On 31st July 2012, the Australian Government introduced a new security framework, the Protective Security Policy Framework (PSPF), which superseded the Protective Security Manual (PSM).
The PSPF was intended to assist Australian Government entities to protect their people, information and assets, at home and overseas.
The PSPF provides policy, guidance and better practice advice for governance, personnel, physical and information security. Non-corporate Commonwealth entities are required to apply the PSPF as it relates to their risk environment. It is best practice to do this through a security risk management approach, with a focus on fostering a positive culture of security within the entity and across the Australian Government.
The Attorney-General’s Department, in consultation with stakeholder entities, reviewed the PSPF in 2016 in response to recommendations from the Independent Review of Whole-of-Government Internal Regulation (August 2015 Belcher Red Tape Review). In May 2017, the proposed suite of PSPF reforms was endorsed by the Secretaries Board.
Reforms to the PSPF will come into effect on 1st October 2018, instead of 1st July as previously advised. Entities will also have longer to transition for some reforms (e.g. reforms to classification of information have an extended implementation period until October 2020).
The reforms will introduce a new principles-based policy architecture, separating mandatory requirements and guidance material. This is intended to better support the achievement of risk-based security outcomes. The new policy framework will not fundamentally change entities’ responsibilities to protect their people, information and assets.
The new 1st October 2018 commencement of the reformed PSPF provides entities with more time to consider the implications of the reforms for their security risk environment, and assess any necessary changes to current entity practice and procedure. The Attorney-General’s Department will support implementation across affected entities with communication and training materials.
Since 2012, Agilient has been helping agencies to implement and assess their compliance with the PSPF. Contact Agilient Team today if you have any questions related to the new PSPF.