At the end of your visit today, would you complete a short survey to help improve our services?

Thanks! When you're ready, just click "Start survey".

It looks like you’re about to finish your visit. Are you ready to start the short survey now?

Business planning

Find out how to create a plan for your new or current business, including writing the plan and operational documents, and setting goals.

Start your planning by:

  • watching the writing a business plan video
  • downloading the business plan template
  • watching our small business planning webinar recording .

Planning a new business?

Find out how to plan your new business idea —use our guides, checklists and tips to help you develop your idea and sharpen the personal skills you'll need to be a business owner.

Writing a business plan

Discover what a business plan is and how you can prepare or update one for your business. Download our free business plan template.

Create a business vision

Find out how to create a vision for your business, describing your goals and what success looks like. Use our template to create your own.

Business values

Learn about developing values for your business. Follow our 5-step process to develop and implement your own values.

SWOT analysis

Get an overview of the SWOT analysis business tool, including what it involves, the benefits of using one, and how to conduct one for your business.

Short and long-term goals and KPIs

Learn about setting business goals and tracking them through KPIs. You should set short and long-term goals and review your goals and KPIs regularly.

Business policies, processes, procedures and codes of practice

Discover the value of creating and applying operational documents for your business. Codes of practice explain your legal and industry obligations.

Choosing and working with business advisers

Learn what to consider before choosing a professional to help you achieve your business goals.

Tools and resources

Find out more about the value of a business plan and create one for your business.

Video - Writing a business plan

Watch our video to help you write a business plan.

Download the business plan template

Use our template to create a plan for your new or existing business, or as a guide for making your own.

Download the SWOT analysis template

Use the SWOT analysis template to understand your business’s strengths, weaknesses, opportunities and threats.

  • Updated: 1 Jun 2023
  • Reviewed: 8 Dec 2022

Problem loading mint-content-page app.

Things aren't going well... have you tried refreshing the page and are you using an up to date browser? If so, and you still see this message, please contact us and we'll help you out.

About the Business Planning Tool

The Business Victoria Business Planning Tool is a free and easy-to-use resource to help Victorian business owners and operators to set goals, plan next steps, track progress and learn new skills.

No matter your experience level or what stage your business is at, the tool can help guide you through complex tasks that align with your priorities by breaking them into smaller, easier actions.

You are using an outdated browser. Please upgrade your browser to improve your experience.

business gov au planning templates

  • Business Tasmania
  • Starting a business

Business planning

Related links, business planning guide and template.

business.gov.au

Tasmanian Business Advice Service

businessadvice.tas.gov.au

If you’re just planning on running a side-hustle or picking up some freelance work to supplement your income, you probably don’t need a business plan. If you are looking at a venture that will be or become your primary source of income, and especially if you are seeking investment or funding for that business, taking planning seriously is critical to your success.

Many people think of business plans only for starting a new business or applying for business loans. But business plans are also vital for running a business.

Existing businesses should have business plans that they maintain and update to ensure that their strategies, goals and milestones are on track. There are many ways to write and present a business plan, and the internet is full of templates and handy hints.

The ideal business plan is concise, forecasts short and long term outcomes, and is able to be understood by someone who doesn’t know your sector or product.

For more information on business planning, check out the Australian Government’s comprehensive Business Planning Guide and Template . The advisors available through the Tasmanian Business Advice Service can also support you with business planning. To meet with an advisor, visit businessadvice.tas.gov.au

  • Skip to navigation
  • Skip to content
  • Skip to footer

ntg-mono

Write a business plan

Write down your ideas.

A business plan explains your business's goals and outlines how they will be achieved.

If you're applying for a grant or finance, you must have a business plan as part of the application.

When to do a plan

You should write a business plan before you start operating.

It can be tricky to do if you're still in the planning stages. But you can amend your plan as your business grows and changes.

Review your plan regularly and update it as needed.

Even existing businesses may benefit from putting a business plan together.

What to include

In general, a plan would usually include:

  • an executive summary
  • description of your business
  • information about your business structure
  • market research
  • marketing and sales strategy
  • financial plan - such as your  start-up costs and funding , expected cash flow and sales plan
  • staffing requirements, including how you will attract, select and recruit workers .

Get a business plan template from the Australian Government's Business website .

For assistance putting together your plan, talk to:

  • small business champions
  • a business coach or consultant (fees may apply)
  • government funded services like the Business Enterprise Centre NT .

Existing businesses may be eligible for the Business Growth Program . This program provides funding for existing businesses to work with business consultants.

Contact a Territory Business Centre to find out what help you might be eligible for.

On this page

Research your business idea.

Look into your idea before deciding to make it a business.

Create a sales plan

Set realistic sales goals.

Contact a Territory Business Centre

Territory Business Centres can give you information about starting a business, licensing requirements and government assistance programs.

  • Azerbaijani
  • Chinese (Simplified)
  • Chinese (Traditional)
  • Haitian Creole
  • Kinyarwanda
  • Kurdish (Kurmanji)
  • Kurdish (Soranî)
  • Odia (Oriya)
  • Scots Gaelic

Business tools and templates

All successful businesses are underpinned with systems and process - from business planning to determining your cash flow.

If you can't measure it, you can't manage it.

Our business tools and templates are in a simple to understand format, that you can download and regularly update.

Related services and information

  • Western Australian Training Awards
  • Support for small business owners
  • Small business facts and statistics
  • Sign up for small business news
  • Employer financial incentives and support
  • Book a small business workshop
  • Regional Business Engagement Forums
  • Developing Western Australia's workforce

Provided by

  • Facebook share (Opens in a new tab/window)
  • Twitter (Opens in a new tab/window)
  • LinkedIn (Opens in a new tab/window)

Acknowledgement of Country

The Government of Western Australia acknowledges the traditional custodians throughout Western Australia and their continuing connection to the land, waters and community. We pay our respects to all members of the Aboriginal communities and their cultures; and to Elders both past and present.

smallbusiness.wa.gov.au

free downloads and resources

Download and use our free fillable business templates including business planning, marketing planning, website planning, continuity planning and more.

Build a website booklet

If you’re planning to build a website for your business, or hire a web developer, our Build a Website booklet will help clarify the type of website and functionality you need.

Business continuity plan template

Developing a business continuity plan helps your business continue to operate through unexpected events and challenges, which could otherwise temporarily or permanently close your business.

Business plan on a page template

Use our simplified one page business plan to help you explore the viability of a side hustle business or get your initial thoughts on paper before you complete a full business plan .

Business plan template

Having a well prepared business plan before starting your business can help you refine your idea, gain a deeper understanding of your market and have a clear direction for your business.

Letter of complaint template

If you’re having problems with a product of service provider, use our letter of complaint template to let the supplier know about the issue and provide them with an opportunity to resolve the problem.

Letter of demand template

Writing a letter of demand is an important first step in trying to recover money owed to you. Use this template as a guide if you have not been paid.

Marketing plan template

This marketing plan template will help you determine how to get your business noticed by the people who need or want your product. Our guide to using the marketing plan template will help you when using this resource.

Overdue payment reminder template

If you have not received payment within the timeframe outlined in your payment terms and conditions, or what has been agreed with your client, use our overdue payment reminder email template to formally request payment.

