Skip to content

How do I become a DISP member?

Explore some of our latest AI related thought leadership and research

6clicks has been built for cybersecurity, risk and compliance professionals.

Learn more about our Hub & Spoke architecture, Hailey AI engine and explore the other content in our platform here

Developing responsible AI management systems through the ISO/IEC 42001 standard

Using artificial intelligence has propelled global economic growth and enriched different aspects of our lives. However, its ever-evolving nature and...

Incorporating Generative AI into Cybersecurity: Opportunities, Risks, and Future Outlook

Key Takeaways Generative AI is a branch of artificial intelligence that focuses on creating new content with human-like creativity. The rise of...

Understanding RAG: Retrieval-Augmented Generation Explained

Natural Language Processing (NLP) has come a long way in the past few decades. With the goal of enabling more efficient communication between humans...

Responsible AI is here to stay

Artificial Intelligence (AI) and Machine Learning (ML) continue to be a much talked about topic since the release of ChatGPT last year but also well...

Responsible AI in risk management: Diving into NIST’s AI Risk Management Framework

Artificial intelligence has since changed the way we use technology and interact with organizations and systems. AI solutions such as automation and...

The Imperative of Governance to Achieving Responsible AI

AI brings many opportunities to businesses and we can see the AI boom across different industry verticals. However, it also questions who would be...


The Defence Industry Security Program (DISP) is a program established by the Australian government to ensure the security of the defence industry. It aims to protect classified and sensitive information, technologies, and assets from security risks. DISP sets out the minimum security requirements and standards that all businesses operating in the defence industry must meet. These requirements include physical security measures, personnel security clearances, cyber security practices, and adherence to the Defence Security Principles Framework. The DISP membership levels are tiered based on the level of security maturity of the business. To become a DISP member, Australian businesses must meet the eligibility criteria, such as being a legal business entity and having a demonstrated need for access to defence security. Membership applications require the completion of detailed application forms, the submission of security-related documents, and potentially undergoing a security risk assessment. Being a DISP member provides businesses with opportunities to participate in defence contracts, access classified information, and contribute to defence projects. It also signifies a commitment to upholding high-security standards and practices within the industry.

Who can become a DISP member?

To become a member of the Defence Industry Security Program (DISP), businesses must meet certain eligibility criteria. First and foremost, the business must be a legally recognized entity with an Australian Business Number (ABN). This ensures that the business is registered and operates within the legal framework of Australia.

Additionally, businesses must demonstrate financial solvency, indicating their ability to fulfill contractual obligations and meet financial requirements. The Department of Defence also imposes certain requirements regarding foreign ownership and terrorist organizations.

It is important for businesses seeking DISP membership to comply with these Defence requirements in order to gain access to defence security. This ensures that only entities with the necessary security posture and practices are granted membership.

By meeting these eligibility criteria, businesses can apply for membership and gain access to a range of benefits and opportunities within the defence industry. This includes potential involvement in defence contracts, access to defence security advice, and participation in defence projects.

Benefits of membership

Becoming a member of the Defence Industry Security Program (DISP) offers a range of benefits for businesses operating within the defence industry. One of the key advantages is the opportunity to be recognized as a trusted member in the Defence Supply Chain. This positions businesses as reliable partners and enhances their reputation within the industry.

DISP membership also provides businesses with the ability to sponsor and maintain Australian Government security clearances. This is crucial for accessing defence projects and contracts that require a certain level of security clearance. By having these clearances, businesses can expand their opportunities and increase their chances of securing lucrative contracts.

Another benefit of DISP membership is the access to knowledge and training on security trends and threats. This enables businesses to stay up-to-date with the latest security practices and technologies, helping them safeguard their operations and minimize risks. Additionally, DISP members have access to Defence security services, which can provide valuable support and guidance for enhancing their security posture.

Furthermore, being a DISP member grants businesses greater access to international contracts. This opens doors for expanding their operations globally and collaborating with international partners.

