APS Commission Home page
> Foundations of Governance
> Security > Next: Native title and dealing with land
‹ Previous page

Last updated: April 2009

Security

In the current international environment, effective security in Government is imperative to Australia’s national interest. It is important for agency heads to be aware of their security responsibilities to ensure the protection of Government information and the safety of employees and Australian citizens.

Australian Government Protective Security Manual

An appropriate protective security environment is fundamental, not only to good business and management practice but, ultimately, to good government. While the government as a whole is responsible for the protective security of the Commonwealth, individual Ministers are responsible for securing the operation of their portfolios. In practice, day-to-day management of protective security arrangements in an Australian Government agency is the responsibility of the agency head.

The Australian Government Protective Security Manual (PSM) is the principal means for disseminating Commonwealth protective security policies, principles, standards and procedures to be followed by all Australian Government agencies for the protection of official resources. It provides minimum common standards in protective security for all Australian Government agencies and contractors and their employees performing services for, and on behalf of the Australian Government. These minimum standards ensure that there is a consistent approach to protective security within and between agencies. The availability of the PSM is restricted to government agencies and contractors working to government. The PSM was reviewed and reissued in October 2005.

The PSM covers the following areas:

  • Protective Security Policy
  • Guidelines on Managing Security Risk
  • Information Security
  • Personnel Security
  • Physical Security
  • Security Framework for Procurement
  • Guidelines on Security Incidents and Investigations
  • Security Guidelines on Home-based Work.

Security and character checking of employees

An agency head is responsible for ensuring appropriate levels of security and character clearance of persons engaged or who move to an agency. This would normally be done through imposing such clearance as a condition of engagement or as an essential qualification. Section 22 of the Public Service Act 1999 allows an agency head to engage an employee subject to the employee meeting certain specified conditions (including possession of or gaining of Australian citizenship and the meeting of specified security and character clearances) which have been notified to the employee prior to engagement. An agency head can impose essential qualifications on a set or sets of duties. These qualifications must then be met by anyone who is selected to perform the duties.

Online security

Information security is the responsibility of iagencies, but risk is increasingly shared across agencies as ICT online services are delivered on a multi-agency, multi-jurisdictional or whole-of-government basis.

Australian Government agencies are bound by the Australian Government Protective Security Manual (PSM), issued by the Attorney-General’s Department (AGD), and the Australian Government Information and Communications Technology Security Manual (ISM), which is issued by the Defence Signals Directorate (DSD).

The PSM is the principal means for disseminating Australian Government protective security policies, principles, standards and procedure, to be followed by all Australian Government agencies for the protection of official resources.

The ISM is the primary source of information security policy and guidance for agencies. It provides policy and guidance to agencies on how to protect their ICT systems. Australian Government agencies are required by the PSM to comply with ACSI 33. It has been written to be consistent with the relevant Australian standards, including:

  • AS/NZS ISO/IEC 27001:2006 Information Security Management;
  • AS/NZS ISO/IEC 17799:2006 Amendment 1: 2008 Information Technology Code of Practice; and
  • AS/NZS 4360:2004 Risk Management.

The Australian Government Information Management Office (AGIMO) provides advice and assistance about whole of government ICT usage and business continuity to the Australian Government and prepares best practice guides to increase the information available to departments to manage their ICT risks. AGIMO works closely with agencies, other tiers of government and the ICT industry to enhance the security of government information and systems.

For more information:

Government online security measures

Privacy issues in Australian Government internet sites

To assist agencies to comply with the Privacy Act 1988, and adopt best practice in relation to privacy, the Privacy Commissioner has developed Guidelines for Federal and ACT Government Websites for agencies to use when implementing websites.

The National e-Authentication Framework (NeAF)

The National e-Authentication Framework comprises a set of principles, a standardised set of assurance levels and a standardised approach and process for determining assurance levels and related electronic authentication (e-Authentication) solutions. It positions e-Authentication within the broader context of an agency’s approach to identity and risk management and provides guidance on developing the processes and technology required to provide the desired level of confidence. It encompasses e-Authentication of the identity of individuals and businesses dealing with the government as well as the authentication of government websites.

Identity Management for Australian Government Employees Framework (IMAGE)

The Identity Management for Australian Government Employees Framework (IMAGE) is an integrated, better practice approach for identity management of Australian Government employees and contractors.

Gatekeeper

Gatekeeper is the Australian Government’s strategy for the use of Public Key Infrastructure (PKI) in government for the authentication of external clients (Organisations, Individuals and other entities). The Strategy ensures a whole-of-government framework that delivers integrity, interoperability, authenticity and trust for Agencies and their clients.

Commonwealth fraud control guidelines

Fraud against the Australian Government is a major concern to the Government. The Government is therefore strongly committed to the prevention, detection, investigation and prosecution of fraud against the Commonwealth.

The Commonwealth Fraud Control Guidelinesoutline the principles of fraud control within the Commonwealth and set national minimum standards to assist agencies carry out their responsibilities to combat fraud against their programs. The Guidelines outline agency responsibilities for fraud prevention, reporting of fraud information, fraud investigation case handling and training of agency fraud investigators and fraud prevention officers.

The Guidelines apply to all agencies that are subject to the Financial Management and Accountability Act 1997 and Commonwealth Authorities and Companies Act 1997 bodies that are at least 50% budget funded for their operating costs. Other Government agencies are encouraged to comply with the Guidelines.

Under the Guidelines, agencies are required put in place a comprehensive fraud control programme to protect Australian Government revenue, expenditure and property from attempts to gain illegal benefits.

Information on this page supplied by:

Attorney-General's Department

Australian Public Service Commission

Department of Finance and Deregulation