  • Builders’ Support Facility
  • Business information
  • Business advisory
  • Accessibility
  • Starting and growing
  • Business premises
  • Legal and risk
  • Dispute resolution
  • Exiting a business
  • Steps to starting a business
  • Essential business skills
  • Business planning
  • Licences and permits
  • Business structures
  • Business names
  • Buying a business
  • Franchising
  • 8 steps to marketing your business
  • Marketing and promotion strategies
  • Market research
  • Digital marketing
  • Types of business premises
  • Understanding commercial leases
  • Negotiating a lease
  • Commercial Tenancy Act
  • Resolving leasing problems
  • Ending a lease
  • Processes and procedures
  • Business finance and loans
  • Financial planning documents
  • Providing credit to customers
  • Tax requirements
  • Tax reporting requirements
  • Tax deductions and concessions
  • Business grants
  • Debt recovery
  • Legal responsibilities
  • Competition and consumer law
  • Contracts and agreements
  • Hiring a lawyer
  • Intellectual property
  • Risk management
  • Cyber security
  • Industrial relations systems
  • Types of employment
  • Employer obligations
  • Recruiting and managing staff
  • Ending employment
  • Managing stress and anxiety
  • Avoiding disputes
  • Handling customer complaints
  • Writing a letter of demand
  • Resolving a dispute
  • Types of disputes we can help with
  • Essential exiting tasks
  • Closing a business
  • Selling a business
  • Selling a franchise
  • Succession planning

Search SBDC

  • Starting a business
  • Business advice
  • Business skills

8 Business Plan Templates You Can Get for Free

' src=

8 min. read

Updated April 10, 2024

A business plan template can be an excellent tool to simplify the creation of your business plan. 

The pre-set structure helps you organize ideas, covers all critical business information, and saves you time and effort on formatting.

The only issue? There are SO many free business plan templates out there. 

So, which ones are actually worth using? 

To help remove the guesswork, I’ve rounded up some of the best business plan templates you can access right now. 

These are listed in no particular order, and each has its benefits and drawbacks.

What to look for in a business plan template

Not all business plan templates are created equal. As you weigh your options and decide which template(s) you’ll use, be sure to review them with the following criteria in mind:

  • Easy to edit: A template should save you time. That won’t be the case if you have to fuss around figuring out how to edit the document, or even worse, it doesn’t allow you to edit at all.
  • Contains the right sections: A good template should cover all essential sections of a business plan , including the executive summary, product/service description, market/competitive analysis, marketing and sales plan, operations, milestones, and financial projections. 
  • Provides guidance: You should be able to trust that the information in a template is accurate. That means the organization or person who created the template is highly credible, known for producing useful resources, and ideally has some entrepreneurial experience.
  • Software compatibility: Lastly, you want any template to be compatible with the software platforms you use. More than likely, this means it’s available in Microsoft Word, Google Docs, or PDF format at a minimum. 

1. Bplans — A plan with expert guidance

Preview of Bplans' free business plan template download asset.

Since you’re already on Bplans, I have to first mention the templates that we have available. 

Our traditional and one-page templates were created by entrepreneurs and business owners with over 80 years of collective planning experience. We revisit and update them annually to ensure they are approachable, thorough, and aligned with our team’s evolving best practices.  

The templates, available in Word, PDF, or Google Doc formats, include in-depth guidance on what to include in each section, expert tips, and links to additional resources. 

Plus, we have over 550 real-world sample business plans you can use for guidance when filling out your template.

Download: Traditional lender-ready business plan template or a simple one-page plan template .

Brought to you by

LivePlan Logo

Create a professional business plan

Using ai and step-by-step instructions.

Secure funding

Validate ideas

Build a strategy

2. SBA — Introduction to business plans

business gov au planning templates

The U.S. Small Business Administration (SBA) offers two different business plan templates along with a short planning guide. 

While not incredibly in-depth, it’s enough to help you understand how traditional and lean plans are structured and what information needs to be covered. The templates themselves are more like examples, providing you with a finished product to reference as you write your plan.

The key benefit of using these templates is that they were created by the SBA. While they may provide less guidance, you can be assured that the information and structure meet their expectations.

Explore: The SBA’s planning guide and free templates

3. SCORE — Planning workbook

business gov au planning templates

SCORE’s template is more like a workbook. It includes exercises after each section to help you get your ideas down and turn them into a structured plan.

The market research worksheets are especially useful. They provide a clear framework for identifying your target market and analyzing competitors from multiple angles. Plus, they give you an easy way to document all the information you’re collecting.

You will likely have to remove the exercises in this template to make it investor-ready. But it can be worth it if you’re struggling to get past a blank page and want a more interactive planning method.

Download: SCORE’s business plan template

4. PandaDoc — A template with fillable forms

business gov au planning templates

PandaDoc’s library offers a variety of industry-specific business plan templates that feature a modern design flair and concise instructions. 

These templates are designed for sharing. They include fillable fields and sections for non-disclosure agreements, which may be necessary when sending a plan to investors.  

But the real benefit is their compatibility with PandaDoc’s platform. Yes, they are free, but if you’re a PandaDoc subscriber, you’ll have far more customization options. 

Out of all their templates, the standard business plan template is the most in-depth. The rest, while still useful, go a bit lighter on guidance in favor of tailoring the plan to a specific industry.

Explore: PandaDoc’s business plan template library  

5. Canva — Pitch with your plan

A sample of the 696 free business plan templates available from Canva. The templates represented here are for a restaurant and two options designed around a minimalist beige aesthetic.

Canva is a great option for building a visually stunning business plan that can be used as a pitch tool. It offers a diverse array of templates built by their in-house team and the larger creative community, meaning the number of options constantly grows.

You will need to verify that the information in the template you choose matches the standard structure of a traditional business plan. 

You should do this with any template, but it’s especially important with any tool that accepts community submissions. While they are likely reviewed and approved, there may still be errors.

Remember, you can only edit these templates within Canva. Luckily, you only need a free subscription, and you may just miss out on some of the visual assets being used. 

To get the most value, it may be best to create a more traditional planning document and transfer that information into Canva. 

Explore: Canva’s business plan gallery

6. ClickUp — The collaborative template

Preview of ClickUp's business plan template within the project management platform. It includes a number of fillable cells to help guide the creation process.

Out of all the project management tools that offer free business plan templates, ClickUp’s is the most approachable.

Rather than throwing you into all the features and expecting you to figure it out—ClickUp provides a thorough startup guide with resource links, images, and videos explaining how to write a plan using the tool. 

There’s also a completed sample plan (structured like an expanded one-page plan) for you to reference and see how the more traditional document can connect to the product management features. You can set goals, target dates, leave comments, and even assign tasks to someone else on your team. 

These features are limited to the ClickUp platform and will not be useful for everyone. They will likely get in the way of writing a plan you can easily share with lenders or investors. 

But this is a great option if you’re looking for a template that makes internal collaboration more fluid and keeps all your information in one place.

Sign Up: Get a free trial of ClickUp and explore their template library

7. Smartsheet — A wide variety of templates

A preview of the Smartsheet business plan template. It provides a preview of the cover page, directory, and small views of the remaining template pages.

I’m including Smartsheet’s library of templates on this list because of the sheer number of options they provide. 

They have a simple business plan template, a one-page plan, a fill-in-the-blank template, a plan outline, a plan grading rubric, and even an Excel-built project plan. All are perfectly usable and vary in visual style, depth of instructions, and the available format.

Honestly, the only drawback (which is also the core benefit) is that the amount of templates can be overwhelming. If you’re already uncertain which plan option is right for you, the lengthy list they provide may not provide much clarity.

At the same time, it can be a great resource if you want a one-stop shop to view multiple plan types.

Explore: Smartsheet’s business plan template library  

8. ReferralRock affiliate marketing business plan

Preview of the ReferralRock affiliate marketing business plan template. It just represents the cover page of the full template.

I’m adding ReferralRock’s template to this list due to its specificity. 

It’s not your standard business plan template. The plan is tailored with specific sections and guidance around launching an affiliate marketing business. 

Most of the template is dedicated to defining how to choose affiliates, set commissions, create legal agreements, and track performance.

