12 December, 2022
The Defence Industry Security Program (DISP) provides confidence and assurance in the secure delivery of goods and services to the Australian Department of Defence (Defence) when partnering with industry. Managed by the Defence Industry Security Office (DISO), the program is intended to protect the Defence supply chain from security vulnerabilities when engaging in Defence projects, contracts, and tenders. DISP membership can be obtained by businesses wanting to engage with Defence, through the assessment of four key security areas of concern ensuring resilience, security, and confidence in the sourcing arrangement across the Defence supply chain.
DISP:
- is a risk management program that leverages Defence’s experience and expertise in operating in complex, security-conscious environments
- strengthens security practices and sets minimum security standards required for industry to partner with Defence on projects at varying levels
- provides business’s security advice and support services, enabling them to better understand and manage security risks across their organisation
- enhances Defence’s ability to manage risk in an evolving security environment.
The four key security categories assessed by DISP include:
1. Security Governance
2. Personnel Security
3. Physical Security
4. Information & Cyber Security.
Each category can be assessed separately for a different level of membership, or at the same level across the board. The higher the level applied for, the more rigorous and complex the process becomes for assessment and approval.
There are four DISP membership levels, each of which is mapped to an Australian Government Security Classification.
Entry level: OFFICIAL/OFFICIAL: Sensitive
Level 1: PROTECTED
Level 2: SECRET
Level 3: TOP SECRET
Your organisation’s needs, contractual requirements, and/orthe intended type of goods or services you wish to supply to Defence will guide you on the appropriate level of DISP membership to apply for.
The benefits include:
- being viewed as a trusted member in the Defence Supply Chain (often a contractual requirement)
- at higher membership levels, the ability to sponsor and maintain Australian Government security clearances for your own personnel (not available for Entry Level membership)
- the ability to hold classified material or systems
- access to knowledge, training, advice, and analysis on security trends, threats, and mitigations to improve your organisations security framework and overall security posture
- access to Defence security services that will enable you to be ‘Defence-ready’ when delivering contracts and tenders
- greater access to international contracts as you may be able to have your organisations security clearances recognised by international partners.
Any Australian business looking to become part of the Defence supply chain can apply for DISP membership. While membership is not mandated in all circumstances, it is highly recommended for businesses currently working on Defence projects or for those seeking to partner with Defence.
Critical to achieving DISP membership is obtaining the right guidance and support to be prepared. Prepared to provide evidence and assurance that your business can deliver, is sustainable, and actively governs and protects its ICT environment. So, what does this involve?
At an organisational level:
- choose the required DISP level
- nominate and train a Chief Security Officer (CSO)and Security Officer (SO)
- develop a security/cyber training program for all staff
- implement Defence specific processes:
o ‘Insider Threat Awareness’ training
o contact reporting
o classified document register
o pre and post overseas travel processes and practices
o PHYSEC certification and accreditation
o hiring processes meet required standard.
At a technical level:
- ensure baseline infrastructure
- develop security architecture
- baseline cyber vulnerability assessments
- choose cyber framework
- perform baseline maturity assessment.
At a policy and procedure level:
- create/update policies and procedures
- create/update organisational security program
- carry out a contextualised security risk assessment.
Once you have applied for, and obtained, DISP membership, your organisation will need ongoing support:
- carrying out Defence specific procedures
- obtaining regular vulnerability assessments
- evolving security architecture
- updating security risk assessments:
o BCP, DR, financial supply chain, etc.
o DISP portal assists with risk assessments
- updating maturity assessment
- updating policies and procedures
- updating security program
- ongoing project management monitoring
- capturing critical changes
- ensuring constant compliance
- undergoing internal audits
- assisting with annual reviews.
At CyberOps we offer a complete end to end DISP application, security uplift, and ongoing membership support service. With extensive experience in the Defence industry, CyberOps can assist and guide your organisation through your ongoing DISP membership journey.
Contact us to find out more.
Defence Industry Security Program | Sectors | Defence Understanding and meeting DISP information and cyber-securityrequirements - Defence Connect