Skip to main content

The Administrative Arrangements Order of 3 August 2023 transferred responsibility for protective security policy, including the Protective Security Policy Framework, from the Attorney-General's Department to the Department of Home Affairs. These Machinery of Government (MOG) changes began on 4 August 2023.

The PSPF Reporting Portal will transfer to the Department of Home Affairs on 11 June 2024. Before 11 June 2024, all entities and users must set up new authentication credentials through VANguard. You can get more information by contacting the Government Protective Security Policy section at or the PSPF hotline on 02 5127 9999.

Policy 1: Role of accountable authority

  • Security governance
Publication date
Last updated


This policy outlines the role and responsibilities of an accountable authority. They are responsible for and have control over the entity’s operations.


The accountable authority has overall responsibility for the protective security of their entity’s people, information and assets. To achieve this they are responsible for implementing the PSPF core and supporting requirements and having effective protective security arrangements in place.

With support from their Chief Security Officer, the accountable authority has overall responsibility for security risk management including determining their entity’s tolerance to security risks and how to identify, assess and prioritise risks to people, information and assets. They must also consider how these decisions will impact other entities and whole-of-government security.

Some entities are identified as lead security entities. This means they are the lead entity in their portfolio, and/or that they provide government protective security advice, policy, technical standards or intelligence services or shared-services arrangements. Lead security entities have additional security obligations

When implementing the PSPF core and supporting requirements, entities must consider their security risk environment. To adapt to emerging circumstances that affect how an entity implements or maintains a core or supporting requirement, the accountable authority can apply the exceptional circumstances provision for a limited time.

Return to the Security governance page