30CYVulnerability assessment

#### 30CY Vulnerability assessment (1) A vulnerability assessment is an assessment: (a) that relates to a system of national significance; and (b) that either: (i) relates to all types of cyber security incidents; or (ii) relates to one or more specified types of cyber security incidents; and (c) if the assessment relates to all types of cyber security incidents—the purpose of which is to test the vulnerability of the system to all types of cyber security incidents; and (d) if the assessment relates to one or more specified types of cyber security incidents—the purpose of which is to test the vulnerability of the system to those types of cyber security incidents; and (e) that complies with such requirements (if any) as are specified in the rules. (2) Requirements specified under paragraph (1)(e): (a) may be of general application; or (b) may relate to one or more specified systems of national significance; or (c) may relate to one or more specified types of cyber security incidents. > Note: For specification by class, see subsection 13(3) of the Legislation Act 2003. (3) Subsection (2) of this section does not, by implication, limit subsection 33(3A) of the Acts Interpretation Act 1901.