Course Overview
This Advanced course introduces participants to Pentagram Advisory’s Security Maturity Assessment and Evaluation Model for a Telecommunications Critical Infrastructure Risk Management Program (CIRMP) – a structured, evidence-based approach designed to enable organisations to evaluate and uplift their Telecommunications CIRMP implementation.
This course is aligned with a telecommunication entity’s statutory obligations under the Security of Critical Infrastructure Act 2018 (SOCI Act), and the Security of Critical Infrastructure (Telecommunications Security and Risk Management Program) Rules 2025 (TSRMP Rules) including the 77 obligations that a responsible entity must meet across governance, cyber, information, personnel, supply chain, physical security and natural hazards domains.
Participants in this course will learn how to interpret and assess these obligations through a maturity lens, using Pentagram’s four-level maturity model and eight assessment categories tailored to telecommunications sector risks, interdependencies, and operational realities.
The course also provides access to a customisable Telecommunications CIRMP Security Maturity Assessment and Evaluation Template, aligned with all 77 SOCI Act + TSRMP Rules obligations, supporting structured self-assessment, evidence capture, gap analysis, and uplift planning. This tool will support all future Telecommunications CIRMP maturity assessments and enable recording of a defensible history of the evolution of the CIRMP and the associated security uplift of critical assets.
Learning Objectives
By the end of this course, participants will be able to:
1. Understand the role of maturity in Telecommunications CIRMP implementation: Explain how the structured maturity assessment strengthens regulatory defensibility, governance assurance, and uplifts planning for telecommunications critical infrastructure assets.
2. Explore the Telecommunications CIRMP Security Maturity Assessment and Evaluation Model: Understand the structure of Pentagram’s Model — including four maturity levels and eight assessment categories — aligned with the SOCI Act and TSRMP Rules obligations, and focused on telecommunications-specific hazards such as remote access, network-to-network interfaces, offshore data handling, and reliance on major suppliers.
3. Interpret Telecommunications CIRMP requirements through a security maturity lens: Map the 77 SOCI Act + TSRMP Rules obligations to maturity indicators and understand how obligations cluster across cyber, information, personnel, supply chain, physical security and natural hazards requirements.
4. Use the editable Telecommunications CIRMP Security Maturity Assessment and Evaluation template: Use the template to assess organisational capability across all-hazard domains, document evidence, record ratings, and evaluate implementation maturity.
5. Prepare actionable outputs for Boards and regulators: Translate maturity results into dashboards, heatmaps, and concise written summaries for executive briefings, governance oversight, regulator engagement, and attestation readiness. Use the outputs to inform evidence-based decision-making
Learning Outcomes
After completing this course, participants will be able to:
1. Describe the principles of Telecommunications CIRMP maturity: Explain how maturity assessments demonstrate compliance, strengthen risk governance, and support strategic investment decisions.
2. Apply the Telecommunications CIRMP Security Maturity Assessment and Evaluation Model: Conduct a robust assessment across cyber, personnel, supply chain, physical security, governance, and risk methodology consistent with telecommunications sector obligations.
3. Document evidence and assess gaps: Use the editable template to record evidence, assess maturity against all 77 obligations, and identify priority areas for uplift. Use the template as a ‘live’ tool to record the maturity evolution of the Telecommunications CIRMP and the uplift in security governance into the future.
4. Produce governance-ready outputs: Develop heatmaps, dashboards, and Board-ready summaries that show maturity levels, risk exposure, and compliance status, supporting due diligence obligations and annual attestation processes.
5. Prioritise and plan improvement activities: Use assessment results to create forward improvement plans aligned with risk appetite, business priorities, and regulatory expectations, including SOCI Act and TSRMP Rules compliance timelines.
Private Coaching Session: Includes a one-hour private coaching session with the Pentagram Advisory team. During this session, we will provide tailored, practical advice specific to your organisation’s needs. Whether you are preparing for your first Telecommunications CIRMP security maturity assessment and evaluation, refining your internal evaluation approach, or seeking guidance on interpreting and presenting maturity results to Boards or regulators, this session is designed to help you apply the Telecommunications CIRMP Security Maturity Assessment and Evaluation Model with confidence.