Eligibility criteria

Eligibility criteria serve as the first step for businesses looking to become members of the Defence Industry Security Program (DISP). To qualify for DISP membership, businesses must meet several requirements, ensuring they have the necessary expertise and capacity to handle sensitive defence-related information. These criteria include being a legal business entity operating in Australia, having a solid security posture, and adhering to the minimum security standards set by the Australian Government. Additionally, businesses seeking DISP membership must demonstrate their capability to meet the security obligations associated with accessing defence security information. This includes implementing robust personnel security practices, complying with cyber security requirements, and maintaining a high level of physical security. Ultimately, meeting the eligibility criteria is essential for businesses wishing to participate in the defence industry and secure defence contracts both domestically and internationally.

Legal business entity

To become a DISP (Defence Industry Security Program) member, a legal business entity must meet certain requirements. First and foremost, only Australian businesses are eligible for membership, while overseas companies are not allowed to join. This ensures that membership is reserved for entities operating within Australia and contributing to the local defence industry.

Foreign companies, however, do have the opportunity to work on classified contracts with Defence under certain conditions. To participate in these contracts, foreign companies must meet the eligibility criteria and undergo a verification process. This process includes the recognition of a Facility Security Clearance (FSC) to ensure that foreign company security practices align with Australian standards.

Being a legal business entity is crucial for membership in the DISP. It not only ensures compliance with legal and regulatory requirements but also underscores the commitment of businesses to uphold security standards in the defence industry. By maintaining a legal business entity status, companies demonstrate their dedication to physical security, personnel security, and cyber security, while also mitigating security risks.

Prime contractors and sub-contractors

Prime contractors and sub-contractors play key roles in the Defence Industry Security Program (DISP), ensuring the effective implementation of security risk management measures.

Prime contractors are the main entities responsible for managing and executing defence projects. They have a higher level of responsibility in terms of security risk management within the DISP. These contractors are required to have a Facility Security Clearance (FSC) and are responsible for implementing security practices that align with Australian standards and the DISP requirements. They are also tasked with managing and overseeing the security posture of the supply chain, including sub-contractors.

Sub-contractors, on the other hand, work under the prime contractors and provide specialized services or products as part of the overall defence project. These entities are also required to have an FSC and must comply with the security obligations outlined by the prime contractor. Sub-contractors are responsible for maintaining a level of security maturity in their operations and adhering to the DISP guidelines.

Both prime contractors and sub-contractors are integral in ensuring the security of defence contracts and projects. They collaborate to identify and mitigate security threats, manage access to defence security information, and implement the necessary security measures to safeguard sensitive information, intellectual property, and personnel. Their efforts contribute to maintaining a secure and resilient Australian defence industry.

Entry level requirements

To become a member of the Defence Industry Security Program (DISP), there are certain entry level requirements and eligibility criteria that need to be met. These requirements ensure that individuals and businesses have the necessary security measures in place to protect defence projects and adhere to Australian security standards.

To begin the process, applicants must be a legal business entity operating in Australia and have a genuine need for access to defence security. They must also have a valid Australian Business Number (ABN) and be able to demonstrate their ability to meet the security obligations outlined by the DISP.

Documentation required for submission includes a completed application form, supporting evidence of legal business entity status, supply chain details, and relevant security clearances. It is important to note that foreign ownership, control or influence (FOCI), and any relationships with listed terrorist organizations or regimes subject to Australian sanctions laws are strictly prohibited, as these pose significant security risks.

Meeting Defence's requirements around FOCI and avoiding relationships with listed terrorist organizations is crucial in maintaining the security and integrity of the DISP. It ensures that individuals and businesses involved in defence projects have the necessary loyalty and commitment to Australia's security interests.

By fulfilling the entry level requirements, including meeting eligibility criteria and submitting the required documentation, applicants can demonstrate their commitment to maintaining high security standards and become a valued member of the DISP.

