Publications library

This policy describes how to establish effective security planning, embed security into risk management practices and use security planning risk management to assist decision-making.

This policy describes how an entity monitors and assesses the maturity of their security risk culture and their ability to actively respond to emerging threats and changes in their security environment, while protecting their people, information and assets.

Entities must undertake an annual assessment of the maturity of their security capability and how they are implementing the PSPF core and supporting requirements. This policy sets out how to report and what information entities must include.

This policy guides how to assess and manage security risks when procuring goods and services. It supports the Commonwealth Procurement Rules that govern how entities procure goods and services.

This policy details protections for sensitive and security classified information and assets under international sharing agreements and arrangements to which Australia is a party.

This policy details the pre-employment screening processes and standardised vetting practices entities must undertake when employing personnel and contractors.

This policy describes how to maintain ongoing confidence that personnel are suitable to access Australian Government resources. It also details how to manage the risk of malicious or unwitting insiders.

This policy details how to protect Australian Government people, information and assets when personnel permanently or temporarily leave their employment.