Commonwealth Consolidated Acts Commonwealth Consolidated ActsScope
(1) This section applies if, during a period (the relevant period ) that consists of the whole or a part of a financial year:
(a) an entity was the responsible entity for one or more critical infrastructure assets; and
(b) the entity had a critical infrastructure risk management program that applied to the entity.
Annual report
(2) The entity must, within 90 days after the end of the financial year, give:
(a) if there is a relevant Commonwealth regulator that has functions relating to the security of those assets--the relevant Commonwealth regulator; or
(b) in any other case--the Secretary;
a report that:
(c) if the entity had the program at the end of the financial year--includes whichever of the following statements is applicable:
(i) if the program was up to date at the end of the financial year--a statement to that effect;
(ii) if the program was not up to date at the end of the financial year--a statement to that effect; and
(d) if a hazard had a significant relevant impact on one or more of those assets during the relevant period--includes a statement that:
(i) identifies the hazard; and
(ii) evaluates the effectiveness of the program in mitigating the significant relevant impact of the hazard on the assets concerned; and
(iii) if the program was varied during the financial year as a result of the occurrence of the hazard--outlines the variation; and
(e) is in the approved form; and
(f) if the entity has a board, council or other governing body--is approved by the board, council or other governing body, as the case requires.
Civil penalty: 150 penalty units.
(3) A report given by an entity under subsection (2) is not admissible in evidence against the entity in civil proceedings relating to a contravention of a civil penalty provision of this Act.