Australian Government - Attorney-General's Department

Protective
Security Policy
Framework

Achieving a Just and Secure Society

Skip breadcrumbHome » Physical Security » Protocol

Australian Government physical security management protocol

The Australian Government physical security management protocol details the standards required to comply with the physical security management core policy and meet the seven mandatory physical security requirements of the Protective Security Policy Framework (PSPF).

This protocol covers all facilities, people, information, functions and physical assets owned by the Australian Government, or those entrusted to the Australian Government by third parties, within Australia. Agencies are required to liaise with the Department of Foreign Affairs and Trade when determining physical security arrangements for all overseas missions.

The protocol is supported by the Australian Government physical security management guidelines which provide further advice on implementing physical security controls.

Physical security is a risk-based approach using a combination of physical and procedural measures designed to prevent or mitigate threats or attacks against people, information and physical assets. Physical controls are determined by the business impact level resulting from:

  • harm to individuals
  • compromise or loss of confidentiality or integrity, or unavailability of agency assets.

This risk based approach needs to be balanced by the need to provide assurance to government, the public and partner organisations.

The protocol and guidelines will inform the development of agency-specific physical security policy and procedures.

This protocol covers:

  • developing and promulgating agency physical security policies and procedures
  • undertaking agency physical security risk management and planning
  • determining required assurance levels
  • physical security treatments, including:
    • site planning
    • determining security zones
    • accreditation and certification requirements
    • access control measures
  • protection of people, including integration of physical security controls into emergency systems and procedures
  • physical security of information assets, singularly and in aggregation based on classification or business impact level, whichever is the higher
  • physical security of ICT facilities, systems and equipment
  • physical security in emergency and increased threat situations including integration with business continuity measures.

The protocol also provides a list of Australian and international standards which are useful in designing physical security systems or selecting appropriate physical security controls.