6clicks has long supported Defence Industry Security Program (DISP) members and our advisory partners working to achieve and maintain DISP membership and compliance with the Defence Security Principles Framework (DSPF). 6clicks has recently released a couple of new DISP specific assessment templates to assist DISP members understand their preparedness. Read on to find out more.
6clicks' support for DISP members
6clicks has long supported Defence Industry Security Program (DISP) members and our advisory partners work with the Defence Security Principles Framework (DSPF). The 6clicks platform provides Audit & Assessment and program management features combined with content such as the PSPF to make it easier.
6clicks is a platform that will help you to replace the spreadsheet nightmare and document drain typically associated with maintaining compliance to DISP membership requirements. Instead, you can make compliance a by-product of operating an effective security program.
What we've learnt helping DISP members over the past couple of years is that auditors hone in on the DISP requirements found within Control 16.1 of the DSPF. This boils down to meeting the DISP eligibility and suitability requirements found in Control 16.1 along with Annex B (the Suitability Matrix).
The eligibility requirements include:
- being registered as a legal business entity in Australia
- being financially solvent
- having a designated Chief Security Officer (CSO) and Security Officer (SO) roles
- setting up a DISP email address
- satisfying Foreign, Ownership, Control or Influence (FOCI) tests
- avoiding relationships with listed terrorist organisations and sanctioned regimes/people/entities
The suitability requirements (Annex B) are divided into four categories of Governance, Personnel Security, Physical Security, and Information & Cyber Security, depending on the level of membership required (Entry Level, Level 1, Level 2 and Level 3).
At a high level they include things like:
- Establishing a system of risk oversight and management
- Ensuring your nominated CSO and SO are able to meet relevant security clearance requirements
- Completion of the Defence SO training by the CSO and SO
- Completion of employment screening and an annual security awareness course by all relevant personnel
- Management of personnel/facilities and information & cyber security at the relevant level
- Maintaining and implementing security policies and plans including an insider threat program
Information and cyber security
For information and cyber security specifically, you will need to meet one of the following standards:
Ongoing suitability requirements
Ongoing suitability requirements include:
- safeguarding Defence and industry people, information and assets
- complying with the DSPF and in turn the ASD E8, ISM and PSPF where applicable
- retaining a CSO and SO
- reporting any changes that may affect DISP membership
- complying with audit and assurance activities
- keeping a register of overseas travel and travel briefings
- reporting security incidents and foreign contacts to Defence
How can 6clicks help?
6clicks has recently made available the Suitability Requirements from Annex B as an Audit & Assessment Template in the 6clicks content library.
Along with a DISP Cyber Questionnaire that must be submitted to Defence upon request as a part of assurance activities.
And if you need a 6clicks partner to help you along the way, just ask!