Security Process
Security Requirements
01 Governance of Security System

Establish and maintain the right governance

Establish and maintain a governance structure to ensure successful leadership and oversight of protective security risk. Appoint the following members of the senior team:

  • Chief Security Officer (CSO), responsible for overall protective security policy and oversight of protective security practices.
  • Chief Information Security Officer (CISO), responsible for information security.

Take a risk-based approach

Adopt a risk management approach in accordance with the PSARA Guidelines for respective states to cover all areas of protective security across your organisation. Develop and maintain security policies and plans that meet your organisation's specific business needs, addressing security requirements in governance, information, personnel and physical areas.

Prepare for business continuity

Maintain a business continuity management program to enable your organization's critical functions to operate at the highest capacity during a disruption. Plan for the continuation of the resources that support your critical functions.

Build security awareness

Provide regular information, security awareness training, and support to everyone in your organization. This will help them to meet the Protective Security Requirements and adhere to your organization's security policies.

Manage risks when working with others

Identify and manage risks to personnel, data, and resources prior to engaging with potential supply chain partners.

Manage security incidents

Identify, report, respond to, investigate, and recover from security incidents promptly. Take necessary corrective action as and when required

Be able to respond to increased threat levels

Develop plans and be prepared to implement heightened security levels in emergencies or situations that pose an increased threat to your personnel, data, or assets.

Assess your capability

Conduct an evidence-based assessment annually to ensure your organization's security complies with necessary standards. Review policies and plans every two years, or sooner if the threat or operational environment shifts.