Becoming a member of the DISP program is a process that will help your company develop best practice security. To help progress your application in a timely manner we suggest following our key steps to apply.
Before submitting a DISP application your business must meet all eligibility criteria as outlined in the Eligibility & Suitability.
We highly recommend you familiarise yourself with Defence Industry Security Program policy Control 16.1 DISP of the Defence Security Principles Framework DSPF (PDF 331 KB).
The Australian Government Security Vetting Agency (AGSVA) manages security clearance processing for the Australian Government including Defence and defence industry. For information regarding the security clearance vetting process and eligibility, please refer to the AGSVA website.
Your DISP membership is based on a profile that you build to suit the requirements of your company and/or your work with Defence.
You are able to apply for different membership levels across the security categories for Personnel Security, Physical Security and Information and Cyber Security. Your Governance membership level will always equal the highest level applied for in the other three categories.
These security pillars provide the foundation to safe guard you, your company or business and the integrity of Defence’s information assets and people.
You only need one DISP membership regardless of the number of Defence contracts you’re engaged in.
What DISP membership levels do I need?
There are four DISP membership levels for each of the security categories. These levels of membership are aligned with the security classifications:
Entry Level = OFFICIAL/OFFICIAL: Sensitive
Level 1 = PROTECTED
Level 2 = SECRET
Level 3 = TOP SECRET
There are two ways to determine the membership levels you need to apply for:
- Make a determination based on your organisational need. You can select an appropriate level of membership in each of the security categories depending on the type of goods or services you wish to supply to Defence.
- If you are applying for DISP membership as a requirement of a current or upcoming Defence contract or project, your Defence contract/project manager will be able to advise the level of membership required for each security category.
The information below will help you to identify the membership levels you need for Personnel Security, Physical Security and Information & Cyber Security – you can have different membership levels for the different security categories.
The Governance membership level you apply for will always equal the highest level applied for in any of the other three security categories. For example, if you applied for Entry Level membership for Physical Security, Entry Level for Information & Cyber Security, but apply for Level 1 for Personnel Security, you would need to apply for Level 1 for Governance.
Security Governance provides assurance that you have appropriate practices across physical security, personnel security, and information and cyber security. It is about having clear lines of accountability and responsibility, and suitable plans, processes and people in place to make sure your business is secure.
WHAT DISP MEMBERSHIP LEVELS DO I NEED1
|
Security categories |
Personnel Security |
Physical Security |
Information & Cyber Security |
| Does your business require the ability to sponsor and manage security clearances? | Do you need to handle or store classified (PROTECTED or above) information physically on your company’s premises? | Do you need to handle or store classified (PROTECTED or above) information or assets digitally on your company’s ICT networks? | |
|
Entry Level |
No. Any security clearances required will be sponsored by Defence or another government agency |
No. My business only handles or stores OFFICIAL/OFFICIAL: Sensitive information or assets |
No. My business ICT networks only handle or store OFFICIAL/OFFICIAL: Sensitive information |
|
Level 1 |
Yes, at the BASELINE (PROTECTED)2 level |
Yes. My business requires at least one facility/room to be able to handle or store PROTECTED information or assets |
Yes. My business ICT networks require accreditation to handle or store PROTECTED information |
|
Level 2 |
Yes, up to and including NV1 (SECRET)2 level |
Yes. My business requires at least one facility/room to be able to handle or store SECRET information or assets |
Yes. My business ICT networks require accreditation to handle or store SECRET information |
|
Level 3 |
Yes, up to and including NV2 (TOP SECRET) 2,3,4 level |
Yes. My business requires at least one facility/room to be able to handle or store TOP SECRET information or assets5 |
Yes. My business ICT networks require accreditation to handle or store TOP SECRET information6 |
Please consider:
1 The higher the level you apply for the more rigorous and complex the application process becomes and the longer the assessment and approval process.
2 A DISP Security Officer must have a minimum NV1 clearance to sponsor clearances
3 A suitable business case is required to be able to sponsor and manage security clearances at this level
4 DISP members cannot sponsor PV security clearances. Defence SES Band 3 sponsorship is still required to obtain a PV security clearance
5A suitable business case is required to accredit a facility/room to this level
6A suitable business case is required to accredit a network to this level
Should you need further assistance in selecting your DISP membership levels please contact us at disp.info@defence.gov.au. Please also see our tip at the end of this page.
