Critical Infrastructure Risk Management Program Turns Two: How to Strengthen the Annual Review, Board Engagement, and Enterprise Risk Integration

Update: 2025-08-14

Description

Two years on from the introduction of the Critical Infrastructure Risk Management Program (CIRMP) under the SOCI Act, what have we learned — and where do we go next?

In this episode, Pentagram Advisory explores how organisations can use the annual CIRMP review and Board-approved report to strengthen governance, integrate SOCI-related security risks into their Enterprise Risk Management Framework, and build resilience that goes beyond compliance.

We discuss practical steps for improving Board oversight, closing the gap between operational insights and strategic decisions, and embedding CIRMP into everyday risk management. Whether you’re a security leader, risk manager, or Board member, this conversation offers actionable insights to ensure your CIRMP drives value for your organisation.

Based on our article CIRMP turns Two: Strengthening Annual Review, Board Oversight, and Risk Integration.

Comments

In Channel

When Trust Breaks, Free Will Decides: How the Psychological Contract Shapes Insider Threat and Cyber Security Compliance

2025-09-2212:07

Countering Foreign Interference: Insider Threat Programs For Australia’s Critical Infrastructure

2025-09-0911:55

ESG and the Human Factor: Why personnel security must be a core feature of ESG strategy

2025-09-0613:57

Foreign Interference - Iran in Australia

2025-09-0319:24

Foreign Interference: China interfering in Australia, and in your workplace

2025-08-2918:57

Clorox - Cognizant: Insider Threat in the Supply Chain

2025-08-2109:32

Critical Infrastructure Risk Management Program Turns Two: How to Strengthen the Annual Review, Board Engagement, and Enterprise Risk Integration

2025-08-1415:06

Returning to the Office: Managing Insider Threats During Organisational Transition

2025-08-0714:33

Building a Trusted Workforce – Managing Human Risk with Purpose

2025-07-2011:27

Maturity Model for the Critical Infrastructure Risk Management Program

2025-07-1011:03

Pentagram First Anniversary - Celebrating a Year of Collaboration

2025-06-2311:55

In the National Interest – Transport Workers Union Militancy and Insider Threat

2025-06-1030:09

Australian Government Recognises the Need for Insider Threat Programs

2025-06-0214:09

Modernising Australia’s Transport Security: Meeting the Threats of Tomorrow

2025-05-2712:16

Insider Threat at Canberra Hospital: a Case Study in Critical Infrastructure Security in the Health Sector

2025-05-2206:12

Board responsibilities for approving the risk management program annual report under the Security of Critical Infrastructure Act 2018: What directors need to know

2025-05-1213:25

In the National Interest - Critical Infrastructure as a National Security Priority

2025-05-0449:32

Observing the absence of usual or the presence of unusual: a new lens on insider threat reporting

2025-04-2412:17

Insider Threat: The Trusted Worker with Ideological Challenges

2025-04-2209:03

Foreign Interference and Critical Infrastructure: Australia's National Security Challenge

2025-04-0716:46

00:00

1.0x

Critical Infrastructure Risk Management Program Turns Two: How to Strengthen the Annual Review, Board Engagement, and Enterprise Risk Integration

#box-pro-ellipsis-175873165214011{-webkit-line-clamp:2;}Critical Infrastructure Risk Management Program Turns Two: How to Strengthen the Annual Review, Board Engagement, and Enterprise Risk Integration

Critical Infrastructure Risk Management Program Turns Two: How to Strengthen the Annual Review, Board Engagement, and Enterprise Risk Integration

Pentagram Advisory

Critical Infrastructure Risk Management Program Turns Two: How to Strengthen the Annual Review, Board Engagement, and Enterprise Risk Integration