So, if you plan on starting an affiliate marketing business or program, this template will provide more specific guidance. Just know that you will likely need to reference additional resources when writing the non-industry sections of your plan.

Download: ReferralRock affiliate marketing business plan template

Does it matter what business plan template you use?

The short answer is no. As long as the structure is correct, it saves you time, and it helps you write your business plan , then any template will work. 

What it ultimately comes down to, is what sort of value you hope to get from the template. 

  • Do you need more guidance? 
  • A simple way to structure your plan? 
  • An option that works with a specific tool?
  • A way to make your plan more visually interesting?

Hopefully, this list has helped you hone in on an option that meets one (or several) of these needs. Still, it may be worth downloading a few of these templates to determine the right fit. 

And really, what matters most is that you spend time writing a business plan . It will help you avoid early mistakes, determine if you have a viable business, and fully consider what it will take to get up and running. 

If you need additional guidance, check out our library of planning resources . We cover everything from plan formats , to how to write a business plan, and even how to use it as a management tool . 

If you don’t want to waste time researching other templates, you can download our one-page or traditional business plan template and jump right into the planning process.

See why 1.2 million entrepreneurs have written their business plans with LivePlan

Content Author: Kody Wirth

Kody Wirth is a content writer and SEO specialist for Palo Alto Software—the creator's of Bplans and LivePlan. He has 3+ years experience covering small business topics and runs a part-time content writing service in his spare time.

Start your business plan with the #1 plan writing software. Create your plan with Liveplan today.

Table of Contents

  • Qualities of a good template
  • ReferralRock
  • Does the template matter?

Related Articles

business gov au planning templates

6 Min. Read

Business Plan vs Business Model Canvas Explained

business gov au planning templates

10 Min. Read

14 Reasons Why You Need a Business Plan

business gov au planning templates

Use This Simple Business Plan Outline to Organize Your Plan

business gov au planning templates

12 Min. Read

Do You Need a Business Plan? Scientific Research Says Yes

The Bplans Newsletter

The Bplans Weekly

Subscribe now for weekly advice and free downloadable resources to help start and grow your business.

We care about your privacy. See our privacy policy .

Garrett's Bike Shop

The quickest way to turn a business idea into a business plan

Fill-in-the-blanks and automatic financials make it easy.

No thanks, I prefer writing 40-page documents.

LivePlan pitch example

Discover the world’s #1 plan building software

business gov au planning templates

Public funds to incentivise manufacturing and clean energy projects, Prime Minister Anthony Albanese says

Live Moment Public funds to incentivise manufacturing and clean energy projects, Prime Minister Anthony Albanese says

Prime Minister Anthony Albanese says Australia must stay in the "global race" for jobs, as he prepares to detail a taxpayer-funded incentive scheme for advanced manufacturing and clean energy projects.

The "Future Made in Australia Act" will seek to compete with US President Joe Biden's massive spending plans under the US Inflation Reduction Act.

Mr Albanese said it would consolidate existing efforts under one banner, including Hydrogen Headstart, Solar Sunshot and the government's $15 billion National Reconstruction Fund.

"We know during the pandemic, we learnt the risks of what happens if we're cut off from trade. We can't afford to not be able to stand on our own two feet," Mr Albanese told Channel Seven.

"And we saw manufacturing leave this country in the 70s and 80s. We want to bring it back."

The prime minister will make the case for the Future Made in Australia Act in a major speech on Thursday, setting out his agenda for the next year leading up to an election.

He will warn Australia's economy will suffer without greater government intervention, as other nations draw "an explicit link between economic security and national security".

Mr Biden's landmark Inflation Reduction Act includes hundreds of billions of dollars in tax breaks and subsidies over the next decade, aimed at boosting clean energy infrastructure and encouraging high-tech manufacturing.

"Obviously, Australia cannot go dollar for dollar with the United States' Inflation Reduction Act," speech notes provided by the prime minister's office state.

"But this is not an auction – it's a competition.

"And Australian can absolutely compete for international investment when it comes to our capacity to produce outcomes, the quality of our policies and the power of our incentives."

The federal government has been urged to do more to entice investment in renewable energy and critical industries, amid warnings the US could hoover up available international capital under its own plans.

The prime minister has frequently referred to his desire to see Australia step up in areas such as battery and solar panel manufacturing, harnessing the materials mined in Australia but currently exported overseas for processing.

An elderly white man beams happily from the driver's seat of a shiny new car under lights.

Mr Albanese will reference efforts from the US, European Union, Japan, South Korea and Canada to strengthen their own critical industries.

"All these countries are investing in their industrial base, their manufacturing capability and their economic sovereignty," the prime minister is expected to say.

"This is not old-fashioned protectionism or isolationism – it is the new competition.

"These nations are not withdrawing from global trade or walking away from world markets or the rules-based order, and let me be clear, nor should Australia."

Live Moment

Look back at how ABC readers and other Australians responded to this live moment.

That concludes the PM's address

Thanks for joining us for the live moment.

We'll leave our live coverage here.

How will the new act impact the economy?

The PM has been asked:

How do you expect the plan you unveiled today to impact the economy at a time when inflation is approaching the RBA's target range?

Here's what Mr Albanese says:

"It is about encouraging private sector investment, it is about making sure as well that all of the measures that we have put in place, including all of our cost of living measures, have been aimed at areas that would not contribute to inflation."

The risk of increasing power prices

The PM has been asked whether there is a risk an energy transition would be costly and cause power prices to increase.

"That is what is driving the change," Albanese says. "In terms of where that new investment will go. So we want to create an environment whereby we provide support but we acknowledge the importance of market mechanisms and what that means is investment in renewables will lead to cheaper power because that is what every economist tells us."

Wondering what this is? Join us next time we're live and be part of the discussion.

Not the invisible hand, nor heavy-handed either, PM argues

In a pre-emptive strike against critics who would argue against taxpayer funds being spent, Mr Albanese will make the argument that Australia's partners are "moving to the beat of a new economic reality."

"None of this is merely being left to market forces or trusted to the invisible hand," he is expected to say.

"The heavy lifting of economic transition and industrial transformation is not being done by individuals, companies or communities on their own.

"It is being facilitated, enabled and empowered by national governments from every point on the political spectrum.

"Because this is not about ideology, it's about opportunity – and urgency."

The Future Made in Australia Act would focus on boosting investment in areas such as rare earths mining and processing, hydrogen and solar energy production.

"We recognise that for Australians to share fully in the rewards, government needs to be prepared to use its size and strength and strategic capacity to absorb some of the risk," the speech notes state.

"Only government has the resources to do that, only government can draw together the threads from across the economy and around our nation."

Casting forward to budget

Ahead of the federal budget on May 14, the prime minister will argue the policy complements other measures, such as revised income tax cuts, to improve productivity across the country.

"The first four years of this decade have tested the resilience of our economy and our society alike," he is expected to say.

"Alongside the devastation of floods and bushfires, Australia has endured a once-in-a-century global pandemic and the biggest international energy crisis in 50 years.

"Government needs to have this same capacity to respond and adapt, to anticipate change – and shape it – when it comes to building for the future."

  • X (formerly Twitter)
  • Federal Government
  • Government and Politics

Portal login

Cyber Security Incident Response Planning: Practitioner Guidance

business gov au planning templates

Content written for

Attachments.

  • PROTECT - Cyber Security Incident Response Planning: Practitioner Guidance (April 2024) 2.51MB .pdf

Introduction

Australian organisations are continually targeted by malicious actors, with the Australian Signals Directorate (ASD) assessing that malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale and sophistication. As malicious actors become more adept, the likelihood and severity of cyber attacks is also increasing due to the interconnectivity and availability of information technology (IT) platforms, devices and systems exposed to the internet.

