Australian Government - Attorney-General's Department

Security Policy

Achieving a Just and Secure Society

Skip breadcrumbHome » Overarching Guidance

Australian Government Protective Security Policy

Australia's protective security policy is organised in a tiered, hierarchical structure—the Protective Security Policy Framework (PSPF). This framework has been developed to be read in its entirety following the structure as outlined in the diagram below. Documents are inter-linked and should not be read in isolation.

DDiagrammatic representation of the Protective Security Policy Framework showing the four tiers:
-  Tier 1—Directive on the security of Government business
-  Tier 2—Governance arrangements/ core policies/ mandatory requirements
-  Tier 3—Protocol/ standards and guidelines, and
-  Tier 4—Agency-specific protective secuirty policies and procedures

Governance arrangements, core policies and mandatory requirements

The governance arrangements and core policies in the PSPF describe the higher level protective security outcomes and identify the mandatory requirements. All applicable agencies and bodies are to comply with the mandatory requirements. The core policies cover personnel security, information security and physical security.

Protocols, standards and guidelines

The protocols, standards and guidelines include:

  • protocols for the conduct of government-specific protective security activities to meet the mandatory requirements
  • better practice guidelines
  • references to other protective security and risk management documents, including applicable standards.

These documents standardise practices across government which facilitates information sharing, supports interagency business, and helps to meet international obligations.

Entity specific policies and procedures

Entities are to develop specific protective security policies and procedures that meet their business needs. These policies and procedures should complement and support other entity operational procedures.

Further Guidance

The Protective Security Policy Securing Government business booklet assists to identify entity responsibilities to:​

  • manage the risks to their people, information and assets
  • provide assurance to the Government and the public that official resources and information provided to agencies are safeguarded
  • incorporate protective security into the culture of their agencies.

Protective Security Policy Framework Securing Government business—Version 1.10 amended July 2015 [PDF 400KB]
Protective Security Policy Framework Securing Government business —Version 1.10 amended July 2015 [DOC 149KB]