In today’s world, protective security is more important than ever before. As organisations become more global in scope and interconnected in terms of their operations, the need to defend against potential threats becomes more acute.
Unfortunately, the landscape of protective security is also becoming increasingly complex, making it difficult for organisations to keep up with the latest threats and vulnerabilities.
The Defence Industry Security Program (DISP) was introduced in response to this challenge, providing a new standard for risk mitigation, information safeguarding and monitoring for companies participating in the Australian defence supply chain.
DISP helps to ensure that companies have the necessary controls in place to protect critical information and assets, and provides a framework that aligns with the Commonwealth Protective Security Policy Framework (PSPF) for ongoing monitoring and an improved security operating environment.
If your Australian business works with the Australian Department of Defence, there’s a likelihood that you’ll need to become a member. So, this article aims to provide a comprehensive breakdown of PSP Framework, the DISP and how to apply to become a member.
What is the PSPF Framework?
The Protective Security Policy Framework (PSPF) is a set of policy and guidance documents that aim to protect Commonwealth people, information and assets from serious security threats. The PSPF sets out the Australian Government’s minimum-security requirements for organisations with access to certain sensitive information and assets.
The PSPF is mandatory for all Commonwealth entities, as well as contractors and consultants who have been engaged by a Commonwealth entity to provide services that involve access to sensitive information or assets.
The PSPF requires entities to take a risk-based approach to security, which means considering the type of threats they may face and taking steps to mitigate those risks. The PSPF also requires entities to have processes in place for managing security incidents and breaches.
The aim is to help guide the implementation of efficient protective policies across:
- security governance
- information security
- personnel security
- physical security.
These requirements help to ensure that Commonwealth organisations are better prepared to deal with security threats and protect the people, information and assets that they are responsible for.
You can access an overview of the PSPF here.
What is the Defence Industry Security Program (DISP)?
The Defence Industry Security Program (DISP) is a security vetting program managed by the Defence Industry Security Office (DISO). The program supports Australian businesses to understand and meet their security obligations when engaging with the Australian Department of Defence.
The purpose of the defence security principles framework is to help your business meet all the necessary security requirements when delivering contracts and tenders to the Department of Defence, while also helping you better mitigate security risks across your business.
Who can Apply for a DISP Membership?
Any Australian business looking to become part of the Defence industry supply chain can apply for a DISP membership. Depending on the sensitivity of the contract, the DISP membership may be mandatory for certain contracts.
The program has four membership levels, with each level requiring progressively higher security standards. These levels include:
- Entry Level Membership: Sensitive
- Level 1: Protected
- Level 2: Secret
- Level 3: Top Secret
Businesses are assessed against strict criteria before being accepted into the program, and must undergo regular audits to maintain their membership. The DISP scheme is an important part of ensuring that the Defence industry supply chain is secure, and helps to protect our national security.
Benefits of DISP Membership
By becoming a member of DISP, you will have access to a number of benefits that will help improve your security posture. Through our training courses and advice service, you will be better informed on the latest security trends and threats. This will help you to better plan your security measures.
In addition, as a member of DISP, you may have the ability to sponsor your own security clearances. And for companies looking to do business with Defence, the framework will ensure that you’re ready to tender.
How to Become a DISP Member?
While the application process is relatively straightforward, you need to ensure that your business meets all the eligibility criteria before submitting the relevant forms. These eligibility criteria are explained in detail in Control 16.1 DISP of the Defence Security Principles Framework (DSPF).
But, for the purposes of this blog post, here is a summary of the key criteria. Your business needs to:
- be a legally recognised business entity (i.e. with an Australian Business Number);
- maintain financial solvency;
- have a board director (or senior executive) and staff member who can obtain an Australian appropriate security clearance and perform the role of Chief Security Officer and Security Officer, respectively (this can be the same person);
- set up an email address similar to this format: disp(at)insertyourbusinessname.xxx.xx.
- comply with Defence requirements relating to foreign ownership, control, or influence (FOCI);
- not maintain relationships with organisations listed as terrorists;
- not maintain relationships with the United Nations Security Council (UNSC) and Australian autonomous sanctions regimes that are subject to Australian sanctions laws; and
- not maintain relationships with anyone or any entity on the Department of Foreign Affairs and Trade’s Consolidated List
If you meet these criteria and the minimum standards of cyber security, you can proceed with the application. Entities that are mandated to become members must complete the AE250-2 form, whilst other entities will need to complete the following application forms:
Pre-employment screening under the PSPF to Meet “Policy 12: Eligibility and Suitability of Personnel”
According to policy number 12 under the PSPF guidelines, each organisation “must ensure the eligibility and suitability of its personnel who have access to Australian Government resources.” In other words, once you’ve become a DISP member, you need to ensure that you’re adequately pre-screening potential employees.
You can carry out the pre-screening either internally, as the organisation doing the hiring, or externally, by a specialised pre-employment screening agency such as Accurate. At Accurate Background we specialise in carrying out pre-employment checks for DISP members or those applying for DISP accreditation, Defence affiliated organisations and Commonwealth Government Bodies.
Accurate can carry this screening out for you to the standard required by the PSPF by conducting the following background checks.
