Australian Government Personnel Security Management Protocol 2.1

Australian Government Personnel Security
Protocol
Version 2.1
Approved September 2014

Amended April 2015
Commonwealth of Australia 2013
All material presented in this publication is provided under a Creative Commons Attribution 3.0
Australia licence (Creative Commons Licenses).
For the avoidance of doubt, this means this licence only applies to material as set out in this document.
The details of the relevant licence conditions are available on the Creative Commons website as is the
full legal code for the CC BY 3.0 AU licence (Creative Commons Licenses).
Use of the Coat of Arms

The terms under which the Coat of Arms can be used are detailed on the It's an Honour website.
Contact us
Enquiries regarding the licence and any use of this document are welcome at:
Commercial and Administrative Law Branch

Attorney-Generals Department
35 National Cct
BARTON ACT 2600
Call: 02 6141 6666
Email: copyright@ag.gov.au
Document details
Security classification Unclassified
Dissemination limiting marking Publicly available
Date of next review Under review

Authority Attorney-General
Author Protective Security Policy Section
Attorney-Generals Department
Document status Version 2.1 approved 1 September 2014 (replaces
Version 1), amended April 2015
i
Table of contents
Amendments ......................................................................................................................... v
1. Scope ............................................................................................................................ 1
1.1. Introduction .................................................................................................................. 1
1.2. Status and applicability ................................................................................................. 1
Figure 1 - Personnel security policy hierarchy............................................................................ 1
1.3. Terms used in this Protocol .......................................................................................... 2
1.4. Agency responsibilities in personnel security............................................................... 4
1.4.1. Agency heads ............................................................................................................ 4
1.4.2. Line managers .......................................................................................................... 4
1.4.3. Agency personnel...................................................................................................... 4
1.4.4. Need-to-know principle ............................................................................................ 5
1.5. Policy exceptions .......................................................................................................... 5
1.5.1. Functional equivalents .............................................................................................. 5
1.6. Sharing personal information ....................................................................................... 5
2. Components of personnel security ................................................................................. 7
3. Identifying personnel security risk .................................................................................. 9
3.1. Personnel security risk assessments ............................................................................. 9
4. Employment screening................................................................................................. 10
4.1. Recommended employment screening ...................................................................... 10
4.2. Agency-specific employment screening checks.......................................................... 11
4.3. Recording results of employment and additional agency specific screening............. 11
4.3.1. Additional information ........................................................................................... 11
5. Ongoing suitability for employment ............................................................................. 13
5.1. Security awareness, training and education............................................................... 13
5.2. Performance management ......................................................................................... 13
5.3. Conflict of interest ...................................................................................................... 13
5.4. Incident investigation ................................................................................................. 14
5.5. Monitoring, evaluating and recording of ongoing personnel suitability .................... 14
6. Agency security clearance requirements....................................................................... 15
6.1. Cooperation in the clearance process ........................................................................ 15
6.2. Identifying and recording positions that require a security clearance ....................... 15
6.2.1. Security clearance levels ......................................................................................... 16
6.2.2. Caveat and codeword access .................................................................................. 17
ii
6.2.3. Contractors requiring security clearances .............................................................. 17
6.2.4. Persons employed under the Members of Parliament (Staff) Act 1984 (Cth) ........ 18
6.3. Australian office holders ............................................................................................. 18
6.4. Other access arrangements ........................................................................................ 19
6.4.1. Foreign Nationals with non-Australian Government security clearances .............. 19
6.5. Eligibility waivers (citizenship and checkable background) ........................................ 20
6.5.1. Eligibility waivers .................................................................................................... 20
6.5.2. Non-Australian citizens ........................................................................................... 21
6.5.3. Uncheckable backgrounds ...................................................................................... 21
6.5.4. Conditions for clearances subject to an eligibility waiver....................................... 22
6.6. Locally engaged staff .................................................................................................. 22
6.7. State or Territory government security clearances .................................................... 23
7. Temporary access to classified information arrangements ............................................ 24
7.1. Temporary access conditions ..................................................................................... 24
7.1.1. Types of temporary access ..................................................................................... 25
7.1.2. Short term access.................................................................................................... 26
