What is protective security?
In the modern threat environment, it is essential that organisations implement systems to protect their people, information and assets from compromise or harm. Protective security refers to the policies, procedures and practices that seek to achieve this.
Protective security is designed to protect against a broad range of external and internal threats including compromise of information, unlawful access to premises, compromise of systems or employees and physical protection measures. Protective security practices are commonly implemented across the four security domains of governance, information, personnel, and physical security.
The South Australian Protective Security Framework (SAPSF) and the South Australian Cyber Security Framework (SACSF) provide the protective security policy and guidance for South Australian Public Sector agencies.
The South Australian Protective Security Framework (SAPSF)
The SAPSF was established under Premier and Cabinet Circular 030 (PC030) in 2020 to provide South Australian Public Sector agencies with the policy requirements and guidance to implement and maintain effective protective security processes and procedures.
The SAPSF is a risk-based framework designed to empower agencies to identify and manage the most significant risks to South Australian Government business. The framework aims to promote continuous improvement to security capability and maturity, and foster a positive security culture throughout the South Australian Public Sector.
The requirements of the SAPSF were developed to integrate with existing practices at a state, jurisdictional and Commonwealth level, including with the Commonwealth Protective Security Policy Framework (PSPF).
There are five principles that form the foundation of the SAPSF that cover the breadth of responsibilities under the SAPSF and apply all areas of protective security.
- Security is a shared responsibility of government, its agencies and its employees
- Every agency must understand what it needs to protect
- A robust, risk management approach to security enables effective and proportionate treatment of risk to protect information, people and assets
- Strong governance ensures protective security is reflected in agency planning
- A positive security culture empowers personal accountability, promotes ownership and management of risk and supports continuous improvement.
The SAPSF consists of thirteen policies across the four protective security domains. Each of the policies consists of one core (mandatory) requirement and a varying number of supporting requirements and is accompanied by guidance to assist agencies in their implementation. The guidance draws upon both national and international standards for protective security, while incorporating relevant legislation, policy and risk-profiles from across South Australia.
The SAPSF Executive Guide and the SAPSF Overview set out the structure of the framework and list the core and supporting requirements of the SAPSF in full. The complete guidance for each of the thirteen policies can be accessed through the security domain tiles below, as well as additional resources.