Outcome

Each agency identifies and manages security risks while establishing and maintaining a positive security culture, and a cycle of continuous improvement.

To support agencies to achieve this outcome, the SAPSF includes six Governance Security (GOVSEC) policies, each comprised of one core requirement and varying number of supporting requirements. These requirements cover the scope of what agencies must do in relation to their protective security governance.

GOVSEC1: Security governance

Core requirement 1: The accountable authority* must establish the right security governance for the agency

This policy describes how an agency’s accountable authoritycan establish effective security governance to protect their agency’s people, information and assets. An effective governance structure ensures employees with the appropriate knowledge and position are empowered and resourced to maintain agency security.

*the person or group of persons responsible for, and with control over, the agency’s operations

Learn more

GOVSEC2: Security planning

Core requirement 2: Maintain a security plan to manage security risks

This policy describes how agencies can effectively manage security risks through planning and embedding security into risk management practices and procedures. Good security planning will assist agencies to identify and manage security risks while maintaining the continuous delivery of efficient and effective government services.

Learn more

GOVSEC3: Security monitoring

Core requirement 3: Monitor security maturity against the security plan

This policy ensures that agencies develop and implement processes to routinely monitor and assess their security maturity in line with the security goals of their security plan. Security maturity is a meaningful way of measuring an agency’s overall security capability in line with the risk environment and the agency’s risk tolerances.

Learn more

GOVSEC4: Annual security attestation

Core requirement 4: Provide an annual security attestation to the Department of the Premier and Cabinet on progress against the security plan

The annual security attestation, signed by an agency’s accountable authority, provides a mechanism for each agency to provide a level of assurance and demonstrate its level of confidence that it is achieving the overall security outcomes of the South Australian Government, while also identifying broader protective security risks or challenges.

Learn more

GOVSEC5: Managing the security of contractors and service providers

Core requirement 5: Manage any security risks that arise from the procurement of goods and services

This policy supports the South Australian Government’s procurement requirements**which detail how agencies procure goods and services. The requirements of this policy seek to ensure security risk is a considered element in all procurement processes.

**The State Procurement Board (SPB) issues the Procurement Policy Framework to guide procurement in the South Australian Government. From 30 June 2020, the SPB is being ceased, and procurement requirements will transition to a Treasurer’s Instruction. This information will be updated accordingly.

Learn more

GOVSEC6: Security governance for international sharing

Core requirement 6: Ensure adherence to any provisions for the security of people, information and assets contained in international agreements and arrangements to which Australia is a party

This policy ensures all agencies formalise all partnerships or relationships with foreign partners or agencies through international agreements or arrangements that safeguard the interests, information and assets of both the South Australian and Commonwealth Governments.

Learn more