Self assessment & reporting

SAR003

PSR Assurance Reporting

Guidelines that explain the annual self-assessment and assurance reporting process.

GOV8 - Assess your capability

Use an annual evidence-based assessment process to provide assurance that your organisation’s security capability is fit-for-purpose. Provide an assurance report to Government through the Protective Security Requirements team if requested. Review your policies and plans every 2 years, or sooner if changes in the threat or operating environment make it necessary.

Purpose

Use this guidance to achieve a consistent approach to assessing protective security capability and compliance in organisations. This is to help:

identify areas of focus and address these through mitigation and education actions
evaluate the effectiveness of their protective security practices
improve their protective security policies and procedures.

For information about the self-assessment reporting for 2023/24, please see Self assessment & reporting.

Who this information is for

This information is primarily for Chief Executives, Chief Security Officers (CSOs), Chief Information Security Officers (CISOs) and other agency security management personnel. It's also a useful reference for contracted protective security management service providers.

Legislative requirements

Where legislative requirements are higher than controls identified in these requirements, legislative requirements take precedence and need to be applied.

Relevant standards

The standards relevant to these requirements are:

ISO 31000:2018 - Risk management - Guidelines
HB 167:2006 Security Risk Management

Page last modified: 31/10/2023

Supporting documents