On October 1st, the new Protective Security Policy Framework (PSPF) was published by the Australian Government. The PSPF was developed by the government to provide a foundation for effective security policies within government entities, as well as guidance to support the implementation of such policies.
The PSPF aims to assist entities with protecting their people, information and assets. It applies to non-corporate Commonwealth entities subject to the Public Governance, Performance and Accountability Act 2013 (PGPA Act). It also represents better practice for corporate Commonwealth entities and Commonwealth-owned entities. Using a security risk management approach, the PSPF aims to encourage a positive culture of security within the government.
The PSPF consists of:
- Five principles that apply to every area of security. These are fundamental values that represent what is desirable for all entities – security principles that guide decision making.
- Four outcomes that outline the desired end-state results that the government aims to achieve. Desired protective security outcomes relate to security governance, as well as information, personnel and physical security.
- Sixteen core requirements that articulate what entities must do to achieve the government’s desired protective security outcomes.
- Most core requirements have several supporting requirements that are intended to facilitate a standardised approach to implementing security across government.
- Guidance that provides advice on how PSPF requirements can be delivered.
The Attorney-General also reissued the Directive on the Security of Government Business to reflect the new PSPF. This directive states the government’s requirements for the PSPF to support government business and secure business between entities, creating an environment of trust and confidence.
Non-government organisations that wish to engage in business with government entities where they must access classified information may also be required to adhere and align with relevant parts of the PSPF before access can be permitted.
Agilient are specialists in security frameworks and assisting organisations in achieving compliance in the public and private sectors. If you would like to know more about how you can align your government, or non-government organisation’s security policies with the new Protective Security Policy Framework, contact us for more information.
To read more about the Protective Security Policy Framework, click here.