Skip to main content

The Administrative Arrangements Order of 3 August 2023 transferred responsibility for protective security policy, including the Protective Security Policy Framework, to the Department of Home Affairs from the Attorney-General’s Department. These Machinery of Government (MOG) changes commenced on 4 August 2023.

Physical security

The policies under this outcome outline physical security, control, and building construction measures to safeguard government resources and minimise or remove security risk.

The 2 core requirements in these policies, and the accompanying supporting requirements, set out what entities must do to achieve the physical security outcome.


Each entity provides a safe and secure physical environment for their people, information and assets.

Core requirement

Each entity must implement physical security measures that minimise or remove the risk of:

  1. harm to people, and
  2. information and physical asset resources being made inoperable or inaccessible, or being accessed, used or removed without proper authorisation.

Key topics

  • Identifying resources
  • Identifying the physical security measures required to protect entity resources
  • Measures to protect entity information and assets
  • Measures for the protection of sensitive and classified discussions
  • Measures for the protection of ICT equipment
  • Protection of resources against loss of power supply
  • Disposal of physical assets
  • Working away from the office

Read Policy 15: Physical security for entity resources

Core requirement

Each entity must:

  1. ensure it fully integrates protective security in the process of planning, selecting, designing and modifying its facilities for the protection of people, information and physical assets
  2. in areas where sensitive or security classified information and assets are used, transmitted, stored or discussed, certify its facility’s physical security zones in accordance with the applicable ASIO Technical notes, and
  3. accredit its security zones.

Key topics

  • Planning
  • Site selection
  • Designing and modifying facilities
  • Security Zones
  • Security zone individual control elements
  • Security zone certification and accreditation
  • ICT facilities
  • SCEC-tested equipment and selecting commercial equipment guidelines

Read Policy 16: Entity facilities