Managing responses to cyber security incidents is the responsibility of affected organisations. As such, all organisations should have a Cyber Security Incident Response Plan (CSIRP) to ensure an effective response and prompt recovery in the event that system controls do not prevent a cyber security incident from occurring. This plan should be regularly tested and reviewed.

To be effective, a CSIRP should align with organisations’ emergency, crisis and business continuity arrangements, as well as jurisdictional and national cyber and emergency arrangements. It should support personnel to fulfil their roles by outlining their responsibilities and all legal and regulatory obligations.

While organisations are responsible for managing cyber security incidents affecting their business, Australia’s Cyber Incident Management Arrangements outline the inter-jurisdictional coordination arrangements and principles when responding to national cyber security incidents.

This guidance (which acts as a CSIRP Template) and the Cyber Security Incident Response Readiness Checklist ( Appendix B ) are intended to be used as a starting point for organisations to develop their own CSIRP and readiness checklists. Each organisation’s CSIRP and checklist will need to be tailored according to their own unique operating environment, priorities, resources and obligations.

In addition to a CSIRP, organisations can develop more detailed day-to-day processes and procedures to supplement the CSIRP. This could include detailed playbooks to aid in the response to common types of cyber security incidents, such as ransomware or data breaches, and Standard Operating Procedures (SOPs) to respond to cyber security incidents affecting specific assets.

Using this guidance

This guidance is designed to assist organisations in the development of their own CSIRP as part of cyber security incident response planning activities. As part of this guidance, a separate CSIRP Template is available for organisations to fill in with some fields containing example text for demonstrative purposes. Note, the CSIRP Template is not exhaustive. Each organisation’s CSIRP should be tailored according to their own unique operating environment, priorities, resources and obligations.

Acknowledgements

This guidance was created using multiple resources. ASD acknowledges the following resources used in its development:

  • ASD Information Security Manual
  • Australian Prudential Regulation Authority Prudential Practice Guide CPG 234 Information Security
  • CSIRP Template developed by the Australian Energy Sector Readiness and Resilience Working Group in 2019, specifically with support from the Australian Energy Market Operator, Tasmanian Department of State Growth, the Victorian Government Department of Premier and Cabinet and ASD
  • Queensland Government Incident Management Guideline
  • Victorian Government Cyber Incident Management Plan and Cyber Incident Response Plan Template
  • Cybersecurity & Infrastructure Security Agency Federal Government Cybersecurity Incident and Vulnerability Response Playbooks
  • National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61 Rev. 2, Computer Security Incident Handling Guide
  • International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27035-1:2023, Information technology – Information security incident management – Part 1: Principles and process
  • ISO/IEC 27035-2:2023, Information technology – Information security incident management – Part 2: Guidelines to plan and prepare for incident response
  • ISO/IEC 27035-3:2020, Information technology – Information security incident management – Part 3: Guidelines for ICT incident response operations .

Contact details

If you have any questions regarding this guidance you can write to us or call us on 1300 CYBER1 (1300 292 371).

Authority and review

Include information about the document owner, document reviewer, approver, version control and date of next review or other thresholds to review the CSIRP. For example, a CSIRP could be reviewed on a time bound basis, such as bi-annually or annually. A CSIRP could also be reviewed when implementing changes following a cyber security incident, a cyber security exercise or organisational shifts. Finally, a CSIRP could be reviewed following changes to relevant policies, plans, legislation, regulation or jurisdictional arrangements.

Document control and review

Version control, purpose and objectives.

Include the purpose and objectives of the CSIRP.

To support a swift and effective response to cyber security incidents aligned with the organisation’s security and business objectives.

  • To provide guidance on the steps required to respond to cyber security incidents.
  • To outline the roles, responsibilities, accountabilities and authorities of personnel and teams required to manage responses to cyber security incidents.
  • To outline legal and regulatory compliance requirements for cyber security incidents.
  • To outline internal and external communication processes when responding to cyber security incidents.
  • To provide guidance on post cyber security incident activities to support continuous improvement.

Standards and frameworks

Include the relevant standards and frameworks used to inform the CSIRP.

  • Information Security Manual
  • Prudential Practice Guide CPG 234 Information Security
  • Australian Energy Sector Cyber Security Framework
  • New South Wales Government Cyber Security Incident Emergency Sub Plan
  • South Australian Government Cyber Security Incident Management
  • Tasmanian Government Incident Management Cyber Security Standard
  • Victorian Government Cyber Incident Management Plan
  • Western Australian Government Cyber Security Incident Coordination Framework
  • NIST SP 800-61 Rev. 2, Computer Security Incident Handling Guide
  • ISO/IEC 27035-1:2023, Information technology – Information security incident management – Part 1: Principles and process

High level cyber security incident response process

Include a summary of the cyber security incident response process.

business gov au planning templates

Common cyber security incidents and responses

Include commonly used terms and their definitions. A list of commonly used terms and definitions is provided at Appendix A .

Common threat vectors

Include a summary of common threat vectors.

Common cyber security incidents

Include a summary of common cyber security incident types and the initial response activities.

Roles and responsibilities

Include details of the roles and responsibilities of core personnel and teams responsible for cyber security incident response and decision making. At a minimum, include the personnel responsible for receiving the initial notification, the operational level Cyber Security Incident Response Team (CSIRT) and the strategic level Senior Executive Management Team (SEMT).

All personnel listed should be familiar with their responsibilities in the CSIRP and have practise their response.

Points of contact for reporting cyber security incidents

Include details about primary and secondary internal points of contact for personnel or stakeholders to report cyber security incidents to over a 24/7 period.

Cyber Security Incident Response Team

Include details of the CSIRT personnel responsible for managing responses to cyber security incidents. The composition of the CSIRT will vary depending on the size of an organisation and available skills and resources.

Include details of any 3rd party vendors that provide or manage systems, services and/or networks. If applicable, include details of external cyber security incident response providers and the services they provide.

Other CSIRT roles could include system administrators, network engineers, change managers, internal auditors, legal advisors, finance and procurement specialists, and administration and recording keeping personnel.

Surge arrangements

Include process for implementing surge arrangements, the resources involved in those arrangements and thresholds for triggering those surge arrangements. Surge arrangements can include, but are not limited to people, hardware, software and financial resources.

Senior Executive Management Team

Significant cyber security incidents may require the formation of the SEMT to provide strategic oversight, direction and support to the CSIRT, with a focus on:

  • strategic issues identification and management
  • stakeholder engagement and communications (including Board and ministerial liaison, if applicable)
  • resource and capability demand (including urgent logistics or finance requirements, and human resources considerations during response effort).

Include details of the SEMT responsible for managing responses to cyber security incidents. The composition and roles of the SEMT may vary depending on the cyber security incident impact and size and structure of an organisation, as some roles may not be relevant or multiple roles may be held by the same individual.

Include a diagram picturing the relationship between the key personnel and teams involved in cyber security incident response. For example, the below diagram is taken from the Queensland Government Incident Management Guideline .

business gov au planning templates

Communications

Include the process for managing internal and external communications. Be prepared to:

  • support the CSIRT and SEMT communications requirements
  • How will the customer helpdesk manage enquiries and be supported?
  • How will the IT helpdesk (or equivalent) manage enquiries and be supported?
  • What communication channels are available to affected customers (e.g. telephone hotline, information on the website or social media)?
  • Who has the primary responsibility for authorising and speaking on behalf of the organisation? How will this person be supported?
  • Who has responsibility for producing and approving information for release to the public and media?
  • monitor news media, social media and other forms of media and use it to support communications.

