Purpose

The policies of the SAPSF are designed to ensure the security information, people and assets within the South Australian Government. However, how each agency applies the policies and their effectiveness depends significantly on the risks identified, the risk environment an agency operates in, and each agency’s individual risk appetite and tolerance.

The annual security attestation, signed by an agency’s accountable authority, provides a mechanism for each agency to provide a level of assurance and demonstrate its level of confidence that it is achieving the overall security outcomes of the South Australian Government, while also identifying broader protective security risks or challenges.

Core requirement

Provide an annual security attestation to the Department of the Premier and Cabinet on progress against the security plan

Supporting requirements

To attest to progress against the security plan, agencies* must:

  1. identify progress against the security goals and strategic objectives of the agency’s security plan, including:
    1. justification for any decisions to depart from SAPSF core or supporting requirements
    2. identify significant challenges or barriers
  2. assess current security maturity against each security outcome and core requirements of the SAPSF
  3. identify the key risks to the agency’s people, information and assets including:
    1. new and emerging risks
    2. risks to other agencies or parties.

GOVSEC4 Guidance (PDF, 857.8 KB)

SAPSF – Security maturity indicators (PDF, 680.0 KB)

Additional resources will be made available soon.

* This policy applies to all South Australian public sector agencies (as defined in section 3(1) of the Public Sector Act 2009) and to any other person or organisation that is generally subject to the direction of a Minister of the Crown; all of which are referred to in this policy as “Agencies”.