Protective Security Policy Framework (PSPF)
The Protective Security Policy Framework (PSPF) applies to non-corporate Commonwealth entities subject to the Public Governance, Performance and Accountability Act 2013 (PGPA Act) to the extent consistent with the legislation.
The PSPF represents better practice for corporate Commonwealth entities and wholly-owned Commonwealth companies under the PGPA Act.
Non-government organisations that access security classified information may be required to enter into a deed or agreement to apply relevant parts of the PSPF for that information.
State and territory government agencies that hold or access Commonwealth security classified information apply the PSPF to that information consistent with arrangements agreed between the Commonwealth, states and territories.
The PSPF consists of:
PRINCIPLES: There are five (5) protective security principles in the PSPF.
1. Security is everyone’s responsibility. Developing and fostering a positive security culture is critical to security outcomes.
2. Security enables the business of government. It supports the efficient and effective delivery of services.
3. Security measures applied proportionately protect entities’ people, information and assets in line with their assessed risks.
4. Accountable authorities own the security risks of their entity and the entity’s impact on shared risks.
5. A cycle of action, evaluation and learning is evident in response to security incidents.
OUTCOMES: These outline the desired end-state results the government aims to achieve. Desired protective security outcomes relate to security governance, as well as information, personnel and physical security.
1. Governance: Each entity manages security risks and supports a positive security culture in an appropriately mature manner ensuring: clear lines of accountability, sound planning, investigation and response, assurance and review processes and proportionate reporting.
2. Information: Each entity maintains the confidentiality, integrity and availability of all official information.
3. Personnel: Each entity ensures its employees and contractors are suitable to access Australian Government resources and meet an appropriate standard of integrity and honesty.
4. Physical: Each entity provides a safe and secure physical environment for their people, information and assets.
CORE REQUIREMENTS: These articulate what entities must do to achieve the government's desired protective security outcomes. There are 16 core requirements in the PSPF.
GUIDANCE: Guidance material provides advice on how PSPF requirements can be delivered.
Getting StartedClick "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.
|Laws or related obligations