Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Claroty: SOCI Act Compliance: Proactive OT Security Strategy

Claroty
06/25/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


So, the whole purpose of the SOCHI Act is to put in place some controls to ensure that organisations have the right processes and the right controls in place to protect their critical infrastructure from a raft of different risks, a raft of different threats, whether that be through third party, through supply chain, but also making sure their own internal asset registries and security controls are in place and are tested on a regular basis to ensure that there is controls that can be measured. And that forms part of, obviously, the CRMP process, so working out how you apply those risk management controls into the SOCHI process as well. So, to achieve this, we have to bridge the gap between regulatory pressure and risk mitigation, so that the outcome that we want here is not a compliance outcome, it's an outcome that drives better risk resilience, better risk mitigation controls for organisations. Compliance would be addressed through the journey, but the outcome here is to create a situation where we're leveraging frameworks and we're leveraging best practice controls to not only drive the regulatory pressures that we have, but also to make sure that our overall security posture and our overall risk process, risk mitigation, is controlled through those best practices. So we're trying to really transform high-level regulatory pressures into ways and controls and measurements where we can get better operational resiliency, we can ensure better uptime for our key operational assets, we can ensure we have human safety for both our staff, but also potentially our consumer, our end user, depending on what industry we work in, but the ultimate goal also is to improve our ROI, so if we can take some of those best practices and apply those controls to ensure that we're getting resiliency, uptime and safety, the outcome financially and the benefit financially for us should be an increase or a return on investment that we can measure through the journey.

TL;DR

  • Australia's SOCI Act drives organizations to adopt proactive cybersecurity by requiring documented processes, asset registries, and regularly tested security controls for critical infrastructure protection.
  • Compliance should be viewed as a journey toward operational resilience rather than a checkbox exercise, with controls integrated into broader Critical Risk Management Programs (CRMP).
  • The framework aims to deliver measurable business outcomes including improved uptime, enhanced safety for staff and consumers, and demonstrable return on investment through best practice implementation.

Summary

This excerpt features Claroty Field CTO Jason Pearce discussing how Australia's Security of Critical Infrastructure (SOCI) Act serves as a catalyst for organizations to shift from reactive to proactive cybersecurity approaches. Pearce explains that SOCI compliance requires organizations to establish robust processes and controls to protect critical infrastructure from various threats, including third-party and supply chain risks. The framework mandates maintaining accurate asset registries, implementing regularly tested security controls, and integrating these measures into Critical Risk Management Programs (CRMP). Rather than treating SOCI as a pure compliance exercise, Pearce emphasizes that the ultimate goal is achieving better operational resilience, improved uptime for critical assets, enhanced human safety for staff and consumers, and measurable return on investment through the application of best practice security controls.

Chapters

0:00 - SOCI as Security Catalyst
0:08 - SOCI Act Requirements
0:52 - Beyond Compliance Mindset
1:29 - Operational Resilience Outcomes

Key Quotes

0:00 "SOCHI is actually the catalyst to reset your IT security from reactive to proactive."
0:52 "The outcome that we want here is not a compliance outcome, it's an outcome that drives better risk resilience, better risk mitigation controls for organisations."
1:51 "The ultimate goal also is to improve our ROI, so if we can take some of those best practices and apply those controls to ensure that we're getting resiliency, uptime and safety, the outcome financially and the benefit financially for us should be an increase or a return on investment that we can measure through the journey."

FAQ

What is the primary purpose of Australia's SOCI Act?

The SOCI Act establishes controls to ensure organizations have appropriate processes and security measures in place to protect critical infrastructure from various threats, including third-party and supply chain risks, while requiring regular testing and measurement of these controls.


Categories:
  • » Data Protection
Channels:
News:
Events:
Tags:
  • OT
  • IoT Security
  • Compliance & Governance
  • Best Practices
  • Executive Briefing
  • SOCI Act compliance
  • Critical infrastructure protection
  • Operational technology security
  • Risk management frameworks
  • Asset inventory management
  • Security control testing
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Claroty: SOCI Act Compliance: Proactive OT Security Strategy

              Upcoming Webinar Calendar

              • 06/30/2026
                01:00 PM
                06/30/2026
                Mastering Active Directory Certificate Services for Long-Term Success
                https://www.truthinit.com/index.php/channel/2018/mastering-active-directory-certificate-services-for-long-term-success/
              • 07/01/2026
                04:00 AM
                07/01/2026
                Integrating Security in AI: Automated Red Teaming Strategies for Private Models
                https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
              • 07/01/2026
                04:00 AM
                07/01/2026
                Schutz von KI in Anwendungen, Agenten und APIs.
                https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
              • 07/01/2026
                01:00 PM
                07/01/2026
                Preventing Your AI from Turning Against You: Essential Strategies
                https://www.truthinit.com/index.php/channel/2021/preventing-your-ai-from-turning-against-you-essential-strategies/
              • 07/02/2026
                10:00 AM
                07/02/2026
                Resilience Insights from Hybrid Threats Amidst Cloud Challenges
                https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-amidst-cloud-challenges/
              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Manifesting Agentic Trust in Real Life
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-manifesting-agentic-trust-in-real-life/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Quality Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-quality-security-team-for-unmatched-defense/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies from the DPDP Webinar
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-from-the-dpdp-webinar/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Witness Cyera Agent Security in Action: A Firsthand Experience
                https://www.truthinit.com/index.php/channel/2036/witness-cyera-agent-security-in-action-a-firsthand-experience/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jun
                30

                Mastering Active Directory Certificate Services for Long-Term Success

                06/30/202601:00 PM ET
                • Jul
                  01

                  Integrating Security in AI: Automated Red Teaming Strategies for Private Models

                  07/01/202604:00 AM ET
                  • Jul
                    01

                    Schutz von KI in Anwendungen, Agenten und APIs.

                    07/01/202604:00 AM ET
                    • Jul
                      01

                      Preventing Your AI from Turning Against You: Essential Strategies

                      07/01/202601:00 PM ET
                      • Jul
                        02

                        Resilience Insights from Hybrid Threats Amidst Cloud Challenges

                        07/02/202610:00 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version