Defence Industry Security Program (DISP) membership is an important milestone for any business that intends to work for organisations in the defence sector. Under the 2020 Force Structure Plan, the government plans to invest A$270 billion by 2030 to improve defence capabilities. This opens up opportunities for Australian local businesses to enter the defence supply chain and contribute to the strengthening of the country’s defence capabilities.
When is a DISP membership needed?
If you are looking to work in the defence supply chain, it is recommended that you obtain the DISP membership before tendering. It gives a competitive advantage over other bidders who don’t have the membership. Also, do note that some defence organisations might mandate a DISP membership depending on the type of work you do.
As a quick checklist, a DISP membership is required in any or all of the following cases.
- If your engagement with the defence organisation requires you to work with classified information and assets
- If your company will be involved in storing or transporting defence weapons and ordnance
- If you will be responsible for security services to a defence organisation
- If the defence organisation you intend to work with requires a DISP membership of an appropriate level
Before deciding on applying for a DISP membership, consider the long-term benefits and the opportunities it can open up for you in the defence sector. The other advantage is that the membership will give order and direction to your company’s information security initiatives.
What should you know before applying for a DISP membership?
In order to make sure that you are taking the right approach to a DISP membership, here’s what you should know before applying.
1. Check your eligibility
Check whether you are eligible for a DISP membership. Below are the eligibility criteria.
- Your company must be a registered legal business entity in Australia
- You must have a designated CSO (Chief Security Officer) and SO (Security Officer)
- You should be able to demonstrate that your business is sustainable and can fulfil its delivery obligations satisfactorily
- You should have sufficient resources to protect your company’s ICT networks
For detailed Eligibility Considerations, please check the information on the official defence website.
2. Make sure you can fulfil the ongoing requirements
Apart from the eligibility criteria, you also need to fulfil the ongoing requirements for a DISP membership. In brief, the ongoing requirements can be summarised below.
- Ensure continued security of information and assets
- Retain SO and CSO roles in the company
- Ensure compliance with the Defence Security Principles Framework (DSPF)
- Complete an Annual Security Report every year
- Document all overseas travel to be produced upon request
- Report any changes that can affect your DISP membership
3. Know the cost commitment
While applying for DISP does not entail any charges, implementing the eligibility criteria might. Factor in the costs for improved information security practices, maintaining the positions of SO and CSO in the company and training them, etc.
4. Consider which level of membership applies to you
There are 4 levels of DISP membership – Entry Level, Level 1, Level 2, Level 3, and Level 4 across the below 4 categories.
- Personnel Security
- Physical Security
- Information and Cyber Security
Based on your demonstrated business requirements, you can apply for the appropriate level. For more information, please refer to Principle 16 and Control 16.1 in the information provided on the official website.
You will also need to build evidence to show that you meet the requirements for each of the above 4 categories.
5. Know how long it takes to process the membership
The timeframe for processing a DISP membership will depend on the level you are aiming for. Assuming that you have all necessary security clearances and fulfil the eligibility criteria, an Entry Level membership can take anywhere from 2 to 3 months to process. For Level 1, 2, and 3 of the DISP membership, it can take 3 to 4 months.
6. Know the benefits that a DISP membership brings
Lastly, know that a DISP membership will provide you with important benefits that will help your business in the long run. Below is a summary of the major benefits of DISP.
- Except for the Entry Level membership, all other memberships let you sponsor your own security clearance
- A DISP membership increases your chances of getting a defence contract even in cases where the membership is not mandated
- It fosters a culture of enhanced and continued information security at your company
- You get access to the latest updates on information security and can also get advice and inputs to strengthen your organisational security
- A membership can open doors to international supply chains for your business
How can you increase your chances of achieving DISP membership?
Considering the benefits of DISP and the opportunities it opens up for your business, you might want to take action to increase your chances of obtaining the DISP membership.
Here’s what you can do.
- Start with a security risk assessment of your business. This will give you a fair idea of whether you are prepared for addressing the risks with your existing policies and frameworks.
- Make sure you understand the eligibility criteria as per Control 16.1 in the information on the official defence website. Familiarize yourself with all the information so that there are no gaps in fulfilling the eligibility for membership.
- Plan for the resources that will be used in maintaining the security standards required. This includes everything from investing in the right security tools to training the SO, CSO, and other employees.
- Having an ISO 27001 certification can help in effectively demonstrating a strong Information Security Management System (ISMS). For complete information on implementing and achieving ISO 27001, please refer to The Complete Guide to ISO 27001.
- Check the membership level that is suitable for you. Instead of going for the highest level of membership by default, selecting a level that is suitable and sufficient for your business will increase your chances of approval.
- Build evidence to support your application. For this, you will need to produce all documentation and certifications for each of the 4 categories (Personnel security, Physical security, Information & cyber security, governance) to substantiate that you meet the required criteria for the relevant level.
For more information on the Defence Industry Security Program, read our blog - All you need to know about the DISP membership.