Skip to content
🚨 Managing your vendor risk program: Join our upcoming webinar! 🚨

Is the PSPF mandatory?


Yes, the Protective Security Policy Framework (PSPF) is mandatory for non-corporate Commonwealth entities. The PSPF outlines the minimum security requirements for the protection of Commonwealth assets, personnel, information and systems. The PSPF is developed and maintained by the Attorney-General's Department and applies to all non-corporate Commonwealth entities.

It is mandatory for all non-corporate Commonwealth entities to comply with the PSPF in order to protect Commonwealth assets, personnel, information and systems. The PSPF is supported by the Australian Government Security Vetting Agency, which provides security clearances to personnel within the Commonwealth and provides advice and guidance on the implementation of the PSPF.

In addition to the PSPF, non-corporate Commonwealth entities must also report to their portfolio minister and the Attorney-General's Department each financial year on security. This is to ensure that the security of Commonwealth assets, personnel, information and systems is maintained and that any breaches of the PSPF are reported and addressed.

Related eBooks & Expert guides
Related answers
> All Resources > Answers > Is the PSPF mandatory?

General thought leadership and news

The 10 best cyber GRC software tools in 2024

The 10 best cyber GRC software tools in 2024

The role of cyber GRC in businesses has transcended traditional checkbox exercises. Cyber GRC now involves mastering digital transformations,...

The top 5 vendor risk assessment questionnaires for 2024

The top 5 vendor risk assessment questionnaires for 2024

A vendor risk assessment questionnaire is a valuable tool for organizations to identify potential risks posed by their third-party vendors. These...

TISAX vs ISO 27001

TISAX vs. ISO 27001: A comparison for the automotive industry

Information security is paramount in today's digital landscape, particularly for industries like automotive, where sensitive data and complex, global...

Developing a cybersecurity strategy for higher education institutions

Developing a cybersecurity strategy for higher education institutions

With its vast network of personal information, research findings, and intellectual property, the education sector faces the challenge of protecting...

Navigating AI in Cyber GRC Software - Your Comprehensive Guide

Navigating AI in cyber GRC software: Your comprehensive guide

We are thrilled to announce the release of our latest resource, a meticulously crafted spreadsheet designed to guide businesses in evaluating AI...

A cyber GRC expert guide for portfolio managers [+ demo + price guide]

A cyber GRC expert guide for portfolio managers [+ demo + price guide]

Private equity firms face unique challenges when managing cybersecurity, risk, and compliance across their diverse portfolio companies. These...