16Cyber security requirements

#### 16 Cyber security requirements 16 Cyber security requirements > > (1) The regulations may make provision for the following— > > > > > (a) the adoption and implementation by a licensee of policies and procedures for managing cyber security risks and responding to cyber security incidents, > > > > > (b) the external review and accreditation of a licensee’s policies and procedures for managing cyber security risks and responding to cyber security incidents. > > > (2) Without limiting subsection (1), the regulations may require a licensee’s policies and procedures to address the following matters— > > > > > (a) notifying the Secretary of cyber security incidents, > > > > > (b) the process for auditing the licensee’s implementation and compliance with the policies and procedures, including reporting the audit result to the Secretary. > > > (3) It is a condition of a licence that the licensee must adopt and implement policies and procedures that comply with the regulations made under this section. > > **s 16:** Subst 1973 No 86, sec 3 (k). Am 1977 No 17, Sch 1; 1979 No 205, Sch 2, Part 1; GG No 51 of 27.3.1986, p 1405. Rep 2006 No 35, Sch 1 \[53\]. Ins 2021 No 34, Sch 5\[6\]. Am 2025 No 21, Sch 2\[5\].