Australian Government - Attorney-General's Department

Security Policy

Achieving a Just and Secure Society

Skip breadcrumbHome » Overarching Guidance » Protective security principles

Protective security principles

The Attorney-General is responsible for setting the Government’s protective security policy. Each Australian Government Minister is responsible for the protective security of the departments, entities or bodies within his or her portfolio. Agency Heads are responsible to their Minister for creating and maintaining an entity operating environment that:

  • safeguards its people and clients from foreseeable risks
  • facilitates the appropriate sharing of official information in order for Government to effectively do business
  • limits the potential for compromise of the confidentiality, integrity and availability of its official information and assets, recognising risks to Government such as those associated with aggregation
  • protects official  assets from loss or misuse, and
  • supports the continued delivery of the entity's essential business in the face of disruptions caused by all types of hazards.

Agency Heads need to understand, prioritise and manage security risks to prevent harm to official resources and disruption to business objectives. Security is not just a cost of doing business, but enables an entity to manage risks that could adversely affect achieving its objectives. Entities can only achieve effective protective security if security is part of the entity’s culture, practices and operational plans. Therefore entities should build protective security into government processes rather than implementing it as an afterthought. Effective protective security and business continuity management underpin organisational resilience.

Agency Heads are to ensure that employees and contractors entrusted with their entity’s information and assets, or who enter their entity’s premises:​

  • are eligible to have access
  • have had their identity established
  • are suitable to have access, and
  • are willing to comply with the Government’s policies, standards, protocols and guidelines that safeguard that entity’s resources (people, information and assets) from harm.