Australian Government - Attorney-General's Department

Protective
Security Policy
Framework

Achieving a Just and Secure Society

Skip breadcrumbHome » Governance » Contracting

Contracting

The Protective Security Policy Framework applies equally to the contracting process as it does to internal government operations.

GOV-12: Agencies must ensure the contracted service provider complies with the requirements of this policy and any protective security protocols.

Agencies are to:

  • apply necessary personnel security procedures to private sector organisations and individuals who have ongoing access to Australian Government assets, as specified in the Australian Government Personnel Security Protocol
  • ensure the safeguarding of government assets, including ICT systems by:
    • specifying the necessary protective security requirements in the terms and conditions of any contractual documentation
    • undertaking assessments visits to verify that the contracted service provider complies with the terms and conditions of any contractual documentation.

Security of outsourced services and functions guidelines

The Australian Government protective security governance guidelines—Security of outsourced services and functions identify better practice and provide advice to entities to assist them in developing security requirements in an entity’s outsourcing policies and contracts.

For further guidance refer to the Australian National Audit Office Better Practice Guide: Developing and Managing Contracts.