Commonwealth Consolidated Acts Commonwealth Consolidated ActsAdoption of program
(1) If an entity is the responsible entity for one or more critical infrastructure assets, then, in deciding whether to adopt a critical infrastructure risk management program, the entity must have regard to such matters (if any) as are set out in the rules.
Civil penalty: 200 penalty units.
(2) Subsection (1) does not limit the matters to which the responsible entity may have regard.
Review of program
(3) If:
(a) an entity is the responsible entity for one or more critical infrastructure assets; and
(b) the entity has adopted a critical infrastructure risk management program that applies to the entity;
then, in reviewing the program in accordance with section 30AE, the entity must have regard to such matters (if any) as are set out in the rules.
Civil penalty: 200 penalty units.
(4) Subsection (3) does not limit the matters to which the responsible entity may have regard.
Variation of program
(5) If:
(a) an entity is the responsible entity for one or more critical infrastructure assets; and
(b) the entity has adopted a critical infrastructure risk management program that applies to the entity;
then, in deciding whether to vary the program, the entity must have regard to such matters (if any) as are set out in the rules.
Civil penalty: 200 penalty units.
(6) Subsection (5) does not limit the matters to which the responsible entity may have regard.
Rules
(7) Rules made for the purposes of subsection (1), (3) or (5):
(a) may be of general application; or
(b) may relate to one or more specified critical infrastructure assets.
Note: For specification by class, see subsection 13(3) of the Legislation Act 2003 .
(8) Subsection (7) of this section does not, by implication, limit subsection 33(3A) of the Acts Interpretation Act 1901 .