Skip breadcrumbHome » PSPF

Australian Government Protective Security Policy

Australia’s protective security policy is organised in a tiered, hierarchical structure – the Protective Security Policy Framework (PSPF). This framework has been developed to be read in its entirety following the structure as outlined in the diagram below. Documents are inter linked and should not be read in isolation.

Directive on the Security of Government Business

The Directive on the Security of Government Business  is the keystone of the protective security policy. It articulates the government’s requirements for protective security to be a business enabler that allows agencies to work together securely in an environment of trust and confidence.

DDiagrammatic representation of the Protective Security Policy Framework showing the four tiers:
-  Tier 1 - Directive on the security of Government business
-  Tier 2 - Governance arrangements/ core policies/ mandatory requirements
-  Tier 3 - Protocol/ standards and guidelines, and
-  Tier 4 - Agency-specific protective secuirty policies and procedures

Governance arrangements, core policies and mandatory requirements

The governance arrangements and core policies in the PSPF describe the higher level protective security outcomes and identify the mandatory requirements. All applicable agencies and bodies are to comply with the mandatory requirements. The core policies cover personnel security, information security and physical security.

Protocols, standards and guidelines

The protocols, standards and guidelines include:

  • protocols for the conduct of government-specific protective security activities to meet the mandatory requirements
  • better practice guidelines
  • references to other protective security and risk management documents, including applicable standards.

These documents standardise practices across government which facilitates information sharing, supports interagency business, and helps to meet international obligations. 

Agency specific policies and procedures

Agencies are to develop specific protective security policies and procedures that meet their business needs. These policies and procedures should complement and support other agency operational procedures.

Download the Protective Security Policy Framework: