Skip to content

All You Need to Know About the Defence Industry Security Program (DISP)

Andrew Robinson Aug 03, 2022
All You Need to Know About the Defence Industry Security Program (DISP)

The Defence Industry Security Program (DISP) has existed in some form since 1978. Today, it defines the chief security policy for persons, contractors, suppliers, and vendors who intend to work with the defence sector. It aims to meet the requirements of a modern Defence organisation and is open to any Australian business looking to work with a Defence organisation or expand their existing engagement with a Defence organisation.

It was revamped in 2019 to help businesses meet their security obligations while working on Defence projects and tenders in line with the needs of modern Defence organisations.

Introduction to DISP

DISP is a membership program that is becoming an important requirement to do business with a Defence organization. Simply put, DISP is a risk mitigation and assurance program that sets forth the minimum security requirements to enter the Defence supply chain.

The aims of the DISP are to:

  • Allow companies to sufficiently prove that their practices safeguard information and assets while dealing with Defence organisation
  • Help secure the Defence supply chain
  • Establish good practices for risk mitigation
  • Define and maintain responsibilities related to information security while partnering with Defence organisations

Why is DISP important?

DISP helps Australian businesses manage the risks involved in providing services, products, or capabilities to organisations in the defence sector. It helps protect the defence supply chain from security threats by assessing the business’ processes and security measures.

According to the Australian Department of Defence, suppliers need to have an adequate level of DISP membership in the below scenarios:

  • The engagement involves working on sensitive or classified information
  • The suppliers are involved in storing or transporting Defence ordnance
  • The suppliers are providing security services that need them to be on the Defence premises
  • DISP is needed as part of the mandatory requirement for working with Defence organisations

Please note that a DISP membership might not always be a mandatory requirement to do business with a Defence organisation. However, it is preferable to have the membership for those who want to supply to the defence sector. It is an important aspect of proving your commitment to information security.

Also, since many organizations in the defence sector now ask for DISP membership, it is fast becoming a part of business development activities. It definitely gives a competitive advantage for tendering and bidding.

DISP membership also gives companies an opportunity to join international supply chains involving those countries with which Australia has bilateral ties.

The requirements for joining DISP

Technically, any Australian company that intends to do business with the defence sector can join DISP. The detailed eligibility criteria are as below.

  • The company must be registered as a legal business entity in Australia
  • The company should have a designated CSO (Chief Security Officer) who has obtained an Australian security clearance
  • The company should also have a designated officer for the role of a Security Officer
  • The company should be financially solvent
  • The company should submit a FOCI declaration (Foreign Ownership Control and Influence)
  • The company should not be involved with listed terrorist groups, entities on DFAT’s consolidated list, and regimes subject to Australian sanction laws
  • The company must meet the sustainability criteria and should be able to demonstrate that it can fulfil its delivery obligations on time
  • The company has the resources to protect its ICT networks. (Having an ISO 20071 certification can evidence adequate ICT protection)

It is important to note that you don’t need to have an active contract with a Defence organisation to apply for a DISP membership. This was an important reform in the 2019 launch of the program. This change was to encourage more Australian businesses to improve their security practices and also explore defence sector opportunities.

Even after a business gets the DISP membership, there are certain ongoing requirements that need to be fulfilled. Below are the requirements.

  • Continue to uphold the security of information and assets
  • Retain the roles of Security Officer and Chief Security Officer in the company
  • Ensure compliance with the Defence Security Principles Framework (DSPF)
  • Ensure compliance with audit activities as directed by the Defence Security and Vetting Service
  • Complete an Annual Security Report every year
  • Record all overseas travel and make the information available when requested
  • If there are any company-level changes that can affect the DISP membership, these changes must be reported

DISP Membership Levels

After the DISP revamp in 2019, the program has tiered membership levels. A supplier needs to attain the appropriate level based on the nature of engagement they have with the Defence organisation. The membership levels accredit different levels for the security categories.

The higher levels of membership require a more rigorous assessment. It is important to note that a company can have different levels of accreditation for different security categories. The Security Governance category is a reflection of the highest level of accreditation for other categories.

What is the cost required for DISP membership?

There is no direct or upfront cost for applying or obtaining any level of DISP membership. However, implementation of the security measures to fulfil the eligibility criteria will entail appropriate costs.

It is quite possible that a company already has implemented adequate security practices in which case, there are no additional costs involved. However, in cases where the security framework is weak, companies will need to invest in security strengthening before applying for membership.

What are the benefits of joining DISP?

Below is a summary of the significant benefits of joining DISP.

  • You can sponsor your own security clearance. However, this is not applicable to Entry Level DISP membership
  • It opens up the opportunities to enter international supply chains
  • It can align your processes with information security requirements making your business secure and compliant with security regulations
  • You can get access to security training and materials
  • Get access to advice and insights on the latest security trends
  • Get access to defence security services when delivering contracts and tenders

 

 

Leave a Comment

Top analysts and customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


CEO | VAR & MSP

"We chose 6clicks not only for our clients, but also our internal use”

Partner | Big 4

"With 6clicks we can simply close deals much faster"


CEO | Startup

6clicks Risk Registers and Reviews

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen | GRC 20/20 Research LLC

 

Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Enterprise Risk Management

Powered by artificial
intelligence

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

What's the best GRC software?

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

Best software for ISO 27001 compliance

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?