Include details for backup communication channels to communicate with stakeholders and customers.

Internal communications

Include the process and expected timeframes to communicate relevant cyber security incident information to personnel (for example, system users, customer service teams, senior executives and the Board).

In internal messaging, consider how to inform personnel about the cyber security incident and support business continuity. Consider providing:

  • a brief summary of the cyber security incident and business impact
  • actions currently being undertaken to resolve the cyber security incident
  • actions personnel can take to assist
  • business continuity options for personnel who are affected by the cyber security incident
  • messaging for external stakeholders
  • key points of contact for enquiries
  • expected timeframes for further updates.

External communications

Include the process and timeframes to communicate relevant cyber security incident information to external stakeholders and customers.

Depending on the impact and severity of the cyber security incident, it may be necessary to communicate with:

  • stakeholders required to support with cyber security incident response activities such as government bodies, third party cyber security incident response, law enforcement, insurance providers and/or sector organisations
  • the media and customers seeking information about the cyber security incident, such as the general public, government bodies, clients, shareholders, suppliers and/or sector organisations.

In external messaging, consider how to inform external stakeholders and customers about the cyber security incident based upon their role or interest. Consider:

  • systems, services or networks affected
  • steps being taken to resolve the cyber security incident
  • who is supporting cyber security incident remediation activities
  • any options or actions for stakeholders affected by the cyber security incident to take

Consider supporting requests for information from interested sector and government bodies following the cyber security incident for the purpose of information sharing and learning from the experience.

Supporting procedures and playbooks

Supporting procedures.

Include a list of SOPs developed to support cyber security incident response, and their physical and electronic locations. Examples of SOPs are:

  • event detection, triage and analysis
  • post cyber security event/incident detection or notification
  • cyber security incident detection, investigation and analysis
  • cyber security incident containment, remediation and recovery
  • Communications Plan (internal and external)
  • Emergency Management Plan
  • Crisis Management Plan
  • Business Continuity Plan
  • Disaster Recovery Plan.

Supporting playbooks

Playbooks are documents that are intended to contain easy to follow instructions to assist in ensuring all appropriate steps are taken when responding to specific types of cyber security incidents. Include a list of playbooks and their physical and electronic locations. Example cyber security incidents that may have a playbook are:

  • Cyber Security Incident Response Playbook – Phishing
  • Cyber Security Incident Response Playbook – Data Breach/Theft
  • Cyber Security Incident Response Playbook – Malware
  • Cyber Security Incident Response Playbook – Ransomware
  • Cyber Security Incident Response Playbook – Denial of Service.

Sector, jurisdictional and national cyber security incident response arrangements

Include information about the relevant sector, state and/or territory and national arrangements for cyber security incident related activities, including, but not limited to, notification, reporting and/or seeking additional support.

The CSIRP could include a process chart of when to report cyber security incidents to relevant government bodies and/or seek assistance.

Sector arrangements

Include information about the relevant sector arrangements and the process for implementing these arrangements.

Jurisdictional arrangements

Each state/territory jurisdiction has its own cyber security incident response arrangements. Organisations should contact the relevant government body in their jurisdiction to understand the arrangements that apply.

Include information about the process for reporting to and/or seeking assistance from state/territory law enforcement.

National arrangements

Include information about the process for reporting to and/or seeking assistance from Federal Government bodies. For example, Australia’s Cyber Incident Management Arrangements outline the inter-jurisdictional coordination arrangements and principles when responding to national cyber security incidents.

Examples of potential national cyber security incidents include:

  • an organisation with links across multiple jurisdictions being compromised through a cyber security incident
  • malicious cyber activity affecting critical national infrastructure where the consequences have the potential to cause sustained disruption of essential services or threaten national security
  • malicious cyber activity where the cause and potential extent of its geographic impact is uncertain
  • a large-scale breach of sensitive data affecting persons or organisations in multiple jurisdictions.

ASD leads the Australian Government’s response to cyber security incidents. For information on how to report cyber security incidents to ASD, and to seek advice and assistance, visit ASD’s reporting website .

Appendix C lists some of the common triage questions ASD will use to assess the severity of a reported cyber security incident.

Cyber security incident notification and reporting

Include internal and external processes for cyber security incident notification and reporting. Consider sector, state/territory and national cyber security incident notification and reporting obligations.

Include details about who is responsible for cyber security incident notification and reporting to external entities.

Legal and regulatory requirements

Include details about any legal and regulatory obligations, such as contractual and legislative reporting requirements. Work with any compliance and legal personnel to ensure the CSIRP covers all relevant requirements, noting that different cyber security incidents may require different or multiple legal and regulatory responses.

The CSIRP could include a process chart of when to report cyber security incidents to relevant government bodies, regulators and other external parties.

Include relevant details about any insurance policies for cyber security incidents.

Detection, investigation, analysis and activation

Include the decision making framework for activating the CSIRP.

Detecting cyber security incidents

Cyber security incidents could be detected in several ways, including, but not limited to:

  • self-detected (e.g. via Intrusion Detection and Prevention Systems)
  • notifications received from service providers or vendors
  • notifications received from trusted third parties, such as ASD.

Cyber security incident classification

Include the framework and decision making process for classifying a cyber security incident. This can assist with prioritising resources. Classification factors could include:

  • effects of the cyber security incident (confidentiality, integrity and availability of systems and their resources)
  • stakeholders affected (internal and external)
  • cyber security incident type
  • impact on the business and community.

For information about the ASD Cyber Security Incident Categorisation Matrix see Appendix K .

Cyber Security Incident Response Team activation

Include the decision making framework for activating the CSIRT. This could align with the cyber security incident classification framework. Note, some smaller cyber security incidents may be manageable without activation of the CSIRT.

Logistics and communications

Include core logistical and communications protocols and mechanisms used to support cyber security incident response. For example:

  • operations room/security operations centre (SOC) location and setup
  • equipment required for offsite cyber security incident response
  • communications technologies such as phone/teleconference/online dial-in details and out-of-band communications (e.g. Slack or other similar applications).

Investigation questions

To guide cyber security incident response efforts, and understanding of the scope and impact of the cyber security incident, develop a list of investigation questions. Note, not all questions may be answerable with the data available and questions may change as investigations progress.

Possible investigation questions include:

  • What was the initial intrusion vector?
  • What post-exploitation activity occurred? Have accounts been compromised? What level of privilege was involved?
  • Does the malicious actor have persistence on systems, services or networks?
  • Is lateral movement suspected or known? Where has the malicious actor laterally moved to and how?
  • How is the malicious actor maintaining command and control?
  • Has data been accessed or exfiltrated and, if so, what kind of data?

Escalation and de-escalation

Include the escalation and de-escalation triggers and/or thresholds and decision making authorities.

Containment, evidence collection and remediation

Containment.

Containment actions are implemented in order to minimise damage, prevent the cyber security incident from spreading or escalating, and prevent malicious actors from destroying evidence.

When planning containment actions, consider:

  • any additional impacts there could be to systems, services or networks
  • time and resources required to contain the cyber security incident
  • effectiveness of the containment solution (e.g. partial vs full containment)
  • duration that the containment solution will remain in place (e.g. temporary vs permanent solution).

Documentation

Include processes and procedures for documenting the cyber security incident, including responsible personnel and timeframes. Refer to Appendix D for a Situation Report Template and Appendix E for a Cyber Security Incident Log Template.

Situation Reports may contain the following information:

  • cyber security incident date and time
  • status of the cyber security incident
  • cyber security incident type and classification
  • cyber security incident scope and impact
  • cyber security incident severity
  • external assistance required
  • actions taken to resolve the cyber security incident
  • contact details for key CSIRT personnel
  • date and time of the next update.

