What you need to know about the Defence Industry Security Program

Australia’s defence industry is an essential part of our country's economy and national security.

The work performed in this sector and its supply chain is sensitive. As such, the Australian Government has security measures in place to protect sensitive and confidential information. 

The Defence Industry Security Program (DISP) is a key initiative designed to manage security risk across defence. This takes an end-to-end risk assessment approach, meaning that it covers the entire process from identification to risk mitigation. Potential security risks are first identified and assessed, and then appropriate control measures are implemented to mitigate these risks. 

Organisations that meet specific requirements under the Defence Security Principles Framework are eligible for DISP membership. Membership is mandatory for organisations working on classified information or assets, and in some other circumstances. However, any organisation that works (or plans to work) on a Defence project is strongly encouraged to apply.  

What are the key requirements of the DISP?

For a business to be eligible for DISP membership, they need to meet specific criteria.  For example, the business must be Australian-owned and operating in the defence industry. The business must also demonstrate its commitment to security by implementing and maintaining appropriate security measures. It must regularly report on these to government. 

The four security pillars which serve as the foundation for the program are: 

Governance: 

• Policies, procedures, and effective governance structures of security. This includes security risk management, an appropriate security culture, and relevant security strategies and plans.

Personal security: 

• Security of personnel including contractors, temp staff, and so on. This encompasses personnel security clearance processes, background checks, and security education and training.

Physical security:

• Physical security of facilities and equipment. This includes appropriate access controls, physical detection systems, perimeter security, and protection of classified material.

Information security: 

• Security of information and technology. This includes the secure protection, handling, storage, and transmission of classified material and sensitive information. Relevant controls such as encryption, access controls, and other security measures.

These requirements are critical to the success of the DISP. They also enable organisations to enhance their own security posture and gain assurance that sensitive information and assets are protected. 

Why should we apply for DISP membership?

There are various levels of DISP membership. The membership level you need depends on the nature of your work with Defence. 

In addition to being able to contract to the defence industry, DISP membership offers other key benefits. Some of these include: 

• Competitive advantage: Higher levels of DISP membership can help organisations stand out from competitors and qualify for more project opportunities.
• Improved security posture: Being a DISP member show that your company takes security seriously. It demonstrates your commitment to protecting sensitive information and technologu through appropriate security measures.
• Collaboration with government: Through DISP, organisations can work with the government on key security matters. Together you can improve readiness against potential security threats.
• Enhanced reputation: Achieving DISP membership can boost a business's reputation within the defence industry. It shows respect for security and quality.

How do we achieve DISP membership?

The amount of work involved in attaining a DISP membership can be daunting. Without dedicated resources and expertise, organisations may find the process long and costly. 

Professional consultants can play a valuable role in supporting your DISP journey by providing the following services: 

• Security assessments: Performing a current state security assessment of existing security measures to identify weaknesses and improvement opportunities. These assessments can be used to develop an appropriate security enhancement or implementation plan.
• Security plans: Assisting your organisation to develop a comprehensive security strategy and plan based on identified risks and specific DISP requirements.
• Training and education: Offer regular training and education to staff and contractors around their security responsibilities and emerging security risks and threats
• Continual improvement: Conduct regular security reviews and audits relating to your security controls and posture. And provide relevant recommendations to keep them effective and appropriate.

By including professional consultants in your journey towards DISP membership, you benefit from their valuable expertise and industry experience. As you work with them, you may also build lasting relationships that can continue to support your security requirements into the future. Ultimately, by leveraging the knowledge and experience of consultants, you can build strong connections that will help you meet your current and future security needs.

FOR MORE INFORMATION

To learn more about attaining DISP membership, please contact your local RSM office.