The governance domain includes developing organisational responsibility and investment in security including through appointing staff with designated responsibilities, identifying organisational risks and implementing plans to manage these and monitoring and reporting on organisational security maturity.
Desired outcome
Each agency identifies and manages security risks while establishing and maintaining a positive security culture, and a cycle of continuous improvement.
To support agencies to achieve this outcome, the South Australian Protective Security Framework (SAPSF) includes six Governance Security (GOVSEC) policies, each comprised of one core requirement and varying number of supporting requirements. These requirements cover the scope of what agencies must do in relation to their protective security governance.
Governance Security Policies
| Policy webpage | Download |
|---|---|
The accountable authority must establish the right security governance for the agency | |
Maintain a security plan to manage security risks | |
Maintain security maturity against the security plan | |
GOVSEC4: Annual Security Attestation Provide an annual security attestation to the Department of the Premier and Cabinet on progress against the security plan | |
GOVSEC5: Managing the security of contractors and service providers Manage any security risks that arise from the procurement of goods and services | |
GOVSEC6: Security governance for international sharing Ensure adherence to any provisions for the security of people, information and assets contained in international agreements and arrangements to which Australia is a party |