ASIS International ACT Chapter breakfast presentation has explained some of the changes coming to government security with the review of the Protective Security Policy Framework, set for release in July.
The Attorney-General’s Department in consultation with stakeholder entities reviewed the PSPF in 2016 in response to recommendations from the Independent Review of Whole-of-Government Internal Regulation. In May 2017, the proposed suite of PSPF reforms were endorsed by the Secretaries Board. Presenter at the ASIS breakfast was Robyn Devin, assistant director protective security, Integrity and Criminal Justice, Attorney-General’s Department.
The new PSPF commences on July 18, with some transition until Oct 2020. The changes were prompted by the Belcher Review into whole of government regulation, which found that the PSPF was inefficient, unclear, inaccessible, contributed to over regulation and a culture of risk aversion. Core requirements will be reduced in number from 36 to 16, supporting requirements will reduce from 2200 controls and 800 pages and 29 documents, to approximately 100 controls, 150 pages and 16 documents.
The PSPF provides policy, guidance and better practice advice for governance, personnel, physical and information security. The 36 mandatory requirements assist Agency Heads to identify their responsibilities to manage security risks to their people, information and assets.
Non-corporate Commonwealth entities are required to apply the PSPF as it relates to their risk environment. It is best practice to do this through a security risk management approach, with a focus on fostering a positive culture of security within the entity and across the Australian Government.