30CDResponsible entity must have an incident response plan

#### 30CD Responsible entity must have an incident response plan If: (a) an entity is the responsible entity for a system of national significance; and (b) the statutory incident response planning obligations apply to the entity in relation to: (i) the system; and (ii) cyber security incidents; the entity must: (c) adopt; and (d) maintain; an incident response plan that applies to the entity in relation to: (e) the system; and (f) cyber security incidents. Civil penalty: 200 penalty units.