DISP Suitability Assessment

This Assessment Template includes the DISP Suitability Requirements from Control 16.1 – Annex A of the DSPF.

The suitability requirements (Control 16.1 – Annex A) are divided into four categories of Security Governance, Personnel Security, Physical Security, and Information & Cyber Security, depending on the level of membership required (Entry Level, Level 1, Level 2 and Level 3).

At a high level the requirements include things like:

1. Establishing a system of risk oversight and management
2. Ensuring your nominated CSO and SO are able to meet relevant security clearance requirements
3. Completion of the Defence SO training by the CSO and SO
4. Completion of employment screening and an annual security awareness course by all relevant personnel
5. Management of personnel/facilities and information & cyber security at the relevant level
6. Maintaining and implementing security policies and plans including an insider threat program

Information and cyber security

For information and cyber security specifically, you will need to meet one of the following standards:

1. ASD Essential 8
2. ISO/IEC 27001 and its Annex A
3. US NIST SP 800-171
4. UK Def Stan 05-138

Ongoing suitability requirements

Ongoing suitability requirements include:

1. safeguarding Defence and industry people, information and assets
2. complying with the DSPF and in turn the ASD E8, ISM and PSPF where applicable
3. retaining a CSO and SO
4. reporting any changes that may affect DISP membership 
5. complying with audit and assurance activities
6. keeping a register of overseas travel and travel briefings
7. reporting security incidents and foreign contacts to Defence