Evidence collection and preservation

Include processes and procedures for collecting, preserving, handling and storing evidence, including responsible personnel and timeframes. As this can be complex, if necessary, seek advice from digital forensic professionals, legal advisors or law enforcement.

When gathering evidence, maintain a detailed log that clearly documents how all evidence has been collected. This should include who collected or handled the evidence, the time and date (including time zone) evidence was collected and handled, and the details of each item collected (including the physical location, serial number, model number, hostname, media access control [MAC] address, Internet Protocol [IP] address and hash values). See Appendix F for a template.

Examples of commonly collected evidence include:

  • hard drive/host images
  • network packet captures and flows
  • IP addresses
  • network diagrams
  • configuration files
  • investigation notes
  • screenshots
  • social media posts
  • close-circuit television, video and audio recordings.

Remediation Action Plan

Include processes and procedures for developing and implementing a Remediation Action Plan to resolve the cyber security incident following successful containment and evidence collection. See Appendix G for a template.

When developing the Remediation Action Plan, consider:

  • What actions are required to resolve the cyber security incident?
  • Are there additional external resources required?
  • Who is responsible for remediation actions?
  • What systems, services or networks should be prioritised?
  • How will these systems, services or networks be affected?
  • What is the expected resolution time?

Include processes and procedures for developing, authorising and executing an agreed Recovery Plan.

The Recovery Plan should detail the approach to recovering IT and/or operational technology (OT) systems, services and networks once containment and remediation is complete.

When developing the Recovery Plan, consider:

  • How will systems, services and networks be restored to normal operation and in what timeframe?
  • How will systems, services and networks be monitored to ensure they are no longer compromised and are functioning as expected?
  • How will identified vulnerabilities be managed to prevent similar cyber security incidents from occurring in the future?

Include decision making processes and procedures for standing down the CSIRT and SEMT.

Include the processes and procedures for completing a Cyber Security Incident Report, including responsible personnel and timeframes. Consider creating a Cyber Security Incident Report Template as an appendix to the CSIRP.

Learn and improve

Include an approach to capture lessons learn from the cyber security incident.

Post cyber security incident review

A post cyber security incident review is a detailed review conducted after an organisation has experienced a cyber security incident. It can include a hot debrief which is held immediately after an organisation has recovered its systems, services or networks from a cyber security incident and/or a formal debrief held after the Cyber Security Incident Report has been completed, such as within two weeks.

Key questions to consider during a post cyber security incident review include:

  • What were the root causes of the cyber security incident?
  • Could the cyber security incident have been prevented? How?
  • What worked well in the response to the cyber security incident?
  • How could our response be improved for future cyber security incidents?

Refer to Appendix H for more detailed questions to consider in post cyber security incident reviews.

Recommendations that arise from the review can be documented in a corresponding Action Register. Refer to Appendix I for an Action Register Template.

PPOSTTE model

The PPOSTTE model can assist in reflecting on key elements of the cyber security incident response:

  • People: Roles, responsibilities, accountabilities, skills.
  • Process: Plans, policies, procedures, protocols, processes, templates, arrangements.
  • Organisation: Structures, culture, jurisdictional arrangements.
  • Support: Infrastructure, facilities, maintenance.
  • Technology: Equipment, systems, standards, security, inter-operability.
  • Training: Qualifications/skill levels, identification of required courses.
  • Exercise management: Exercise development, structure, management, conduct.

Update and test Cyber Security Incident Response Plan

The post cyber security incident review may result in changes to the CSIRP, playbooks and templates. Changes should be communicated to the relevant personnel.

Significant changes may require the CSIRP, playbooks and templates to be tested. Regular testing is important to ensure these documents remain current and are familiar to relevant personnel. Testing methods could include tabletop exercises or functional exercises.

Include training activities, and associated support, required for personnel to effectively undertake their roles when responding to a cyber security incident.

The post cyber security incident review may identify additional specialised training for personnel involved in cyber security incident response or general cyber security awareness training for all personnel.

Appendix A – Terminology and definitions

Use of consistent and pre-defined terminology to describe cyber security incidents and their effects can be helpful as part of cyber security incident response planning.

Cyber threat

A cyber threat is any circumstance or event with the potential to harm systems or data.

Examples of cyber threats include (but are not limited to):

  • business email compromise
  • cyber supply chain compromise
  • exploitation of vulnerabilities
  • phishing emails and scams
  • ransomware.

Cyber security alert

A cyber security alert is a notification generated in response to a deviation from normal behaviour. Cyber security alerts are used to highlight cyber security events.

Cyber security event

A cyber security event is an occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.

Examples of cyber security events include (but are not limited to):

  • a user has disabled the antivirus on their computer
  • a user has deleted or modified system files
  • a user restarted a server
  • unauthorised access to a server or computer.

Cyber security incident

An unwanted or unexpected cyber security event, or a series of such events, that has either compromised business operations or has a significant probability of compromising business operations.

Examples of cyber security incidents include (but are not limited to):

  • denial-of-service attacks
  • unauthorised access or attempts to access a system
  • compromise of sensitive data
  • virus or malware outbreak (including ransomware).

Appendix B – Cyber Security Incident Response Readiness Checklist

This checklist is provided to aid the initial assessment of an organisation’s readiness to respond to a cyber security incident. This checklist is not an exhaustive list of all readiness activities.

Appendix C – ASD cyber security incident triage questions

Where applicable, personnel reporting cyber security incidents to ASD on behalf of their organisation should try to have information available to answer the following questions:

  • Who is reporting the cyber security incident? (e.g. CISO, SOC Manager)
  • Who/what is the affected organisation/entity?
  • What type of cyber security incident is being reported? (e.g. ransomware, denial of service, data breach, malware)
  • Is the cyber security incident still active?
  • When was the cyber security incident first identified?
  • If ASD assistance is required, what assistance is required?
  • What type of system, service or network has been affected?
  • effect/event
  • Who or what identified the problem?
  • What type of data was exposed?
  • What volume of data was exposed?
  • What impact will this have on your organisation?
  • What impact (if any) will the data breach have on public safety or services?
  • Was it a misconfiguration/error, or was a malicious exfiltration or theft of data identified?
  • If applicable under the Notifiable Data Breaches scheme , has it been reported to the OAIC?
  • Are internal or external cyber security incident response providers involved?
  • Are business as usual operations interrupted? If so, how long before operations will be back to normal?
  • If so, please notify ASD beforehand if you will be referencing ASD.

Appendix D – Situation Report Template

Appendix e – cyber security incident log template, appendix f – evidence register template, appendix g – remediation action plan template, appendix h – post cyber security incident reviews.

A post cyber security incident review is a detailed review conducted after an organisation has experienced a cyber security incident. The content of the review will vary for each organisation, but primarily focuses on establishing learnings and providing recommended actions to mitigate future cyber security incidents. The purpose of this guide is to provide organisations that have experienced a cyber security incident with tools and techniques to conduct a post cyber security incident review.

How to use this guide

This guide contains high level steps recommended for organisations to follow after experiencing a cyber security incident. The guide should be used as a resource, and will need to be further tailored by organisations to suit their individual requirements. The templates provided are generic and will need to be tailored to suit specific organisational requirements.

Post cyber security incident review steps

Step 1 – hold cyber security incident debriefs.

Post cyber security incident debriefs are useful for capturing observations from personnel directly involved in managing a cyber security incident and identifying actions to improve how their organisation managed its response, as well as how the cyber security incident could have been prevented. There are two types of debriefs organisations may hold after experiencing a cyber security incident: a hot debrief and a formal debrief (also known as a cold debrief).

