The policies under this outcome outline physical security, control, and building construction measures to safeguard government resources and minimise or remove security risk.
The 2 core requirements in these policies, and the accompanying supporting requirements, set out what entities must do to achieve the physical security outcome.
Each entity provides a safe and secure physical environment for their people, information and assets.
Policy 15: Physical security for entity resources
Each entity must implement physical security measures that minimise or remove the risk of:
- harm to people, and
- information and physical asset resources being made inoperable or inaccessible, or being accessed, used or removed without proper authorisation.
- Identifying resources
- Identifying the physical security measures required to protect entity resources
- Measures to protect entity information and assets
- Measures for the protection of sensitive and classified discussions
- Measures for the protection of ICT equipment
- Protection of resources against loss of power supply
- Disposal of physical assets
- Working away from the office
Policy 16: Entity facilities
Each entity must:
- ensure it fully integrates protective security in the process of planning, selecting, designing and modifying its facilities for the protection of people, information and physical assets
- in areas where sensitive or security classified information and assets are used, transmitted, stored or discussed, certify its facility’s physical security zones in accordance with the applicable ASIO Technical notes, and
- accredit its security zones.
- Site selection
- Designing and modifying facilities
- Security Zones
- Security zone individual control elements
- Security zone certification and accreditation
- ICT facilities
- SCEC-tested equipment and selecting commercial equipment guidelines