Australian Government - Attorney-General's Department

Protective
Security Policy
Framework

Achieving a Just and Secure Society

Skip breadcrumbHome » Personnel Security » Personnel Security Core Policy

Australian Government Personnel Security Core Policy

The personnel security core policy is a set of measures that manages the risk to people, information and assets when applied in conjunction with governance, information and physical security controls.
These measures include:

  • employment checking – including employment screening, agency specific checks and security vetting
  • ongoing suitability assessment and management – including agency employment conditions, security clearance maintenance and review, security training and education, and promotion of a protective security culture
  • separation activity – the agency's responsibilities in relation to departing personnel, including those who no longer require access to resources.

This personnel security core policy establishes mandatory requirements for personnel security which apply to:

  • all agencies with access to Australian Government resources, including security classified resources
  • personnel as defined in this policy
  • the Australian Government Security Vetting Agency (AGSVA) and authorised Commonwealth vetting agencies.

Personnel security

PERSEC 1

Agencies must ensure that their personnel who access Australian Government resources (people, information and assets):

  • are eligible to have access
  • have had their identity established
  • are suitable to have access
  • agree to comply with the Government's policies, standards, protocols and guidelines that safeguard the agency's resources from harm

PERSEC 2

Agencies must have policies and procedures to assess and manage the ongoing suitability for employment of their personnel.

PERSEC 3

Agencies must identify, record and review positions that require a security clearance and the level of clearance required.

PERSEC 4

Agencies must ensure their personnel with ongoing access to Australian Government security classified resources hold a security clearance at the appropriate level, sponsored by an Australian Government agency.

PERSEC 5

Before issuing an eligibility waiver (citizenship or checkable background) and prior to requesting an Australian Government security clearance an agency must:

  • justify an exceptional business requirement
  • conduct and document a risk assessment
  • define the period covered by the waiver (which cannot be open-ended)
  • gain agreement from the clearance applicant to meet the conditions of the waiver
  • consult with the vetting agency

PERSEC 6

Agencies, other than authorised vetting agencies, must use the Australian Government Security Vetting Agency (AGSVA) to conduct initial vetting and reviews.

PERSEC 7

Agencies must establish, implement and maintain security clearance policies and procedures for clearance maintenance in their agencies.

PERSEC 8

Agencies and vetting agencies must share information that may impact on an individual's ongoing suitability to hold an Australian Government security clearance.

PERSEC 9

Agencies must have separation policies and procedures for departing clearance holders, which includes a requirement to:

  • inform vetting agencies when a clearance holder leaves agency employment or contract engagement
  • advise vetting agencies of any security concerns

Employment Screening

PERSEC 1: Agencies must ensure that their personnel who access Australian Government resources (people, information and assets):

  • are eligible to have access
  • have had their identity established
  • are suitable to have access, and
  • agree to comply with the Government's policies, standards, protocols and guidelines that safeguard the agency's resources from harm.

This mandatory requirement applies to all agency personnel. Agencies may apply additional agency specific suitability requirements for personnel; however, at a minimum, agencies are to assess that personnel are of good character.

All agencies should undertake employment screening to Australian Standard AS 4811:2006 – Employment Screening.

Agencies need to confirm that the person is an Australian citizen or has a valid visa with work rights, by sighting the documents in support of citizenship or visa. For further information visit the Department of Immigration and Border Protection website.

Agency heads can waive citizenship requirements under the Australian Public Service requirements; however, agency heads cannot waive the requirement for an individual to have work rights.

Ongoing suitability for employment

PERSEC 2: Agencies must have policies and procedures to assess and manage the ongoing suitability for employment of their personnel.

Agency specific policies and processes allow an agency to shape the culture of its workforce by articulating the behaviours and expectations of personnel regarding their ongoing suitability to access Australian Government resources.

Effective employee management will assist in identifying and mitigating the risk posed by a trusted insider, who could use their position within the agency maliciously or cause harm including:

  • disclosing or altering information
  • use resources without authorisation
  • engaging in corruption, theft or fraud
  • committing sabotage
  • facilitating unauthorised third party access to agency resources, or
  • any other action that is not in the national interest.

Agency security clearance requirements

Identifying positions that require security clearances

PERSEC 3: Agencies must identify, record and review positions that require a security clearance and the level of clearance required.

PERSEC 4: Agencies must ensure their personnel with ongoing access to Australian Government security classified resources hold a security clearance at the appropriate level, sponsored by an Australian Government agency.

Agencies are to have in place controls that:

  • limit access to those with an appropriate business need
  • limit ongoing access to security classified resources to those who hold the appropriate level of security clearance, and
  • require a risk assessment be undertaken before allowing temporary access to security classified resources by personnel who do not hold a security clearance at the appropriate level.

Suitability requirements for personnel requiring security clearances will depend on the level of access required, and the sponsoring agency's needs and risks.

Back to top

Identifying other positions that require higher levels of assurance

Agencies may use security clearances (in addition to their agency specific controls) to provide greater assurance for positions with a business impact of 'High' or above where the agency risk assessment deems the security clearance process is to apply. Positions that have a business impact of high or above may include:

  • those whose occupants have access to aggregations of information or assets
  • positions, where the nature of the position requires greater assurance about a person's integrity; for example to support fraud mitigation or as an anti-corruption measure.
  • Vetting does not replace the requirement for agency-specific controls relevant to the agency's business needs.

