRMPs don't cover them yet.— Security of Critical Infrastructure Act 2018 (Cth)
Expanded scope
Nov 2025
The Problem We Solve

The 2024 SOCI amendments expanded the regime. Your CIRMP needs to keep up.

01, DATA STORAGE SCOPE

The 2024 SOCI amendments brought our data storage systems into scope, our CIRMP doesn't cover them yet.

Data storage systems supporting critical infrastructure assets are now expressly captured. Most existing CIRMPs predate this and need urgent updates.

02, INCIDENT NOTIFICATION

We need 72-hour cyber incident notification to ASD with workflows that won't fail in a real incident.

Part 2B of SOCI requires notification within 72 hours of becoming aware of an incident with relevant impact. Most teams haven't tested the workflow end-to-end.

03, BOARD ACCOUNTABILITY

Annual board attestation requires evidence we don't have organized, and ransomware payment reporting adds another reporting obligation.

Cyber Security Act 2024 added ransomware payment reporting (in force May 2025). Directors face Corporations Act duty-of-care exposure if CIRMP isn't approved and reviewed quarterly.

What You'll Get

From SOCI scope-uncertainty to board-attestable, in three streams.

Stream A · Assessment

Scope of Work

  • SOCI sector classification + asset scope determination
  • CIRMP gap assessment (including 2024 data storage amendments)
  • Cyber incident notification workflow review (72h)
  • Ransomware payment reporting readiness
  • Essential Eight Maturity Level alignment baseline
Stream B · Deliverables

Deliverables

  • SOCI-aligned AWS reference architecture
  • Updated CIRMP covering all in-scope assets
  • 72-hour incident notification runbook (ASD-routed)
  • Ransomware payment reporting workflow
  • AWS Audit Manager evidence framework
  • Annual board attestation evidence package
Stream C · Timeline

Timeline

  • Assessment: 2-3 weeks
  • Implementation: 8-12 weeks (depends on CIRMP scope)
  • Pre-engagement scope determination call (free)
  • Quarterly board reporting cadence support
  • Annual SOCI refresh option
  • Founder-led delivery throughout
Past Engagement Outcomes

What SOCI readiness looks like in practice

Indicative outcomes from engagements with SOCI Act-captured entities (data storage providers, healthcare operators, financial services, communications) achieving CIRMP readiness on AWS.

100%
CIRMP coverage including data storage
<72h
Tested incident notification workflow
Annual
Board attestation evidence ready
ML2
Essential Eight maturity baseline
Built on Certified Foundations

Mapped to SOCI, ASD, and Essential Eight expectations.

AWS Advanced TierISO/IEC 27001:2022ISO 9001:2015SOCI Aligned

Our ISO 27001:2022 certification covers ~70% of CIRMP control intent. We deploy AWS GuardDuty, Security Hub, and Inspector for vulnerability management, with EventBridge → SNS for ASD 72-hour notification automation, and AWS Backup with immutable copies for ransomware defence.

Mini Case Study

How an Australian data storage provider achieved CIRMP readiness in 10 weeks

An Australian SaaS company providing data storage services to critical infrastructure entities (hospitals, energy utilities) was captured by the November 2024 SOCI amendments. Their existing CIRMP predated the data storage scope expansion and needed urgent update before their next ASD compliance review.

We started with a 2-week assessment confirming SOCI sector classification (data storage) and mapping their existing AWS controls to the updated CIRMP requirements. Implementation took 8 weeks, deploying Audit Manager with a custom SOCI evidence framework, automating the 72-hour notification workflow via EventBridge, and adding immutable backup copies for ransomware defence.

The team passed their ASD compliance review with zero critical findings. The CIRMP framework now also covers their adjacent obligations under the Cyber Security Act 2024 (ransomware payment reporting).

We thought SOCI was a check-the-box exercise. HAZERCLOUD turned it into actual operational resilience, we caught two real incidents during the chaos exercises that we'd have missed otherwise.— CISO · Australian Data Storage Provider (anonymized)

Outcomes

CIRMP scope updatedComplete
Engagement duration10 wks
ASD review statusPassed
Notification SLA tested<72h
Essential Eight MLML2
Read the full case study
Engagement Options

Predictable scope. Practitioner-led. SOCI-current.