Application process

The application process to become a DISP member involves meeting a set of eligibility criteria and submitting the necessary documentation. To begin, applicants must be a legal business entity operating in Australia and have a genuine need for access to defence security. They must also have a valid Australian Business Number (ABN) and demonstrate their ability to meet the security obligations outlined by the DISP. Additionally, applicants must avoid any relationships with listed terrorist organizations or regimes subject to Australian sanctions laws, as these pose significant security risks. The documentation required for submission includes a completed application form, supporting evidence of legal business entity status, supply chain details, and relevant security clearances. It is imperative to comply with Defence's requirements, as they are vital in maintaining the security and integrity of the DISP and ensuring the loyalty and commitment of individuals and businesses involved in defence projects to Australia's security interests.

Documentation required for submission

To become a member of the Defence Industry Security Program (DISP), there are certain documentation requirements that need to be fulfilled. These documents are necessary to validate your eligibility and ensure you meet the security standards set by the program.

Control 16.1 of the Defence Security Principles Framework outlines the specific requirements for DISP membership applications. Here are the necessary documents typically requested for submission:

  1. Business registration documents: Proof that you are a legal business entity operating in Australia.
  2. Security clearances: Evidence of security clearances held by key personnel within your organization.
  3. Defence contracts: Documentation showing your participation in defence contracts or involvement in defence projects.
  4. Sourcing arrangements: Details of the sourcing arrangements you have with prime contractors or other industry members.
  5. Supply chain information: A comprehensive breakdown of your industry supply chain, including subcontractors and suppliers.
  6. Intellectual property protection measures: An overview of the measures you have in place to protect sensitive information and intellectual property.
  7. Financial information: Details of your financial stability and solvency to ensure your ability to meet defence requirements.

By providing the necessary documentation, you demonstrate your commitment to meeting the security obligations and minimum standards set by the DISP. This helps ensure that Australian businesses in the defence industry maintain a high level of security maturity and are capable of mitigating security risks effectively.

Security risk assessment (SRA) requirements

In order to become a DISP member in the defence industry, one of the crucial requirements is to undergo a Security Risk Assessment (SRA). The purpose of the SRA is to evaluate and analyze the security risks associated with a company's operations and determine its ability to meet the security standards set by the DISP.

The SRA process involves a comprehensive examination of the company's security posture, practices, and procedures. It assesses the company's level of security maturity and its ability to protect sensitive information, personnel, and assets. The aim is to identify any potential security threats or vulnerabilities that may pose a risk to the defence industry.

The criteria and standards for the SRA are outlined in the Defence Security Principles Framework. This framework sets the minimum standards for security risk assessments and defines the key areas that need to be evaluated. These include physical security, personnel security, cyber security, and compliance with legal and regulatory requirements.

To meet the SRA requirements, companies must demonstrate their commitment to implementing appropriate security measures, protocols, and controls. They must also show that they have a strong security culture and that their personnel are trained to handle security risks effectively. By meeting these criteria and standards, companies can improve their eligibility for DISP membership and gain access to defence security and contracts.

Access to defence security obligations

Access to defence security obligations is a critical requirement for businesses operating in the Australian defence industry. The Defence Industry Security Program (DISP) outlines the necessary standards and criteria that businesses must meet to gain membership and access to defence security information, guidance, and services.

To become a DISP member, businesses must demonstrate their commitment to upholding security standards and complying with the security obligations outlined by the Australian Department of Defence. This includes implementing robust physical security measures, personnel security protocols, and cyber security controls. It also involves ensuring compliance with legal and regulatory requirements relevant to the defence industry.

By meeting these requirements, businesses can access defence security information and guidance, which is crucial for tendering opportunities involving classified information and assets. Disp membership ensures that businesses are 'Defence-ready' and equipped with the necessary knowledge, tools, and practices to handle sensitive defence contracts. It enables businesses to enhance their security posture, mitigate security risks, and maintain the trust of defence industry stakeholders.

