Industries
Compliance with the Security of Critical Infrastructure Act
The SOCI Act sets a high bar for the organisations Australia depends on. ORCA Opti brings your risk management program, incident reporting and evidence into one living system of record, inside your sovereign Microsoft 365, whether you are a major operator or a small supplier in the chain.
Covered sectors
Eleven sectors. One rising bar.
The SOCI Act reaches across the sectors that keep the country running. If your assets fall into one of these, the obligations apply to you.
The hardest parts to get right
Where SOCI compliance actually bites
The obligations are demanding because they cut across domains, run to tight timeframes and reach beyond your own organisation. These are the parts ORCA Opti is built to take off your plate.
All-hazards risk management
All-hazards risk management
A risk management program has to cover cyber, physical, personnel and supply chain risk together, the domains most organisations still manage in silos.
Reporting against the clock
Reporting against the clock
Critical incidents must be reported within 12 hours and other significant incidents within 72, so detection, triage and evidence have to be ready before anything happens.
Assurance beyond your walls
Assurance beyond your walls
Obligations extend into your supply chain, so you have to understand and evidence the risk carried by vendors and subcontractors.
Board-level accountability
Board-level accountability
The program must be reviewed and approved at board level each year, so directors need real evidence, not verbal assurances.
Enhanced duties for the most critical
Enhanced duties for the most critical
Systems of National Significance carry extra obligations: incident response planning, cyber exercises and vulnerability assessments.
Keeping pace with change
Keeping pace with change
The rules keep expanding, so what counted as compliant last year may not be enough this year.
A moving target
SOCI keeps widening
The regime has grown with every round of reform, capturing more sectors, more data and more entities, and adding new powers to enforce it.
Onboard now, keep pace as the rules change
ORCA Opti grows with the regulation. As SOCI and the frameworks around it expand, your mapped controls, evidence and guidance update with them, so the work you do today keeps counting tomorrow. Start now and stay current without rebuilding or re-platforming.
Who it hits, and how hard
From major operators to small suppliers
SOCI lands differently depending on where you sit, but the expectations are converging.
Responsible entities and Systems of National Significance
The largest operators carry the full weight: the asset register, an all-hazards risk management program, mandatory reporting and, for Systems of National Significance, enhanced obligations and direct government oversight. The challenge is doing it across a complex organisation, continuously, and proving it on demand.
Smaller operators and suppliers
As scope widens, more small players are captured directly, and many more are pulled in through the supply chains of the big entities. The expectations are much the same, often without a security team or a big budget. This is exactly where ORCA Opti fits: enterprise-grade compliance, sized and priced for you.
How ORCA Opti helps
Meet the obligation. Show the evidence.
From your risk management program to mandatory reporting, ORCA Opti keeps your critical infrastructure compliance current and audit-ready.
Opti Core, your system of record
Opti Core, your system of record
Risks, controls, incidents, assets and your risk management program in one living system, with a complete audit trail.
Opti Assist
Opti Assist
Guided support for your obligations and reporting, with real-time answers drawn from your own Microsoft 365 documentation.
AI Guardian
AI Guardian
Keeps AI use safe and auditable, with logging for assurance and reviews.
Built on Microsoft 365
Built on Microsoft 365
Sovereign by design. Your data stays in your environment and never leaves Australia.
SOCI/aaS
SOCI compliance, delivered as a service
Not ready to build and run a SOCI-compliant program and environment yourself? With SOCI as a Service we stand up and operate a secure, managed environment and help run your risk management program for you, so smaller operators and supply-chain suppliers can meet the SOCI Act without building it all in-house.
A secure, compliant environment
A secure, compliant environment
An isolated, hardened Microsoft 365 workspace configured to SOCI expectations and the Essential Eight, ready for your team to work in from day one.
Sovereign, Australian hosting
Sovereign, Australian hosting
Hosted in Australia in a security-accredited data centre, keeping your data and your critical asset information onshore.
Your risk management program, run for you
Your risk management program, run for you
We help stand up and maintain an all-hazards risk management program covering cyber, physical, personnel and supply chain risk together, not in silos.
Reporting ready before the clock starts
Reporting ready before the clock starts
Detection, triage and evidence are in place so 12-hour and 72-hour incident reporting is ready when it counts, not scrambled together afterwards.
Light on your team
Light on your team
We run the secure environment so your people can stay focused on keeping the service running. Ideal for smaller operators and for suppliers pulled in through the chain.
Keeps pace as SOCI widens
Keeps pace as SOCI widens
Always-on compliance through ORCA Opti keeps your controls, evidence and obligations current as the regime expands, so the work you do today keeps counting tomorrow.
Start with a program and environment sized to your obligations today, then scale as scope widens, with ORCA Opti keeping you audit-ready the whole way.
Free Critical Infrastructure readiness check
Work through a guided check with Opti Assist for a snapshot of how your risk management program and reporting align with the SOCI Act.
Join our mailing list
News and updates from ORCA Opti.