This audit would assess the effectiveness of the Attorney-General’s Department (AGD) in promoting the revised Protective Security Policy Framework (PSPF) and the extent to which selected entities are meeting the framework’s core requirements.

The Attorney-General has overall policy responsibility for Australian Government protective security arrangements, while accountable authorities are responsible for protective security arrangements within their own organisations. The PSPF assists entities to protect their people, information and assets at home and overseas by providing policy, guidance and better practice advice for governance, personnel, and physical and information security.

In 2015, the Independent Review of Whole-of-Government Internal Regulation identified the PSPF as an opportunity for reform and red-tape reduction. The review recommended a shift from the existing compliance framework underpinned by risk management principles, to a principles-based approach. The new PSPF policy aims to reduce the administrative burden of compliance and to support entities to better engage with risks relevant to their functions. Entities are required to review their policies, procedures and templates and consider whether any changes are necessary to implement core requirements.