Purpose

Security risks can arise through the procurement of goods and services and effective risk management is required to reduce the likelihood and consequence of security issues or incidents.

This policy supports the South Australian Government’s procurement requirements which detail how agencies procure goods and services. The requirements of this policy seek to ensure security risk is a considered element in all procurement processes.

Core requirement

Manage any security risks that arise from the procurement of goods and services

Supporting requirements

To ensure any security risks that arise from the procurement of goods and services are managed, agencies* must:

  1. identify and mitigate security risks to the agency’s people, information and assets generated by the procurement
  2. ensure relevant security terms and conditions are included in contracts and service agreements that mange identified security risks to the procurement
  3. manage and monitor:
  4. security risks for changes or incidents that could affect the procurement, service agreement or security of the agency
  5. the performance of the contractor (including subcontractors) over the lifetime of the contract
  6. implement appropriate security arrangements to manage the completion or termination of a contract or agreement.

GOVSEC5 Guidance (PDF, 837.5 KB)

*This policy applies to all South Australian public sector agencies (as defined in section 3(1) of the Public Sector Act 2009) and to any other person or organisation that is generally subject to the direction of a Minister of the Crown; all of which are referred to in this policy as “Agencies”.