Skip to content
Knighthood Documentation

Governance of Security System

Establish and maintain the right governance

Section titled “Establish and maintain the right governance”

Establish and maintain a governance structure to ensure successful leadership and oversight of protective security risk. Appoint the following members of the senior team:

  • Chief Security Officer (CSO), responsible for overall protective security policy and oversight of protective security practices.
  • Chief Information Security Officer (CISO), responsible for information security.

Take a risk-based approach

Section titled “Take a risk-based approach”

Adopt a risk management approach in accordance with the PSARA Guidelines for respective states to cover all areas of protective security across your organisation. Develop and maintain security policies and plans that meet your organisation’s specific business needs, addressing security requirements in governance, information, personnel and physical areas.

Prepare for business continuity

Section titled “Prepare for business continuity”

Maintain a business continuity management program to enable your organization’s critical functions to operate at the highest capacity during a disruption. Plan for the continuation of the resources that support your critical functions.

Build security awareness

Section titled “Build security awareness”

Provide regular information, security awareness training, and support to everyone in your organization. This will help them to meet the Protective Security Requirements and adhere to your organization’s security policies.

Manage risks when working with others

Section titled “Manage risks when working with others”

Identify and manage risks to personnel, data, and resources prior to engaging with potential supply chain partners.

Manage security incidents

Section titled “Manage security incidents”

Identify, report, respond to, investigate, and recover from security incidents promptly. Take necessary corrective action as and when required

Be able to respond to increased threat levels

Section titled “Be able to respond to increased threat levels”

Develop plans and be prepared to implement heightened security levels in emergencies or situations that pose an increased threat to your personnel, data, or assets.

Assess your capability

Section titled “Assess your capability”

Conduct an evidence-based assessment annually to ensure your organization’s security complies with necessary standards. Review policies and plans every two years, or sooner if the threat or operational environment shifts.