7.1.3. Provisional access ................................................................................................... 27
7.2. Temporary access for MOPS Act staff ........................................................................ 27
8. Vetting agency responsibilities ..................................................................................... 29
8.1. Authority to make clearance decisions....................................................................... 29
8.1.1. Confirming eligibility for a security clearance ........................................................ 29
8.2. Assessing Suitability .................................................................................................... 29
8.2.1. Supplementary checks and inquiries....................................................................... 30
8.2.2. Mitigation ............................................................................................................... 30
8.2.3. Vetting agency consultation with sponsoring agencies ......................................... 30
8.3. Vetting decisions ......................................................................................................... 30
8.4. Failure to comply with the clearance process ............................................................ 30
8.5. Personnel security checks for initial clearances ......................................................... 31
8.5.1. Statutory declaration .............................................................................................. 32
8.5.2. ASIO Security Assessment ....................................................................................... 32
8.6. Reviews of security clearances ................................................................................... 32
8.6.1. Periodic Revalidations............................................................................................. 32
8.6.2. Reviews for cause ................................................................................................... 33
8.7. Adverse findings.......................................................................................................... 34
iii
8.8. ASIO-initiated review of ASIO Security Assessment ................................................... 34
8.9. Reviews of security clearance processes and outcomes ............................................ 34
8.10. Review of clearance decisions .................................................................................... 34
8.11. Transfer of Personal Security Files.............................................................................. 35
8.12. Recognition of clearances ........................................................................................... 35
8.13. Active and inactive clearances .................................................................................... 35
8.14. Vetting staff training and qualifications ..................................................................... 36
8.15. Vetting agencies management of outsourced vetting providers .............................. 36
9. Agency responsibilities for active monitoring of clearance holders ................................ 37
9.1. Security awareness training for clearance holders..................................................... 38
9.2. Managing specific clearance maintenance requirements .......................................... 38
9.3. Annual health check ................................................................................................... 38
9.4. Sharing of information ................................................................................................ 39
9.4.1. Reportable changes of personal circumstances ..................................................... 39
9.4.2. Contact reporting under the Australian Government Contact Reporting
Scheme.................................................................................................................... 40
9.4.3. Reporting security incidents to vetting agencies and other appropriate
agencies .................................................................................................................. 40
9.5. Change of sponsorship of security clearances............................................................ 41
9.6. Personnel on temporary transfer or secondment ...................................................... 41
9.6.1. Clearance maintenance for personnel on secondment or temporary
assignment ............................................................................................................. 41
9.7. Personnel on extended leave ..................................................................................... 42
9.8. Clearance maintenance for contractors ..................................................................... 42
9.8.1. Clearance sponsorship of contractors that are no longer actively engaged
by an agency ........................................................................................................... 43
10. Agency separation actions............................................................................................ 44
10.1. Prior to separation ...................................................................................................... 44
10.2. On separation ............................................................................................................. 44
10.2.1. Separation of contractors ....................................................................................... 45
Annex A: Request for variation of Special Minister of States Determination 2012/1
for a Ministers Electorate Officer.......................................................................... 46
iv
Amendments
No. Date Location Amendment
1 April 2015 Section 1.3 Remove the term re-evaluation in regards to PV clearances
in the definition of inactive.
2 April 2015 Throughout Update PSPF links
3 April 2015 Annex A Update waiver request form to include phone numbers
4
v
1. Scope
1.1. Introduction
1. The core policies of the Protective Security Policy Framework (PSPF) provide the mandatory
requirements for protective security in Australian Government agencies. The Australian
Government Personnel Security Protocol provides more detailed advice for agencies to meet their
mandatory personnel security requirements.
2. Personnel security is one element of good protective security management. The Australian
Governments personnel security measures determine the suitability of personnel to access
Australian Government resources. A suitable person demonstrates integrity and reliability and is
not vulnerable to improper influence.
3. Effective personnel security facilitates the sharing of Australian government resources and is an
essential mitigation tool to the threat posed by trusted insiders.
4. An agencys personnel security risk assessment should be incorporated into the agencys security
risk management process and other agency risk management processes. Personnel security risk
management may impact on, and/or complement, information and physical security controls.
1.2. Status and applicability

