A comprehensive Protective Security Risk Assessment for a nationally significant fuel storage terminal — delivering SOCI Act and SLACIP Act compliance, PSPF-aligned recommendations, and a strategic security roadmap during a period of major infrastructure expansion.
THE CHALLENGE
A major operator of bulk liquid storage facilities handling flammable and combustible fuels required an independent security assessment of its primary terminal in South Australia. As a designated critical infrastructure asset under the SOCI Act, the operator needed to demonstrate compliance with both federal obligations and amendments introduced through the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act). The assessment was further complicated by significant infrastructure expansion projects underway at the site, which introduced new vulnerabilities during construction.
OUR APPROACH
Agilient conducted a comprehensive Protective Security Risk Assessment (PSRA) of the terminal. The scope encompassed a full review of external threats and physical vulnerabilities, an audit of existing security policies and procedures, and identification of gaps against the Protective Security Policy Framework (PSPF) and ISO 31000. The assessment included developing a Critical Asset List (CAL), a List of Threat Actors (LTA), and a Security Threat Assessment (STA), followed by a detailed Risk Control Effectiveness analysis. Agilient engaged directly with site management and operational personnel to ensure findings were grounded in the reality of a live fuel handling environment.
THE OUTCOME
- Delivered a SOCI-aligned PSRA that provided the operator with a clear compliance pathway for both the SOCI Act and the SLACIP Act 2022, satisfying federal regulatory obligations
- Produced a prioritised security roadmap with actionable recommendations to strengthen site security during and beyond the active infrastructure expansion period
- Provided a defensible, PSPF-benchmarked evidence base to support the operator’s annual CIRMP attestation and ongoing critical infrastructure risk management obligations