The Protective Security Policy Framework (PSPF) is a set of guidelines from the Australian Government aimed at protecting sensitive information, assets, and resources across government agencies. It establishes a unified approach for all agencies, requiring them to adopt consistent security measures. Overseen by the Attorney-General's Department, with significant contributions from the Australian Government Security Vetting Agency (AGSVA), the PSPF supports a secure and risk-managed government environment.
Key Components of the PSPF
The PSPF is structured around four key security outcomes:
Security Governance
Governance serves as the foundation of the PSPF. Each agency must establish and maintain a secure operational culture by adopting policies and appointing a Chief Security Officer (CSO) to oversee compliance. Agencies perform regular risk assessments to manage vulnerabilities and enforce consistent security protocols.
Information Security
Information security aims to protect sensitive government information. Agencies must classify information based on sensitivity and apply controls, such as encryption and access management, to safeguard confidentiality and integrity. Information security policies and training programmes ensure employees understand their responsibilities in handling sensitive data.
Personnel Security
Personnel security ensures individuals with access to sensitive information are trustworthy. AGSVA conducts security vetting to assess the reliability of employees, providing clearances at various levels (Baseline, NV1, NV2, and PV) depending on access needs. Agencies manage ongoing personnel security, maintaining accurate records and monitoring any changes in employees' circumstances that might affect their suitability.
Physical Security
Physical security protects assets and personnel against unauthorised access and threats. Agencies apply measures such as access controls, surveillance, and secure storage, conducting regular assessments to address vulnerabilities.
Roles and Responsibilities
Key roles under the PSPF include the Chief Security Officer (CSO), who is responsible for developing security policies and ensuring agency compliance, and Security Advisors, who provide expert support. All employees play a role in adhering to security protocols and reporting incidents.
AGSVA's Role in Personnel Security
The AGSVA plays a central role in personnel security, conducting vetting processes that ensure only reliable individuals receive security clearances. This includes levels like Baseline, NV1, NV2, and Positive Vetting (PV). Through background checks and assessments, AGSVA helps agencies minimise insider threats and maintain a secure environment.
Case Studies
Successful PSPF implementations include:
Department of Defence: Strengthened information and physical security through a risk-based approach.
Australian Federal Police (AFP): Enhanced personnel security by closely managing security clearances with AGSVA.
Australian Taxation Office (ATO): Improved data protection by implementing strong access controls and security classifications.
Conclusion
The PSPF ensures Australia's government agencies operate securely and effectively. By focusing on governance, information, personnel, and physical security, it addresses multiple dimensions of risk. AGSVA's role in vetting reinforces the importance of trust and reliability in handling sensitive information, further supporting Australia's national security interests.