Skip to main content

Roles for CIRMP

Roles in a CIRMP

The following information is about the roles in a Critical Infrastructure Risk Management Program (CIRMP) using AusCheck background checks.

Applicant

An applicant is a critical worker of a responsible entity who needs access to a critical asset.

They can be an employee of:

  • the responsible entity
  • a subcontractor or supplier of the responsible entity.

Responsible entity

A responsible entity is an organisation with a critical infrastructure asset. They manage the obligations in their CIRMP.

Once a background check outcome is known, the responsible entity will decide if it's suitable for a critical worker to have access to their critical asset.

Employer user

An employer user is a representative of the responsible entity. They are authorised to:

  • confirm an applicant's operational need on behalf of the responsible entity
  • make decisions based on an applicant's Critical Infrastructure Background Check Outcome (CIBCO).

There must be at least one employer for each responsible entity. AusCheck recommends that there are 2 or more, depending on the size of the organisation.

Employers don't need a background check. They only need one if they are a critical worker. 

Verifier

A verifier is an authorised person who will verify an applicant's identity.

A verifier requires specialised training and is authorised to act on behalf of AusCheck.

To fulfil the verifier role, they must:

  • have a critical infrastructure AusCheck background check
  • be deemed 'suitable' by their responsible entity
  • complete the verifier training.

Verifiers do not need to be part of the same organisation as the critical worker being verified.

To learn how to become a verifier and get access to the verifier portal, see the guidance for verifiers.

Verifier's responsibilities 

A verifier will meet applicants and verify their identity.

  1. Meet the applicant in person. They will book an appointment with you.
  2. Use the verifier portal to review the details of an applicant’s identity documents.
  3. Sight the applicant's original identification documents.
  4. Confirm that the identification documents appear to be authentic and meet regulatory requirements.
  5. Verify the applicant is the person represented on all photographic identification.
  6. Scan identity documents and save into the portal.
  7. Take a photo of the applicant and upload it to the application.
  8. Record decisions about applicant identification documents in the portal.

Learn more about identity documents.

Verifiers can't:

  • verify their own identity documents
  • manage their own applications.

AusCheck

Once the applicant’s identity has been verified, AusCheck engages with our partner agencies to conduct the background check.

When the background check results are returned, AusCheck advises the applicant and responsible entity of the outcome. This is in the form of a digital CIBCO.

Responsible entity obligations

These are the obligations for responsible entities. Learn more about the relevant CIRMP legislation.

Develop their CIRMP and comply with rules

The responsible entity's CIRMP must do the following.

  • Identify hazards and material risks.
  • For each material risk, consider the impacts on assets if the risk was to happen.
  • Implement mitigations or eliminate material risks as far as is reasonably practicable.

Report annually

Responsible entities must submit an annual report. This must be approved by either:

  • the entity’s board
  • the entity's council
  • the governing body.

The report must be approved within 90 days of the end of the Australian financial year.

Manage the CIRMP

Responsible entities are also responsible for:

  • maintaining the CIRMP
  • reviewing the CIRMP on a regular basis
  • making sure there is a process or system to keep the CIRMP up to date.
Return focus to the top of the page

Sign up

Sign up for news and updates from our agency.
Sign up