30CSMeaning of evaluation report

#### 30CS Meaning of evaluation report An evaluation report, in relation to a cyber security exercise that was undertaken in relation to a system of national significance, is a written report: (a) if the exercise relates to all types of cyber security incidents—the purpose of which is to: (i) evaluate the entity’s ability to respond appropriately to all types of cyber security incidents that could have a relevant impact on the system; and (ii) evaluate the entity’s preparedness to respond appropriately to all types of cyber security incidents that could have a relevant impact on the system; and (iii) evaluate the entity’s ability to mitigate the relevant impacts that all types of cyber security incidents could have on the system; and (b) if the exercise relates to one or more specified types of cyber security incidents—the purpose of which is to: (i) evaluate the entity’s ability to respond appropriately to those types of cyber security incidents that could have a relevant impact on the system; and (ii) evaluate the entity’s preparedness to respond appropriately to those types of cyber security incidents that could have a relevant impact on the system; and (iii) evaluate the entity’s ability to mitigate the relevant impacts that those types of cyber security incidents could have on the system; and (c) that complies with such requirements (if any) as are specified in the rules.