Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) If an entity undertakes, or causes to be undertaken, a vulnerability assessment under section 30CU, the entity must:
(a) do both of the following:
(i) prepare, or cause to be prepared, a vulnerability assessment report relating to the assessment;
(ii) give a copy of the report to the Secretary; and
(b) do so:
(i) within 30 days after the completion of the assessment; or
(ii) if the Secretary allows a longer period--within that longer period.
Civil penalty: 200 penalty units.
(2) If a designated officer undertakes a vulnerability assessment in accordance with a request given to the designated officer under section 30CW, the designated officer must:
(a) do both of the following:
(i) prepare a vulnerability assessment report relating to the assessment;
(ii) give a copy of the report to the Secretary; and
(b) do so:
(i) within 30 days after the completion of the assessment; or
(ii) if the Secretary allows a longer period--within that longer period.
(3) If an entity prepares, or causes to be prepared, a report under subsection (1), the report is not admissible in evidence against the entity in civil proceedings relating to a contravention of a civil penalty provision of this Act (other than subsection (1)).