A hot debrief is held immediately after an organisation has recovered its systems, services or networks from a cyber security incident. The benefits of holding a hot debrief include:

  • the team involved in responding to the cyber security incident can provide instant feedback and lessons learned
  • any urgent issues identified during the cyber security incident can be addressed immediately
  • personnel involved in the cyber security incident are more likely to recall information and detail as it is still fresh in their minds.

A formal debrief is held days to weeks after an organisation has recovered its systems, services or networks from a cyber security incident. The benefits of holding a formal debrief include:

  • it provides an opportunity to discuss the cyber security incident in detail after it is resolved to gather key insights, learnings and opportunities for improvement
  • it provides time between the cyber security incident and debrief allowing emotions to settle, particularly for stressful cyber security incidents
  • it ensures all key personnel required for discussions are present, especially senior management who will need to drive the implementation of actions.

Hot debrief guidance

30 minutes – 1 hour.

The aim of the hot debrief is to review the cyber security incident, receive feedback on personnel observations and insights, and identify any urgent issues requiring immediate action.

Participants

The hot debrief should be led by a facilitator (such as a manager who was involved during the cyber security incident) and supported by a scribe whose role is to document attendance, key insights and immediate actions. It is recommended that hot debrief participants include all personnel involved during the detection, response and recovery phases of the cyber security incident, with upper management excluded (e.g. Chief Executive Officers and General Managers). This will ensure personnel involved in the cyber security incident can speak openly without fear of repercussion.

The facilitator could guide discussion using the following questions:

  • What went well?
  • What could we do differently next time to improve?
  • What action has been taken to remediate immediate risk?
  • Are there any further issues that require immediate resolution?

Note, it is essential for the facilitator to remain objective during the discussion, and treat the cyber security incident as a learning point for all involved, without attributing blame to an individual or team.

At the end of the hot debrief, the facilitator should provide a summary of the discussions to participants who can confirm whether the key issues and actions were captured. The facilitator should explain the next steps and the expected timeframes for these.

Formal debrief guidance

The aim of the formal debrief is to review the cyber security incident, validate what worked, and produce actions and assigned responsibilities to improve current arrangements.

The formal debrief should be led by a facilitator who asks key questions, supported by a scribe to document attendance, key insights and actions.

It is recommended that formal debrief participants include:

  • technical personnel who were involved in detecting, responding to and resolving the cyber security incident
  • non-technical personnel who were involved during the cyber security incident
  • communications/media personnel involved in the cyber security incident.

Questions to consider in the formal debrief can be found in the Post Cyber Security Incident Review Analysis Template. The facilitator can use this guidance to lead the conversation with the participants while the scribe documents the discussion directly into the template. The scribe can also use the Action Register Template to document any actions resulting from the discussion.

At the end of the debrief, a decision should be made about whether additional discussions are required, or if finalisation of the cyber security incident documentation can be completed. If email correspondence is selected to disseminate the documentation, an action officer will need to be identified for completing them and circulating them to staff for endorsement.

Step 2 – Complete cyber security incident documentation

Based on the findings of the debriefs, the action officer should complete a draft of the Post Cyber Security Incident Review Analysis and the Action Register and circulate them to the personnel involved in the debrief for their feedback and endorsement. Note, it is important that the Action Register details an assigned lead (action officer) for closing out each action.

Once feedback is received and incorporated, documentation should be sent to an executive staff member (e.g. a Chief Executive Officer or General Manager) for endorsement. The executive staff member may advise their expectations on the frequency of progress reporting of agreed actions and nominate a person to lead tracking and reporting.

Step 3 – Cyber security incident tracking and reporting

The identified actions should be tracked and reported at agreed frequencies.

Post Cyber Security Incident Review Analysis Template

Cyber security incident analysis.

Cyber security incident analysis is broken into the following categories:

  • Timeline: Summary of what happened and when. Provides high level areas for improvement.
  • Protection: Identifies the control mechanisms that were in place at the time of the cyber security incident and their effectiveness. Establishes how to improve the protection of systems, services and networks.
  • Detection: Establishes how to reduce the time to identify a cyber security incident. Addresses what detection mechanisms were in place and how those mechanisms could be improved.
  • Response: Identifies improvements for the cyber security incident response.
  • Recovery: Addresses improvements for cyber security incident recovery.

Appendix I – Action Register Template

Appendix j – role cards.

Example of a role card:

business gov au planning templates

Appendix K – ASD Cyber Security Incident Categorisation Matrix

ASD categorises cyber security incidents by severity using a matrix that considers the:

  • cyber effect (i.e. the impact, success, sustained and/or intent)
  • significance (i.e. sensitivity of the organisation).

business gov au planning templates

The severity of the cyber security incident informs the type and nature of cyber security incident response and crisis management arrangements that are activated. Depending on the severity of the cyber security incident, ASD has a suite of capabilities that it may deploy to support the affected parties. However, ASD determines which capabilities are appropriate and available given competing priorities. Organisations must not rely on ASD for their ability to respond to cyber security incidents in an appropriate and timely manner.

Thanks for your feedback!

  • International edition
  • Australia edition
  • Europe edition

Prime minister Anthony Albanese

Albanese reveals plan for interventionist green industry policy similar to Biden’s Inflation Reduction Act

Prime minister says government needs to be ‘more strategic and more sophisticated’ to compete globally

  • Follow our Australia news live blog for latest updates
  • Get our morning and afternoon news emails , free app or daily news podcast

Anthony Albanese is signalling a dramatic shift to unapologetically and directly supporting Australian industry and innovation, saying the country needs “sharper elbows when it comes to marking out our national interest” and competing with the rest of the world.

In a speech to be delivered to the Queensland Press Club on Thursday, the prime minister will effectively launch his bid for re-election with a plan for a green interventionist industry policy, promising direct government support to speed up the energy transition, provide certainty for business and stem the flow of money and ideas to countries offering investment incentives.

His speech contains a message to those who may see the move as a new form of protectionism for certain sectors and projects.

“We need to be clear-eyed about the economic realities of this decade, recognising that the game has changed and the role of government needs to evolve,” Albanese says in an advance copy of the speech, seen by Guardian Australia.

“Government needs to be more strategic, more sophisticated and a more constructive contributor. We need sharper elbows when it comes to marking out our national interest.”

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Albanese will emphasise the link between economic security and national security and will say attracting investment has “never been a polite and gentle process where every nation gets a turn”.

Borrowing and bending a phrase his predecessor, Scott Morrison, employed to defend the Coalition government’s slow acquisition of vaccines during the Covid-19 pandemic, Albanese will say of shaping the future economy: “It’s always a contest – a race.”

“Australia can’t afford to sit on the sidelines,” he will say. “Being in the race does not guarantee our success but sitting it out guarantees failure … Australia is in a race, no matter what. Our government wants Australia to be in it to win it.”

The prime minister will argue that Australia needs to be “willing to break with old orthodoxies and pull new levers” to advance that national interest.

He will foreshadow new legislation – to be titled the future made in Australia act – that he says will serve as the framework for the changed approach, with details to come in next month’s federal budget. He will describe this as coordinating a package of new and existing initiatives to “boost investment, create jobs and seize the opportunity” of an Australian-made future.

Albanese does not spell out what those incentives will involve, although possibilities may include concessions, grants, or underwriting of projects.

But he will emphasise that it will underpin the work of the new Net Zero Authority, which aims to facilitate investment in renewable, sustainable energy projects and help retrain workers in fossil fuel industries and guide them into new jobs.

Albanese will cite the US Inflation Reduction Act, which contains half a trillion dollars in green energy incentives, and the Chips Act, which subsidises research and production of semiconductor technology, as key reasons why Australia can no longer continue a level-playing-field approach to industry development and energy transition.

