Build implementation templates around the fields that change the answer: connectable-product scope, manufacturer and supplier duties, statement of compliance evidence, ransomware report content, notice response, and SOCI overlap.
This page translates official Act and Rules requirements into record structures for product, security, legal, compliance, and incident-response teams. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation.
Structured answer sets in this page tree.
Cited legal and guidance references.
Use these templates as field lists for Australia Cyber Security Act implementation records. Each template is grounded in the Cyber Security Act 2024, the Smart Devices Rules, the Ransomware Payment Reporting Rules, and SOCI sources where critical-infrastructure overlap matters.
The scope intake should decide whether the product is a relevant connectable product and whether the consumer-grade smart-device security standard applies. Keep enough product evidence to show the route into or out of scope, not just a yes-or-no answer.
The statement template should mirror the Rules and keep a linked evidence pack that a manufacturer, supplier, reviewer, or regulator can test against the security standard.
The ransomware report template should separate reportability, 72-hour timing, known facts, reasonable search status, and the actual report payload. It should also record whether SOCI Part 2B status creates a reporting-business-entity route.
Notice-response templates should be tied to the smart-device obligations in sections 15 and 16. Capture what the notice says, what action is within the entity's control, what evidence must be produced, and whether independent review is available.
The Cyber Security Act template set should include a SOCI overlap record because ransomware reporting can apply through responsible-entity status for a critical infrastructure asset to which SOCI Part 2B applies, and the Act preserves other Commonwealth information-reporting duties.
Use this guide to convert smart-device, ransomware, notice, SOCI overlap, and recordkeeping fields into owners, evidence requests, and review tasks inside Sorena.
Turn template fields into scoped questions, evidence requests, and assigned reviews.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, statement evidence, ransomware reporting records, and SOCI overlap with Sorena.
"the amount of turnover threshold for a business for the previous financial year is $3 million"
"actions consumers are recommended to consider taking"
"Information provided by an entity under this Part does not affect any other requirement of the entity to provide that information"
"Application of Part 2B of the Act"
"critical infrastructure risk management program"
"Part 2B-Notification of cyber security incidents"