Report check

Spot what is missing.

Below is a worked annual report for an illustrative entity. Some required sections have been left out. Tick the sections you think are missing, then check your answer.

Northwind is an illustrative entity used for teaching. It is not a real entity and this is not a real lodged report.

Sections present in this report

1. Program in place and up to date
3. Variations to the program during the year
Hazard vectors (Rules ss.8-11)
5. Board or governing-body approval
Preparer / responsible officer attestation
Control evidence and cryptographic verification annexes

Which required sections are missing?

Tick the required sections you cannot see in the report above.

Required sectionsEntity and asset details1. Program in place and up to date2. Significant relevant impact of a hazard3. Variations to the program during the year4. Effectiveness evaluationHazard vectors (Rules ss.8-11)Cyber and information security framework declaration5. Board or governing-body approval

Important. General information only, not legal advice. Current as at 4 June 2026 against the in-force compilations on legislation.gov.au. The cyber-hazard framework floor (currently Essential Eight Maturity Level 1) is under active consultation: the March 2026 CIRMP enhancements exposure draft proposes lifting it to Maturity Level 2 and adding multi-factor authentication and network protection. Always read the latest compilation before relying on any figure.