The SOCI Act puts risk-management-program obligations on owners and operators of critical infrastructure — cyber-incident readiness, supply-chain hazard management, annual board sign-off. Regulator expectations are rising faster than most asset operators' security tooling.
Served via existing lanesRisk-management program · supply-chain hazards · board sign-off
Frameworks on the engine serving this vertical
Read from the live catalogue at build time — a framework that is not live on the engine never renders here. Depth is badged per framework: consultant-grade only where we go deepest (ISM/IRAP, Essential Eight), Tier-A breadth everywhere else.
Licence-gated catalogues carry control IDs and CyberSentien's own labels only — the full standard text requires your licence and is never reproduced.
Depth today — stated honestly
Honest position: there is no dedicated SOCI catalogue on the engine yet. The risk-management-program obligations are served through the lanes above — Essential Eight maturity, ISM control depth, NIST CSF functions, CIS Controls (licence-gated) and a third-party risk register for supply-chain hazards. Where an obligation is not covered, the posture says so instead of shading it green.
The global angle
The SOCI Act is Australian, and there is no dedicated SOCI catalogue on the engine yet — this page says so rather than shading it green. The lanes serving the obligations mix Australian depth (Essential Eight, ISM) with internationally used instruments — NIST CSF 2.0, CIS Controls v8 — exactly as live on the catalogue.
See it on the real engine
Run the frameworks above against synthetic sample documents now, or tell us where you sit and we'll send a gated, revocable demo link.