He will cite similar interventionist measures in Europe, Japan, Korea and Canada designed to boost their respective domestic industries.

after newsletter promotion

“This is not old-fashioned protectionism or isolationism, it is the new competition,” Albanese will say. “These nations are not withdrawing from global trade or walking away from world markets or the rules-based order – and let me be clear, nor should Australia.”

Albanese will insist that Australia will continue to champion global markets and free trade and forge both bilateral and multilateral agreements, but that countries with which it seeks to partner are “moving to the beat of a new economic reality”.

His government will not necessarily replicate these other approaches, he will say. “But we must recognise there is a new and widespread willingness to make economic interventions on the basis of national interest and national sovereignty.”

He will say Australia can no longer be “running on the fumes of past economic reforms”, nor government be merely “an observer or a spectator”.

“We cannot afford another decade where government is a drag on business investment and productivity instead of a driver of it.”

The prime minister will say the new approach will shift the emphasis away from minimising risk towards maximising reward. It will seek to exploit Australia’s advantages and build sovereign capability – an issue that emerged during the pandemic – in a longer-term way, rather than just as a patch-up in a crisis.

“We’re building an economy with more good jobs for fair wages – that’s what I mean by a future made in Australia,” he will say, with an election-style pitch about a “stronger, fairer and more prosperous future”.

“One where we compete for and win the great prize of new prosperity – and win our way, by staying true to the values that make this the greatest country on earth.”

  • Australian economy
  • Energy (Australia news)
  • Anthony Albanese
  • Australian politics
  • Renewable energy
  • Energy (Environment)
  • Australian foreign policy

Most viewed

IMAGES

  1. Business

    business gov au planning templates

  2. Fillable Online Business Plan template

    business gov au planning templates

  3. Business Plan Guide

    business gov au planning templates

  4. Business Plan Template.docx

    business gov au planning templates

  5. Australian Government Business Plan Template

    business gov au planning templates

  6. Australian Government Business Plan Template

    business gov au planning templates

COMMENTS

  1. Planning

    Business planning can give your business direction. Use our tools and templates to help you.

  2. Business plan tool

    Select Download plan to download your plan as a DOCX file. Or select Email plan to email the file to yourself. When you have your plan, select Close tool to end your session. Or select Create new plan if you want to start over. If you can't complete it in one session. Select Get your plan to download your plan as a DOCX file so you don't lose ...

  3. Writing a business plan

    Download and write a full business plan. Download our free full business plan template and use the guidelines below to write a plan for your business. There are also other templates available that may better meet your needs—visit business.gov.au. You should customise your chosen template to suit your business and industry.

  4. Write a business plan

    For more information on business planning, visit business.vic.gov.au where you can access tools, workshops and resources to help you plan for your success. Create your one-page action plan. A one-page action plan is an overview of the current situation, where you want to be and what you need to do to get there. It's also a practical way to ...

  5. Tools & templates

    Financial statements template. Our financial statements template will help you do your own profit and loss (P&L) statement, balance sheet and cash flow statement. Simple and easy guides, templates and calculators to help you make decisions about your business, keep records and stay on top of your finances and staffing.

  6. Writing a business plan guide

    Whether your business is just starting out, you're looking to sustain or you're looking to grow, our guide to writing a business plan can help you clarify your goals, figure out your barriers and come up with a plan of action. Get more information on the benefits writing and maintaining a plan on our Write a business plan page. download (144.5 ...

  7. Business Planning Tool

    Resources - free tools such as business planning guides, cashflow templates and online calculators to help you plan and make good decisions for your business. ... Add [email protected] to your address book. ... All personal information collected as part of the Business Planning Tool will be collected, held, used, managed, shared ...

  8. Business planning

    Running a business. Business planning. Find out how to create a plan for your new or current business, including writing the plan and operational documents, and setting goals. Start your planning by: watching the writing a business plan video. downloading the business plan template. watching our small business planning webinar recording.

  9. Writing a business plan

    Most business plans will include: Executive summary - a short overview of your plan. It's usually written last. Business profile - a quick overview of your business. Includes what your business will do and where it will operate. Vision - describes what you want your business to look like in the future. The steps you take to bring this ...

  10. Templates, Tools and Guides

    smallbusiness.wa.gov.au. Turn to us for free small business advice in Western Australia. Phone: 133 140. Email: [email protected]. ... Download and use our free fillable business templates including business planning, marketing planning, website planning, continuity planning and more.

  11. Business Planning Tool

    About the Business Planning Tool. The Business Victoria Business Planning Tool is a free and easy-to-use resource to help Victorian business owners and operators to set goals, plan next steps, track progress and learn new skills. No matter your experience level or what stage your business is at, the tool can help guide you through complex tasks ...

  12. Business planning

    For more information on business planning, check out the Australian Government's comprehensive Business Planning Guide and Template. The advisors available through the Tasmanian Business Advice Service can also support you with business planning. To meet with an advisor, visit businessadvice.tas.gov.au.

  13. Business planning

    Business planning. Effective business planning can be the key to your success. A business plan can help you secure finance, prioritise your efforts and evaluate opportunities. It may initially seem like a lot of work; however a well prepared business plan can save you time and money in the long run.

  14. Write a business plan

    In general, a plan would usually include: an executive summary. description of your business. information about your business structure. market research. marketing and sales strategy. financial plan - such as your start-up costs and funding, expected cash flow and sales plan. staffing requirements, including how you will attract, select and ...

  15. Business plan template

    Business plan template. Having a well prepared business plan before starting your business can help you refine your idea, gain a deeper understanding of your market and have a clear direction for your business. Our guide to using the business plan template will help you when using this resource. Download file. 169KB.

  16. Business tools and templates

    Our business tools and templates are in a simple to understand format, that you can download and regularly update. Business tools and templates. Customisable, easy to use tools to meet a variety of business needs, including cash flow forecast, breakeven analysis and how to write a letter of demand.

  17. Templates

    smallbusiness.wa.gov.au. Turn to us for free small business advice in Western Australia. Phone: 133 140. Email: info@smallbusiness ... Templates. Download and use our free fillable business templates including business planning, marketing planning, website planning, continuity planning and more. Document Type Text Search. Back to templates ...

  18. 8 Business Plan Templates You Can Get for Free

    Out of all their templates, the standard business plan template is the most in-depth. The rest, while still useful, go a bit lighter on guidance in favor of tailoring the plan to a specific industry. Explore: PandaDoc's business plan template library . 5. Canva — Pitch with your plan

  19. Cyber Security Incident Response Plan

    The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) defines a cyber security incident as an unwanted or unexpected cyber security event, or a series of such events, that have a significant probability of compromising business operations. Australian organisations are frequently targeted by malicious cyber adversaries.

  20. PM's manufacturing plan risks creating business 'class' system

    Productivity Commission chair Danielle Wood said the government's push to subsidise Australian manufacturing risks creating a "class" of business that relies on government handouts.

  21. Albanese outlines public investment plan to compete with US Inflation

    Mr Biden's landmark Inflation Reduction Act includes hundreds of billions of dollars in tax breaks and subsidies over the next decade, aimed at boosting clean energy infrastructure and encouraging ...

  22. Cyber Security Incident Response Planning: Practitioner ...

    CSIRP Template developed by the Australian Energy Sector Readiness and Resilience Working Group in 2019, specifically with support from the Australian Energy Market Operator, Tasmanian Department of State Growth, the Victorian Government Department of Premier and Cabinet and ASD

  23. Albanese reveals plan for interventionist green industry policy similar

    In a speech to be delivered to the Queensland Press Club on Thursday, the prime minister will effectively launch his bid for re-election with a plan for a green interventionist industry policy ...