Significant security incident reporting
The PSPF policy: Reporting on security requires entities to report significant or reportable security incidents to the relevant authority or affected entity. This includes reporting to the Attorney-General’s Department as significant security incidents arise.
The PSPF defines a significant security incident as a deliberate, negligent or reckless action that leads, or could lead, to the loss, damage, compromise, corruption or disclosure of official resources.
The Chief Security Officer is responsible for managing the entity's response to security-related crises, incidents and emergencies in accordance with the entity's security incident and investigation procedures, and establishing monitoring mechanisms across the entity (refer PSPF policy: Management structures and responsibilities – Investigating, responding to and reporting on security incidents). This includes determining when a security incident is considered significant and therefore reportable.