How Mature Is Your CIRMP? From Compliance to Assurance: TasWater's CIRMP Maturity Journey | Part 2

How Mature Is Your CIRMP? Many organisations can establish a Critical Infrastructure Risk Management Program (CIRMP) and demonstrate compliance with the Security of Critical Infrastructure Act 2018. But how do Boards and senior executives gain confidence that their CIRMP is effective, mature, and capable of supporting annual attestation and reporting obligations? In this workshop session, Mark McConnon, Head of Risk and Resilience, TasWater shares the organisation's CIRMP maturity journey and the practical steps taken to move from compliance to assurance. TasWater's experience highlights a challenge faced by many responsible entities: while governance structures and controls may be in place, Boards often seek greater confidence and assurance when reviewing and attesting to the effectiveness of their CIRMP. Drawing on TasWater's implementation experience, Mark discusses: • TasWater's journey under the Security of Critical Infrastructure Act 2018 • Developing a practical CIRMP governance framework • Establishing accountability across CIRMP hazard domains • Integrating CIRMP requirements into enterprise risk management • The role of governance and Board oversight in annual attestation • Why assurance became a key focus for TasWater • The challenges of demonstrating CIRMP effectiveness • Lessons learned from implementation • The development of a CIRMP maturity assessment approach • Working collaboratively with Pentagram Advisory to establish a structured maturity model A key theme throughout the session is the transition from simply demonstrating compliance to providing meaningful assurance to Boards, executives, and stakeholders. This presentation is particularly relevant for: • Responsible Entities under the SOCI Act • Board Directors and Governing Bodies • Chief Risk Officers • Security Managers • Protective Security Practitioners • Governance and Compliance Teams • Critical Infrastructure Operators Watch Part 1 How Mature Is Your CIRMP? | CIRMP Security Maturity Assessment and Evaluation Model™:    • How Mature Is Your CIRMP? | CIRMP Security...   Learn More Interested in assessing your organisation's CIRMP maturity? Pentagram's CIRMP Security Maturity Assessment and Evaluation Model™ provides a structured, evidence-based assessment across all CIRMP obligations to help organisations evaluate maturity, identify priority uplift areas, and support Board-level assurance. 🌐 CIRMP Security Maturity Assessment and Evaluation Model™ https://pentagramadvisory.com.au/cour... 🌐 https://pentagramadvisory.com.au/ 📧 [email protected] #CriticalInfrastructure #SOCIAct #CIRMP #SecurityMaturity #RiskManagement #ProtectiveSecurity #Governance #BoardGovernance #CriticalInfrastructureSecurity #Resilience #TasWater #RiskAndResilience #CyberSecurity #SecurityRiskManagement #PentagramAdvisory