Membership levels & security clearances

Membership levels within the Defence Industry Security Program (DISP) are determined by the nature and scope of a business's involvement in the defence industry and the level of security maturity demonstrated by the business. There are different levels of membership to accommodate the varying security requirements of businesses operating in this sector. These levels are designed to ensure that the appropriate security clearances and safeguards are in place to protect sensitive defence information and assets. Each level of membership requires businesses to meet specific eligibility criteria and undergo a rigorous security risk assessment. By attaining higher levels of membership, businesses gain access to more classified information and can participate in Defence projects with higher security requirements. Ultimately, the level of membership a business achieves reflects its capability to handle sensitive information and contribute to the national security interests of Australia.

Explaining the different levels of membership

DISP (Defence Industry Security Program) membership offers Australian businesses access to defence and related projects, but eligibility is subject to meeting specific security requirements. DISP membership is categorized into four levels, each with increasing levels of security obligations and clearance:

  1. Entry Level: This level is suitable for businesses with little or no defence industry experience. The emphasis is on developing a security posture aligned with DISP's principles and frameworks. Entry Level membership helps businesses understand security risks and develop minimum security standards.
  2. Level 1: This level requires a higher level of security maturity. Membership at this level signifies the ability to handle moderate to sensitive projects within the defence industry. Businesses must meet security clearance requirements, demonstrate a good security posture, and adhere to higher security standards.
  3. Level 2: At this level, businesses must understand and manage risks associated with handling classified information. Level 2 members have access to a broader range of defence projects and must meet more stringent security requirements. Security clearances and well-developed security practices are essential.
  4. Level 3: The highest level of membership, Level 3 is intended for businesses involved in handling classified information regularly. Membership at this level signifies an advanced security posture, ability to manage complex security threats, and compliance with the highest security standards. Level 3 members can access the most sensitive defence projects.

Membership levels are determined based on the sensitivity of the project, with each level requiring a higher security clearance. Individuals and businesses interested in becoming a DISP member can apply based on their eligibility criteria, such as being a legal Australian business entity and meeting the Defence Security Principles Framework. Understanding the specific requirements and responsibilities of each level is crucial in ensuring compliance with defence industry security standards.

General thought leadership and news

From Compliance to Cybersecurity: The 6clicks Ideal Customer Profile

From Compliance to Cybersecurity: The 6clicks Ideal Customer Profile

In an era where digital threats loom larger by the day, the intersection of compliance and cybersecurity has never been more critical. For businesses...

AI Hype and GRC

Beyond the AI Hype: Crafting GRC Solutions That Truly Matter

In the relentless chase for innovation, it's easy to get caught in the dazzling allure of AI. Everywhere you turn, AI seems to be the silver bullet,...

Reflections from my time as Chief Digital Officer at KPMG

Reflections from my time as Chief Digital Officer at KPMG

Between 2016 and 2018 I held the role of Chief Digital Officer at KPMG, responsible for strategy and the development of software assets to underpin...

6clicks Partners with Microsoft to run 6clicks on Private Azure Clouds

6clicks Partners with Microsoft to run 6clicks on Private Azure Clouds

Summary 6clicks, a cyber governance, risk, and compliance (GRC) platform, has partnered with Microsoft to offer a privately hosted option of its...

6clicks Fabric - Hosted on private Microsoft Azure clouds

Empowering enterprises: Get in control with your own GRC SaaS platform-in-a-box

In today's dynamic business landscape, enterprises are constantly seeking innovative solutions to streamline their operations, improve the value they...

6clicks Fabric for GSIs: Tailoring cybersecurity GRC programs for global markets

6clicks Fabric for GSIs: Tailoring cybersecurity GRC programs for global markets

Robust cybersecurity measures and the effective and safe implementation of IT infrastructure are critical for organizations to successfully do...