This content is currently in Alpha

Secure services

How to design safe and secure services

Australian Government agencies are required to comply with the policy documents discussed in this guide. Over the coming months more guidance will be added.

The Protective Security Policy Framework

The Australian Government Protective Security Policy Framework (PSPF) outlines the policy framework and mandatory requirements to assist agencies consider the security implications of their ICT systems and to devise policies and plans to ensure they are appropriately protected. It is a mandatory requirement of the PSPF that agencies adopt a risk management approach to cover all areas of protective security activity across their organisation.

The PSPF defines 36 mandatory protective security requirements with which Australian Government agencies and bodies must demonstrate their compliance, with regard to:

The Information Security Manual

The Australian Government Information Security Manual (ISM) complements the PSPF. It is a set of controls to assist Australian government agencies in applying a risk-based approach to protecting information and ICT systems. The ISM also provides details of other organisations that have a role in information security in government.

Last updated: 26 March 2015