DISPulseDISP PillarsGovernance
SO

Security Governance

Accountability, responsibility, and suitable plans, processes and people to ensure entity security.

16 requirements

Entry Level

OFFICIAL / OFFICIAL:Sensitive6 items

Appoint a Security Officer

Designate a Security Officer responsible for overseeing the entity's security obligations under DISP.

Entry Level

Security Management Plan

Develop and maintain a Security Management Plan that addresses all DISP security domains relevant to the entity.

Entry Level

Security Risk Assessment

Conduct an initial security risk assessment identifying threats, vulnerabilities and risks to Defence information and assets.

Entry Level

Security Awareness Training

Implement a security awareness training program for all personnel with access to Defence information.

Entry Level

Incident Response Procedures

Establish security incident response and reporting procedures aligned with DISP requirements.

Entry Level

FOCI Declaration

Complete Foreign Ownership, Control or Influence (FOCI) declaration and maintain ongoing awareness.

Entry Level

Level 1

PROTECTED5 items

Chief Security Officer (CSO)

Appoint a Chief Security Officer with appropriate security clearance and authority to manage PROTECTED information.

Level 1

Enhanced Security Plan

Expand Security Management Plan to address PROTECTED level requirements including detailed risk treatments.

Level 1

Annual Security Report

Prepare and submit annual security governance report to Defence demonstrating ongoing compliance.

Level 1

Security Committee

Establish a security governance committee that meets regularly to review security posture and incidents.

Level 1

Contractor Security Management

Implement procedures for managing security obligations of subcontractors and third parties.

Level 1

Level 2

SECRET3 items

SECRET Security Framework

Implement comprehensive security governance framework suitable for SECRET classified information handling.

Level 2

Security Audit Program

Establish internal security audit program with regular compliance assessments and corrective action tracking.

Level 2

Supply Chain Security

Implement supply chain security risk management processes for all Defence-related procurement.

Level 2

Level 3

TOP SECRET2 items

TOP SECRET Governance

Implement TOP SECRET level security governance with enhanced oversight, reporting and compliance mechanisms.

Level 3

Continuous Monitoring

Establish continuous security monitoring and real-time threat assessment capabilities.

Level 3