Defence Security Principles Framework
The Defence Security Principles Framework guides security risk across Defence. This approach:
- Allows Defence to manage security within the operational context and constraints. The best security decisions align with agreed principles and a desired outcome.
- Ensures the most appropriate people are setting security requirements. Experts in their field can establish security standards and requirements for Defence business.
- Sets clear processes and accountabilities, which underpin assurance of Defence protective security arrangements.
Defence Security Principles Framework (PDF, 15 MB)
Response timeframes
An applicant must responds to all Defence Industry Security Program (DISP) requests during the assessment process within 30 business days from the date of the request.
If DISP do not receive a response within 30 days, a follow up request will be made. If the applicant does not respond within a further 30 business days the DISP application will be cancelled and the applicant will be notified.
During the assessment process, DISP will contact an entity’s primary DISP@domain email address.
Appealing a membership decision
If a DISP membership application is denied, the entity who applied can appeal. When DISP denies the applicant information on possible appeals will be provided.
Sponsoring and managing security clearances
DISP members have the option to sponsor and manage their own security clearances. The access depends on the DISP member's security level and the classification of the information, systems, or facilities.
DISP members must certify that their Security Officer agrees to support their organisation’s security clearance holders to uphold their clearance responsibilities. These responsibilities include but are not limited to:
- monitoring and reporting on any changes in attitude or behaviour of the staff they sponsor
- submitting change of circumstances forms
- reporting security incidents
- reporting suspicious contacts
- overseas travel briefings
- revalidations and re-evaluations of security clearances
- regular maintenance of a Designated Security Assessed Positions Register.
Occasionally, a DISP member's security level may not be high enough to sponsor clearances for a Defence contract. The project's Security Officer will sponsor the security clearances in that case.
DISP members are not able to sponsor positive vetting clearances.
International security clearance recognition
If the country has a Security of Information Agreement or Arrangement with Defence, DISP members may be able to have their security clearances recognised by that country.
For more information email dsp.international@defence.gov.au.
ICT standard implementation costs
There are costs and timeframes for implementing your chosen ICT standard. These are dependent on:
- existing level of cyber maturity and what gaps need to be filled
- size of systems and networks
- complexity of systems and networks, i.e. accessing cloud services, external service providers, or third-party infrastructure
- number of employees.
There are also ongoing costs to keep up with cyber security requirements. Consider using an IT service provider to help maintain networks and systems.