Eligibility waivers (citizenship and checkable background)

To be eligible for a security clearance, an applicant is to:

  • have Australian Citizenship
  • have a checkable background
  • agree to comply with the Australian Government's policies, standards, protocols and guidelines that safeguard that agency's resources from harm.

PERSEC 5: Before issuing an eligibility waiver (citizenship or checkable background) and prior to requesting an Australian Government security clearance an agency must:

  • justify an exceptional business requirement
  • conduct and document a risk assessment
  • define the period covered by the waiver (which cannot be open-ended)
  • gain agreement from the clearance applicant to meet the conditions of the waiver, and
  • consult with the vetting agency.

Agency heads may, in exceptional circumstances and after conducting a risk assessment, waive the citizenship or checkable background requirements for the issue of a security clearance.

Clearances issued with citizenship or checkable background waivers are:

  • role specific
  • time-limited
  • subject to review
  • not portable.

Security clearance process

Authorised vetting agencies

PERSEC 6: Agencies, other than authorised vetting agencies, must use the Australian Government Security Vetting Agency (AGSVA) to conduct initial vetting and reviews.

AGSVA is responsible for the processing, assessing and granting of security clearances for the Commonwealth Government, while authorised vetting agencies are responsible for clearances to meet their own agency business needs only.

Only AGSVA and authorised vetting agencies can make vetting decisions.

All vetting decisions are to be based on an assessment of the whole person. Any doubt about the suitability of a clearance subject is to be resolved in favour of the National Interest.

Vetting agencies are to conduct scheduled reviews of clearance holders' suitability to continue to hold a clearance in accordance with the minimum revalidation requirements contained in the Personnel Security Protocol. Vetting agencies can also conduct unscheduled reviews in accordance with changing risk factors.

The Department of Foreign Affairs and Trade is responsible for vetting locally engaged staff in Australian missions overseas in accordance with the Prime Minister's Directive on Guidelines for Management of the Australian Government Presence Overseas. 'Diplomatic mission clearances' are recognised as clearances within the mission they are granted; they are not portable.

Back to top

Recognition of clearances

Vetting agencies are to recognise the security clearances granted by another vetting agency, unless:

  • the clearance has exceeded its revalidation period
  • the clearance was granted with an eligibility waiver, or
  • the vetting agency has grounds that the incoming clearance subject is no longer suitable to access Australian Government security classified resources at that clearance level.

Recognition of state and territory clearances

Vetting agencies will recognise clearances up to Negative Vetting 2 undertaken by Australian states and territories, if the clearance is undertaken for their own personnel and has been processed in accordance with the Australian Government personnel security protocol and supporting guidelines. State and territory clearances may be transferred between other state and territory agencies and the Commonwealth.

Agency security clearance maintenance

PERSEC 7: Agencies must establish, implement and maintain security clearance policies and procedures for clearance maintenance in their agencies.

Agencies are to provide support, security awareness and education as part of the agency's ongoing maintenance of clearance holders within the agency.

Clearance maintenance requires agencies to have in place arrangements for clearance holders to report changes of circumstances, suspicious, ongoing, unusual or persistent contact and any other significant incidents which may impact on the clearance holder's suitability to hold a clearance.

PERSEC 8: Agencies and vetting agencies must share information that may impact on an individual's ongoing suitability to hold an Australian Government security clearance.

Agencies and vetting agencies have a mutual responsibility to keep each other advised of any information that may affect a clearance holder's suitability or continuing need for the clearance holder to hold a security clearance. This includes advice on:

  • a change of employment to a position requiring a different level of clearance
  • transfer to another sponsoring agency
  • changes of personal circumstances
  • other events or incidents that may impact on the clearance holder's suitability to continue to hold a clearance.

Back to top

Separation activity

PERSEC 9: Agencies must have separation policies and procedures for departing clearance holders, which includes a requirement to:

  • inform vetting agencies when a clearance holder leaves agency employment or contract engagement, and
  • Advise vetting agencies of any security concerns.

Agencies are to advise vetting agencies when a clearance holder separates from the agency. At the same time, vetting agencies are to be advised of any relevant circumstances behind the clearance holder's separation, including any security concerns or code of conduct investigations, whether completed or not.

Agencies are to have separation policies and procedures for departing clearance holders including procedures for when a clearance holder departs suddenly and without notice. Agencies are to inform separating employees of any ongoing legislative or personnel security obligations as part of their separation processes. 

If separation is as a result of an incident or if an incident is uncovered during the separation process, other affected agencies should be advised of potential or actual compromise of Australian Government resources—for example, ASIO for national security matters. 

Additional personnel security policy and guidance

This core policy gives authority to the Australian Government personnel security protocol and supporting guidelines.

The Australian Government Sensitive Material Security Management Protocol (SMSMP) is a controlled document compiled under the auspices of the Inter-Agency Security Forum. It provides personnel security policy direction for Positive Vetting. The SMSMP supplements the PSPF protocols and guidelines. The SMSMP is only available to agency security advisers with a need to know.

Further guidance

For further guidance on specific controls to assist agencies with meeting the mandatory requirements and principles, refer to the Australian Government personnel security protocol.

For better practice advice on how to achieve controls, see the Australian Government personnel security guidelines:

Additional guidance is also available from:

Back to top

Featured Links

Other Links

Downloads