Once you have determined the levels of membership you require, you will then need to make an assessment against each security category to determine how closely your business currently meets the requirements.
Any security gaps identified will need to be addressed to ensure your application has the best chance of being approved.
For more information, please refer to the DISP Membership Requirements Checklist - (PDF 187 KB).
Applying for a DISP membership requires you to complete two forms:
- DISP Application form: this includes questions about your eligibility, business, and your governance, personnel, physical and information and cyber security requirements.
- DISP Foreign Ownership, Control and Influence Declaration form: this includes questions about foreign ownership control and influence of your business.
The forms must be completed by your assigned Security Officer (SO) and approved by the Chief Security Officer (CSO).
Defence recognises and respects your privacy. The collection, handling, use and disclosure of your personal information is undertaken in accordance with the Australian Privacy Principles set out in the Privacy Act 1988.
You will receive confirmation via email that your forms have been received. If you don’t receive confirmation within 48 hours of submission please contact us.
On receipt of your application, a processing officer will be assigned to assess your application in line with the eligibility and suitability criteria. As part of this process, you will be asked to participate in two assurance activities - an entry assessment to ensure your business meets the requirements of the DISP membership levels for which you applied, and a cyber assessment to assess the cyber maturity of your ICT system.
Included in this will be a check to ensure you have the required governance documents in place:
- Security Risk/Incidents Register
- Annual Security Awareness Course (including Insider threat training)
- Security Policies and Plans
- Designated Security Assessed Positions (DSAP) list or equivalent
- Employment Policy (AS-4811 required)
- Classified Document Register (if required)
- Cyber Security Questionnaire
- ICT Action Plan.
If during the assessment phase we identify any further requirements or gaps (for example, your Security Officer requires training), your processing officer will work with you to help identify and implement solutions.
Timeframes for processing DISP membership vary based on the required level of membership, current level of security maturity and requirements and dependencies on internal Defence resources.
Defence will process DISP applications in the following order, your business:
- Has, or is planning to tender for, a contract to support an ongoing Defence operational requirement.
- Has a current contract with Defence, is on a Defence panel or is planning to apply to be on a Defence panel.
- Is involved in the shipbuilding supply chain.
- Has no current contract, but is planning to tender for a Defence opportunity, or in negotiations for a Defence opportunity.
- Is applying for DISP membership with no existing relationship with Defence and no immediate tender opportunities, but wants to become Defence-ready.
Expected timeframes are as follows:
|
Membership level |
Member context |
Timeframes |
|
Entry Level |
Your business has all the required clearances and certifications |
2-3 months |
|
Level 1, 2 and 3 |
Your business has all the required clearances, certifications and accreditations |
4-6 months |
|
All levels |
Your business does not have all the required clearances, certifications and accreditations |
Depends on your business’ level of security maturity |
DISP processing is also dependent on internal Defence waiting times in the following areas (please note these timeframes are influenced by demand):
- Personnel security is dependent on AGSVA processing timeframes.
- Physical security may be dependent on the availability of Defence Security & Vetting Service (DS&VS) to conduct facilities inspections.
- ICT and cyber security are dependent on the accreditation of networks by Chief Officer Information Group (CIOG).
There is no direct cost associated with DISP membership (ie. no membership fee), however, there will be costs associated with implementing and maintaining security measures to meet both initial and ongoing DISP membership requirements. These might include, for example, facility certification and accreditation, personnel security clearances, physical security measures.
Businesses should consider these costs in relation to the level of DISP membership required prior to lodging an application.
We will contact you about your membership application once a decision has been made.
You can also contact us, however we do request that before following up an application status you refer to the expected timeframes identified above.
DISP Membership Requirements Checklist - (PDF 187 KB)
Control 16.1 DISP of the Defence Security Principles Framework (PDF 331 KB)
The Security Officer Toolkit on our resources page has a number of templates to support the application process.