PSPF Requirements vs Accurate Pre-employment Screening
|An identity check helps to establish confidence in a person’s identity and provides entities with a level of assurance about the prospective employee. The Attorney-General’s Department recommends that the identity of all new personnel be verified to at least Level of Assurance 3 of the National Identity Proofing Guidelines. Level of Assurance 3 checks include:
a. the uniqueness of the identity in the intended context
b. the claimed identity is legitimate
c. the operation of the identity in the community over time
d. the linkage between the identity and the person claiming the identity
e. the identity is not known to be used fraudulently.
The core PSPF requirement for eligibility and suitability of personnel mandates that entities verify the person’s identification documents with the issuing authority by using the Document Verification Service for Australian issued primary identification documents.
|Eligibility to Work in Australia
|This check confirms whether a person is eligible to work in Australia. This requires confirming that a person holds Australian citizenship, or if the person is not an Australian citizen, confirming that they have a valid work visa. For information see the Migration Act 1958.
Further eligibility conditions, including requirements relating to Australian citizenship, are covered in the Public Service Act 1999 and in the enabling legislation of many entities.
|Employment History Check
|An employment history check identifies whether there are unexplained gaps or anomalies in employment. A person might not disclose periods of employment if they have had their employment terminated or anticipate an adverse referee report. A history of short periods of employment may indicate poor reliability.
Employment history information may be available from human resources areas of large employers. Alternatively, referees checks or other previous employers may provide corroborating evidence.The Attorney-General’s Department recommends checking the employment history of all new personnel for a period of at least 5 years, where applicable.
|Employment History Verification
|Residential History Check
|A residential history check helps to substantiate the person’s identity in the community. All personnel need to provide supporting evidence of their current permanent residential address.
The Attorney-General’s Department recommends checking residential history for all new personnel for a period of at least 5 years. It is recommended that entities make an assessment of whether the person’s explanation about periods of residency for which they cannot provide supporting documents is reasonable.
|A referee check helps entities engage people of the appropriate quality, suitability and integrity.
The Attorney-General’s Department recommends conducting professional referee checks covering a period of at least the last 3 months.
A referee check may address:
a. any substantiated complaints about the person’s behaviour
b. information about any action, investigation or inquiry concerning the person’s character, competence or conduct
c. any security related factors that might reflect on the person’s integrity and reliability.
|National Police Check
|A national police check, commonly referred to as a criminal history or police records check, involves processing an individual’s biographic details (such as name and date of birth) to determine if the name of that individual matches any others who may have previous criminal convictions. It is important that entities conducting a national police check are clear about what convictions would preclude a person from employment.
The Spent Convictions Scheme outlined in Part VIIC of the Crimes Act 1914, requires that entities request a ‘no exclusion’ national police check, unless the entity is covered by an exclusion under the Act.
A Commonwealth ‘no exclusion’ national police check provides a record of Commonwealth convictions for the preceding 10 years, or until there is a gap of 10 years between convictions, whichever is the longer. However, convictions reported by each state or territory will depend on their relevant spent convictions schemes.
|ACIC Criminial History Check or AFP National Police Check
|A qualification check verifies a person’s qualifications with the issuing authority.
The Attorney-General’s Department recommends verifying declared academic qualifications with the issuing authorities, including universities, technical colleges or schools, as well as any professional associations or memberships that are required.
|A conflict-of-interest declaration identifies conflicts, real or perceived, between a person’s employment and their private, professional or business interests that could improperly influence the performance of their official duties and thus their ability to safeguard Australian Government resources. A conflict can be brought by (and not limited to) financial particulars, secondary employment and associations.The Attorney-General’s Department recommends that entities have a conflict-of-interest policy, that guides staff on what could be perceived as a conflict of interest and when and how to report a conflict. Based on their risk assessment, entities are encouraged to consider whether all personnel, not just contractors, complete a conflict-of-interest declaration. For advice, see the APSC publication Conflicts of interest.
|Business Interests Check
|The Attorney-General’s Department recommends entities identify checks needed to mitigate additional entity personnel security risks where not addressed by the recommended minimum pre-employment screening checks. Additional screening checks are entity-specific and are separate from the security clearance process. The Attorney-General’s Department recommends entities seek separate advice from the Australian Public Service Commission, the Australian Human Rights Commission or independent legal advice about the suitability and use of any proposed entity-specific checks. Some examples of entity-specific checks include drug and alcohol testing, detailed financial probity checks and psychological assessments. For advice, see the APSC publication Conditions of engagement.
|Talk to Us Today About Your Specific Needs
The Defence Industry Security Program (DISP) was developed specifically for companies that work with the Australian Department of Defence and aligns with the Commonwealth Protective Security Policy Framework (PSPF) to provide a range of resources and assistance to help participating companies manage security risks.
The DISP covers a range of security measures, including physical security, personnel security, information security, and security governance planning. By participating in the program, companies can demonstrate their commitment to security and ensure that they are able to meet the stringent security requirements of the Department of Defence.
In addition, the DISP provides a valuable forum for dialogue between industry and Defence on security issues and helps to build a culture of security throughout the Australian defence sector.
Here at Accurate Australia, our goal is to ensure that our clients mitigate risks in all aspects of their business. Along with becoming DISP members, we highly recommend that you look into developing an employment screening policy framework. By verifying the identity and qualifications of job candidates, employers can ensure that they are hiring the best possible candidates for the position.
If you would like to learn more about how we can help you strengthen your screening framework or if you need to outsource your background checks, get in touch today.