SOCI Sentinel
Back to home

Tier 2 data centre operator, mocked walkthrough

From OT and IT exports to a signed CIRMP evidence pack, in four steps.

A group CISO can walk a quarterly section 30AC cycle in under two minutes here. The data is mocked. The shape is the artefact the board will sign and the auditor will read. Built for a Tier 2 responsible entity in the data centre sector.

01

Ingest the artefacts your tools already export

Artefact ingestion adapter library

8 artefacts ingested. 0 rejected. Schema validated.

  • OT

    Dragos

    dragos_asset_posture_2026Q1.json

    Cyber and information security

    Ingested
  • OT

    Claroty CTD

    claroty_exposure_register_2026Q1.csv

    Cyber and information security

    Ingested
  • IT

    ServiceNow IRM

    snow_irm_control_evidence_export.csv

    Cyber and information security

    Ingested
  • IT

    Microsoft Sentinel

    sentinel_posture_summary_apr_2026.json

    Cyber and information security

    Validated
  • IT

    CrowdStrike Falcon

    falcon_posture_export_apr_2026.csv

    Cyber and information security

    Validated
  • HRIS

    HRIS (Workday)

    hris_privileged_access_review_q1.csv

    Personnel

    Ingested
  • Vendor

    Vendor register

    material_supplier_register_2026.xlsx

    Supply chain

    Ingested
  • OT

    Site security

    ot_segmentation_iec62443_zones.pdf

    Physical and natural

    Ingested

No live telemetry tap. No agent on the plant floor. The agent reads what your existing OT and IT tooling already produces. Each artefact is hashed, validated against the vendor's documented export format, and screened for prompt injection before it enters the agent's reasoning context.

02

Classify across the four CIRMP hazard domains

CIRMP Rules 2023, four-hazard coverage

MetPartially metNot met
01

Cyber and information security

24 artefacts mapped

18 met4 partial2 not met

ASD Essential Eight ML2 baseline. ISM controls mapped. Sentinel and CrowdStrike posture cross-referenced against the Dragos OT asset register.

02

Personnel

6 artefacts mapped

4 met2 partial0 not met

Privileged access review evidence ingested from Workday. ISM personnel security controls mapped at lightweight depth (Phase 1 commitment).

03

Supply chain

11 artefacts mapped

7 met3 partial1 not met

Section 30CB material supplier declarations cross-checked. One supplier flagged as missing the FOCI declaration. Surfaced for human review.

04

Physical and natural

9 artefacts mapped

6 met3 partial0 not met

IEC 62443 zones and conduits ingested. Site security evidence cross-referenced against the asset register. Bushfire and flood treatment plans on file.

03

Assemble the CIRMP evidence pack draft

Section 30AC pack draft, excerpt

Three control statements, with cited reasoning

Every statement carries a control reference, an artefact hash and a reasoning trace.

CIRMP Rules 2023, s 8(1)(a)(i). Cyber and information security framework.

Met

Sentinel posture summary, Apr 2026 (sha256:9b3a...e21d)

The responsible entity has adopted ASD Essential Eight as its established framework. Sentinel posture export confirms ML2 across patch application, application control and configuration of Microsoft Office macros. Two controls at ML1 (user application hardening, multi-factor authentication coverage). Mapped to s 8(1)(a)(i) with status met, with the two ML1 items surfaced as named gaps in the residual risk register.

CIRMP Rules 2023, s 9. Personnel hazards.

Partially met

Workday privileged access review, Q1 2026 (sha256:14fc...b703)

Privileged access review completed for 92 percent of in-scope roles. Eight roles missed the quarterly cycle. Mapped to s 9 with status partially met. Recommendation: complete the eight outstanding reviews before board attestation. Surfaced in the residual risk register.

CIRMP Rules 2023, s 10. Supply chain hazards (s 30CB material suppliers).

Partially met

Material supplier register, 2026 (sha256:5a7d...02ee)

47 material suppliers identified. 46 have current FOCI declarations on file. One supplier (a regional logistics provider) is missing the declaration. Mapped to s 10 with status partially met. Recommendation: obtain the declaration before the next quarterly review or document the residual risk decision and the compensating control.

Group CISO comments

Cyber and physical accepted. Two Essential Eight items downgraded from ML2 to ML1 with recorded justification. The missing FOCI declaration goes into the residual risk register with a 30-day remediation window. Personnel coverage holds at lightweight depth as agreed in the Phase 1 scope. Ready to sign.

Approver summary

James Walker, Group CISO

Tier 2 data centre operator

Risk classification

Medium

Sovereignty

AWS Sydney, ISM-aligned

Data classification

OFFICIAL: Sensitive

Cycle cadence

Quarterly

04

Sign and export with a full reasoning trace

Signed export, section 30AC pack

CIRMP Evidence Pack, FY26 Q1

Generated 30 April 2026, 09:21 AEST. Signed with the tenant's per-tenant key. AU-resident trusted timestamp.

01

Cover page and accountable officer signature

02

Executive summary and four-hazard coverage view

03

Cyber and information security panel with ISM and Essential Eight mapping

04

Personnel hazard panel with HRIS evidence

05

Supply chain hazard panel with section 30CB declarations

06

Physical and natural hazard panel with IEC 62443 zones

07

Residual risk register and prior-period delta

08

Reasoning trace, control by control, with model id and human override notes

09

Audit timeline and approval signatures

10

Offline verification routine and per-tenant signature

Reasoning trace audit timeline

  1. 29 Apr 2026, 10:14 AEST

    Mei Tran, Compliance Manager

    Eight artefacts ingested from Dragos, Claroty, ServiceNow IRM, Sentinel, CrowdStrike, Workday, vendor register and OT site security. Schema validation passed on all eight.

  2. 29 Apr 2026, 10:42 AEST

    SOCI Sentinel agent

    Four-hazard CIRMP draft assembled. 50 control statements mapped. 35 met, 12 partially met, 3 not met. 200-trace reasoning chain recorded.

  3. 29 Apr 2026, 14:08 AEST

    James Walker, Group CISO

    Reviewed cyber and physical hazard panels. Accepted 33 mappings. Overrode 2 with recorded justification (one Essential Eight ML2 claim downgraded to ML1, one supplier flagged for further review).

  4. 30 Apr 2026, 09:21 AEST

    James Walker, Group CISO

    Section 30AC pack signed with the responsible entity's per-tenant key. Board attestation pack assembled. Signed export generated. Verification bundle published.

This is a static walkthrough. The live product ships single-tenant per responsible entity on AWS Sydney, IRAP-aligned at OFFICIAL: Sensitive. Email salam@9t5.com.au or liaqat@9t5.com.au for a working demo against your own artefacts.

Back to overview