Policy 1: Role of accountable authority
- Security governance
This policy outlines the role and responsibilities of an accountable authority. They are responsible for and have control over the entity’s operations.
The accountable authority has overall responsibility for the protective security of their entity’s people, information and assets. To achieve this they are responsible for implementing the PSPF core and supporting requirements and having effective protective security arrangements in place.
With support from their Chief Security Officer, the accountable authority has overall responsibility for security risk management including determining their entity’s tolerance to security risks and how to identify, assess and prioritise risks to people, information and assets. They must also consider how these decisions will impact other entities and whole-of-government security.
Some entities are identified as lead security entities. This means they are the lead entity in their portfolio, and/or that they provide government protective security advice, policy, technical standards or intelligence services or shared-services arrangements. Lead security entities have additional security obligations
When implementing the PSPF core and supporting requirements, entities must consider their security risk environment. To adapt to emerging circumstances that affect how an entity implements or maintains a core or supporting requirement, the accountable authority can apply the exceptional circumstances provision for a limited time.