Protective Security Manual (PSM)
The Australian Government Protective Security Manual (PSM) is government policy issued to all Australian Government agencies. The Attorney-General's Department manages and disseminates the PSM on behalf of the interdepartmental Protective Security Policy Committee (PSPC).
The PSM is the principal means for communicating protective security policies, procedures and minimum security requirements related to the protection of the Government’s official resources. It is designed to assist agencies with their protective security arrangements, and includes principles, standards and procedures for the protection of government personnel, infrastructure and information.
The purpose of the minimum standards prescribed in the PSM is to facilitate and promote a consistent approach to security across all agencies. This policy is also the minimum security standard for State and Territory government agencies that access Australian Government resources.
Following consultation with the PSPC, parts of the PSM are reviewed on an ongoing basis.
Access to the PSM is restricted to Government agencies. Agencies may provide engaged contractors with the sections of the PSM required to meet contractual obligations.
For all inquiries regarding the PSM, please email psm@ag.gov.au.
Structure of the PSM
The PSM is divided into eight parts. These are:
Part A. Protective Security Policy
Part B. Guidelines on Managing Security Risk
Part F. Security Framework for Competitive Tendering and Contracting (CTC)
Part G. Guidelines on Security Incidents and Investigations
Part H. Security Guidelines on Home-based Work
Part A: Protective Security Policy
The intention of Part A is to assist agencies with establishing a framework to support the development, implementation and management of an agency’s security plan. Part A identifies the value of, and need for, executive level representation in order to adequately promote the importance of security within government agencies.
Part B: Guidelines on Managing Security Risk
Part B advocates the importance for agencies to have a systematic and coordinated program for the identification and management of security-related risks, including monitoring risk treatments and controls. Much of the Government’s policy on risk management is based on the Australia/New Zealand Standard on Risk management – AS/NZS 4360:2004.
Part C: Information Security
Information collected and generated by Government agencies, including individual’s private information and security classified information, requires adequate protection. Part C of the PSM provides agencies with guidance on the development of security policies that address the issues of awareness, responsibility, behaviour and deterrence to ensure official information is not compromised. This includes the need for agencies to be cognizant of their obligations under relevant legislation such as the Privacy Act 1988 and the Freedom of Information Act 1982.
Part D: Personnel Security
The PSM seeks to limit duplication and confusion in the security clearance process by ensuring clearances are carried out to a recognised minimum standard throughout the Australian Government. Part D also supports the transferability of clearances as Government personnel move across agencies.
Part E: Physical Security
Part E of the PSM is primarily concerned with the security of an agency’s physical assets, especially personnel, clients and the public accessing the agency premises, as well as official assets held by the agency. This Part highlights an agency’s legislative responsibilities for protecting its personnel and others from harm and its responsibility to the public to protect the integrity and availability of official information and resources.
Part F: Security Framework for Competitive Tendering and Contracting (CTC)
Part F assists agencies to implement adequate security measures for government functions outsourced to contracted service providers. It builds on the framework provided by the Department of Finance and Deregulation’s procurement publications.
Part G: Guidelines on Security Incidents and Investigations
The Government has developed a framework for the investigation of security incidents within agencies. The investigation guidelines in Part G are designed to protect the interests of the Government and the rights of affected individuals, while also providing flexibility in the management of risks posed by a security incident. Security incidents, among other things, may include criminal offences under the Crimes Act 1914 or the Criminal Code Act 1995.
The Contact Reporting Scheme is also explained and a parallel arrangement is suggested for reporting and analysing non-national related incidents.
It is vital that agencies provide training to ensure agency personnel are aware of the types of security risks that their agency and they, by virtue of their employment, are vulnerable to; as well as the reporting procedures and mechanisms available to them.
Part H: Security Guidelines for Home-based Work
Some agencies permit personnel to undertake home-based work. Risks to official resources associated with this work are similar to those in a traditional office environment. Part H assists agencies with developing and implementing protective security arrangements for official resources operating and being accessed in an employee’s a home. The part also draws attention to the legislative obligations agencies have to employees working in their homes and out of their office environment.