Two stages. Most engagements include the Cyber Security Act 2024 ransomware reporting workflow as part of CIRMP implementation.

Stage 01

SOCI Readiness Assessment

  • SOCI sector + asset scope determination
  • CIRMP gap analysis (2024 amendments included)
  • Incident notification workflow review
  • Ransomware payment reporting readiness check
  • Essential Eight maturity baseline assessment
Start with assessment →
Stage 02

SOCI Implementation

  • Updated CIRMP for all in-scope assets
  • AWS GuardDuty + Security Hub configuration
  • 72-hour incident notification automation
  • Immutable backup architecture for ransomware defence
  • Annual board attestation framework
  • Quarterly reporting cadence support
Book scoping call →
FAQ

SOCI questions critical infrastructure leaders ask first.

Sector classification uncertainty? Annual board attestation requirements? Book a call and we'll work through your specific situation.

Book Free SOCI Review →
Are we in SOCI scope? The 11 sectors are broadly defined.+
SOCI covers communications, data storage and processing, financial services, energy, food and grocery, health and medical, higher education and research, space technology, transport, water and sewerage, and the defence industry. The exact boundaries depend on asset class definitions and Ministerial designations. Our assessment includes a scope determination memo so you have evidence-backed clarity, not guesswork.
How do the 2024 SOCI amendments affect our existing CIRMP?+
The Enhanced Response and Prevention Act 2024 brought data storage systems supporting critical infrastructure into express scope. If your existing CIRMP only covered "primary" assets (e.g., the energy distribution system) but not the supporting databases or backup systems, it likely needs expansion. We map your existing CIRMP to the updated scope and identify the gaps.
What's the difference between SOCI and APRA CPS 230?+
CPS 230 applies to APRA-regulated entities (banks, insurers, super funds). SOCI applies to critical infrastructure across 11 sectors, broader scope, different authority. An APRA-regulated entity that's also critical infrastructure (e.g., a major bank) faces both. We map controls to satisfy both standards from one architecture, avoiding duplicate work.
How does Essential Eight relate to SOCI compliance?+
Essential Eight is the practical control baseline most SOCI entities use to meet CIRMP technical obligations. Maturity Level 2 is a common procurement-driven floor. SOCI doesn't mandate Essential Eight specifically, but ASD's expectations and most internal CIRMP frameworks reference it. Our SOCI engagements include Essential Eight ML2 baseline as default.
What's the ransomware payment reporting threshold?+
Cyber Security Act 2024 requires reporting entities (entities above $3M turnover or SOCI-captured) to report ransomware payments to the Department of Home Affairs and ASD. Reporting is required within 72 hours of payment. Reported information cannot be used against you for enforcement. We integrate the reporting workflow into the CIRMP incident response runbook.
How does SOCI interact with the Cyber Security Act 2024?+
Cyber Security Act 2024 adds ransomware payment reporting (in force May 2025), Cyber Incident Review Board, and IoT security standards (in force March 2026). SOCI provides the underlying CIRMP framework; Cyber Security Act adds adjacent reporting obligations. Our framework integrates both.
Jobin Joseph, Founder & CTO of HAZERCLOUD
Jobin Joseph
Founder & CTO
AWS SA ProDevOps ProSecurity+2
Verify on Credly ↗
Who You'll Actually Work With

This engagement runs through me, personally.

The AWS-certified specialist on your discovery call leads the implementation team on your engagement. No bait-and-switch. No junior-led delivery.

Discovery call: I attend, no exceptions
Architecture sign-off: before any work begins
Weekly review: I'm on every call, every week
Material decisions: go through me first
Deliverable sign-off: my signature, my reputation
30 days post-handoff: direct line to me
Read more about Jobin and the engagement model
SOCI
Ready for SOCI-aligned AWS architecture?

30 minutes with our founder. Sector + scope clarification.

Whether you're confirming SOCI scope, updating an existing CIRMP for the 2024 amendments, or scoping ransomware payment reporting workflows, we'll work through your specific situation and recommend the next concrete step.

Book Free SOCI Review →Download SOCI + AWS Mapping

AWS Advanced Tier Services Partner · ISO 27001:2022 · ISO 9001:2015 · 5× AWS-Certified Founder