Direct link: protectivesecurity.gov.au
Responsible agency: Department of Home Affairs
Last updated: December 2024
The Protective security policy framework prescribes what Australian Government entities must do to protect their people, information and resources, both domestically and internationally.
Application of the PSPF assures government that entities are:
- implementing sound and responsible protective security practices
- identifying and mitigating security risks and vulnerabilities.
The PSPF is reviewed annually to ensure it reflects the current threat environment. Entities are consulted on proposed updates via the Government Security Committee. Updates culminate in an annual release.
Applicability
Non-corporate Commonwealth entities that are subject to the Public Governance, Performance and Accountability Act 2013 must apply the PSPF (to the extent consistent with legislation).
The PSPF provides direction and guidance for:
- The Accountable Authorities of Australian Government entities, per the Public Governance, Performance and Accountability Act 2013 (PGPA Act).
- Entity Chief Security Officers, Chief Information Security Officers, security practitioners and other named security officials.
- Service providers that provide services to Australian Government entities or are required to implement the PSPF according to relevant deeds or agreements.
- Those responsible for communicating security information to Australian Public Service (APS) employees, third-party service providers delivering services to Australian Government entities, and visitors to government facilities.
- Those working within, and for, the Australian Government, including APS employees, third-party service providers and contracted staff.
Access the policy
The Protective security policy framework website hosts the PSPF annual release (full text).