Australian Government Protective Security Policy
Australia’s protective security policy is organised in a tiered, hierarchical structure – the Protective Security Policy Framework (PSPF). This framework has been developed to be read in its entirety following the structure as outlined in the diagram below. Documents are inter linked and should not be read in isolation.
Directive on the Security of Government Business
The Directive on the Security of Government Business is the keystone of the protective security policy. It articulates the government’s requirements for protective security to be a business enabler that allows agencies to work together securely in an environment of trust and confidence.
Governance arrangements, core policies and mandatory requirements
The governance arrangements and core policies in the PSPF describe the higher level protective security outcomes and identify the mandatory requirements. All applicable agencies and bodies are to comply with the mandatory requirements. The core policies cover personnel security, information security and physical security.
Protocols, standards and guidelines
The protocols, standards and guidelines include:
- protocols for the conduct of government-specific protective security activities to meet the mandatory requirements
- better practice guidelines
- references to other protective security and risk management documents, including applicable standards.
These documents standardise practices across government which facilitates information sharing, supports interagency business, and helps to meet international obligations.
Agency specific policies and procedures
Agencies are to develop specific protective security policies and procedures that meet their business needs. These policies and procedures should complement and support other agency operational procedures.
Download the Protective Security Policy Framework: