Self assessment & reporting

SAR005

Accountabilities and responsibilities

Agencies

  • are accountable for meeting their protective security obligations and assessing the extent to which they comply with the PSR
  • must assign responsibilities for managing protective security within their organisation to appropriately trained and competent employees
  • must provide employees, including contractors, with the necessary information and assistance to promote compliance and advise of any consequences of non-compliance
  • upon request, must report on their level of protective security capability and significant or systemic protective security issues, including any corrective actions to mitigate the issues
  • must document policy exceptions to provide a record they can use to assess their compliance with the mandatory requirements of the PSR
  • should, where necessary, strengthen existing protective security practices and mechanisms based on their risk assessments.

Employees

Employees should:

  • as a condition of accepting employment within an organisation agree to comply with protective security policies of that organisation
  • be aware of the consequences of failure to comply with organisation policies and the PSR mandatory requirements.

Agency heads

Agency heads should be responsible for:

  • ensuring their agency complies with the PSR and has an appropriate level of protective security capability
  • reporting on the effectiveness of the agency's protective security policies and procedures in complying with the mandatory requirements.

Employees responsible for protective security management

Employees who are responsible for protective security management, including CSOs and CISOs, should:

  • effectively manage their agency's security, including applying appropriate protective security measures based on their risk profile
  • liaise with relevant security, governance and compliance personnel, in particular, where there is a centralised approach to compliance management
  • assist with the organisation and coordination of risk assessments, internal audits, and compliance reviews
  • advise on the compliance requirements relevant to their agency
  • record and manage exceptions
  • identify and arrange for the provision of appropriate training needed to improve or ensure appropriate protective security capability
  • prepare an agency compliance exception report against the mandatory requirements of the PSR, or provide input to the report where the assurance and compliance reporting role is undertaken elsewhere within the agency.

Page last modified: 4/05/2022