Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) If an entity undertakes a cyber security exercise under section 30CM, the entity must:
(a) do both of the following:
(i) prepare an evaluation report relating to the cyber security exercise;
(ii) give a copy of the report to the Secretary; and
(b) do so:
(i) within 30 days after the completion of the exercise; or
(ii) if the Secretary allows a longer period--within that longer period.
Civil penalty: 200 penalty units.
(2) An evaluation report prepared by an entity under subsection (1) is not admissible in evidence against the entity in civil proceedings relating to a contravention of a civil penalty provision of this Act (other than subsection (1) of this section or subsection 30CR(6)).