Australian Government - Attorney-General's Department

Protective
Security Policy
Framework

Achieving a Just and Secure Society

Skip breadcrumbHome

The Protective Security Policy Framework (PSPF)

The PSPF has been developed to assist Australian Government entities to protect their people, information and assets, at home and overseas.

As a policy of the Australian Government, non-corporate Commonwealth entities are required to apply the PSPF as it relates to their risk environment. The PSPF represents better practice for corporate Commonwealth entities and Commonwealth companies. The PSPF is applied through a security risk management approach, with a focus on fostering a positive culture of security within the entity and across the Australian Government.

The PSPF provides policy, guidance and better practice advice for governance, personnel, physical and information security. ​


PSPF reforms

From 1 October 2018 the current PSPF and its 36 mandatory requirements will be replaced by a new principles-based policy architecture. It has a smaller number of simpler, more intuitive policy documents that clearly separate mandatory requirements and guidance material. These reforms are intended to better support the achievement of risk-based security outcomes and do not fundamentally change entities' responsibilities to protect their people, information and assets.

The reforms have been developed by the Attorney-General's Department in consultation with stakeholder entities. This was in response to the recommendations of the 2015 Independent Review of Whole-of-Government Internal Regulation.

In 2017, the Secretaries Board endorsed the Attorney-General's Department's proposed suite of PSPF reforms pending further work to finalise supporting policy and guidance. In June 2018, the Government Security Committee agreed the PSPF reform package for endorsement by the Attorney-General.

The Attorney-General endorsed the PSPF reform package in September 2018.

The 16 policy and guidance documents are available in Resources.

Entities will have an extended transition period for some reforms (eg reforms to reporting come into effect for the 2018-19 reporting period, and classification of information has an extended implementation period until October 2020).

The Attorney-General's Department is supporting implementation of the reforms for government entities with a series of forums, and a range of communication and training materials. Details are available on the Protective Security Policy GovDex Protective Security Policy Review page.

The protective security website will be updated to reflect the new PSPF from 2 October 2018.

For further queries, contact the PSPF Team via email at PSPF or by phone on +61 2 6141 3600.