5. This Protocol forms part of the third level of the Australian Governments personnel security
policy hierarchy, as shown in Figure 1. This protocol and its supporting guidelines will inform
agency-specific personnel security policy and procedures.
Figure 1 - Personnel security policy hierarchy
1
6. The Australian Government personnel Security Protocol derives its authority from the PSPF
Directive on the security of Government business, Governance arrangements, and the Personnel
security core policy and mandatory requirements. It should be read in conjunction with:
the Australian Government information security management protocol
the Australian Government physical security management protocol

the Public Service Act 1999 (Cth) (PS Act)
the Privacy Act 1988 (Cth)

any agency specific legislation and/or guidance, and
the Personnel security guidelines:

o Agency personnel security responsibilities, and
o Vetting practices.
7. Positive Vetting (PV) security policy (developed by the Inter-Agency Security Forum) is detailed in
the Sensitive Material Security Management Protocol (SMSMP). Distribution of the SMSMP is
limited to agency security advisers with a need to know.
1.3. Terms used in this Protocol

8. In this Protocol the use of the terms:
need to refers to a legislative requirement that agencies must meet
are to or is to are controls that support compliance with the mandatory requirements of
the personnel security core policy
should refers to better practice. Agencies are expected to apply better practice unless the
agency risk assessment has identified reasons to apply other controls, and
required is used as common language and has no special meaning in this protocol.
9. Unless otherwise stated, the use of:

personnel in this protocol refers to employees, contractors and service providers as well as
anybody else who is given access to agency assets as part of agency sharing initiatives
employment screening refers to screening undertaken by an agency prior to employment
of staff or engagement of contractors
Australian Government resources refers to the collective term used for Australian
Government people, information and assets, and
vetting agency refers to the Australian Government Security Vetting Agency (AGSVA),
authorised agencies and State and Territory vetting agencies.
Financial statement provides a detailed summary of a clearance subjects assets, income,
liabilities and expenditure.
Financial history check - provides an overview of a clearance subjects financial history.
10. Clearance decisions/status:
2
ineligible refers to a determination by a vetting agency that a clearance subject is not
eligible for an Australian Government security clearance as they do not hold Australian
citizenship and/or have a checkable background
deny refers to a determination by a vetting agency that a clearance subject is not eligible to
hold a Australian Government security clearance at one or more clearance levels
grant refers to a determination by a vetting agency that a clearance subject is eligible and
suitable to hold an Australian Government security clearance
grant conditional refers to a determination by a vetting agency that the clearance
subject is eligible and suitable to hold an Australian Government security clearance with
conditions and/or after care requirements are attached to the clearance
cancel refers to a Security clearance initiated, but not completed by the vetting agency as
the sponsorship of the clearance was removed at the request of the sponsoring agency, the
sponsorship or clearance requirement could not be confirmed, or the clearance subject was
non-compliant with the clearance process
active refers to a maintained security clearance that is sponsored by an Australian

Government agency, and being maintained by a clearance holder and sponsoring agency
inactive refers to a security clearance that is within the revalidation period, however the
clearance:
- is not sponsored by an Australian Government Agency
- is not being maintained by the clearance holder for a period greater than six months
due to long term absence from their role
- for the Positive Vetting level an annual security check was completed within the last
two years
- can be reactivated or reinstated provided the clearance is sponsored by an
Australian Government agency before the end of the revalidation period, and
- cannot be reactivated until all change of circumstances notifications covering the
period of inactivity have been assessed by a vetting agency.
expired refers to a security clearance that:
- is outside the revalidation period and is not sponsored by an Australian Government
agency
- is a PV clearance and did not have an annual security appraisal completed within a
two year period
- cannot be reactivated and reinstated, and
- reverts to an initial security clearance assessment process if an Australian
Government agency provides sponsorship after the end of the revalidation period.
Ceased refers to a security clearance:
- that has been denied or revoked
- that may have time-based conditions on when a clearance subject or holder can
reapply for a security clearance, and
3
- where the clearance subject or holder is ineligible to hold or maintain a security
clearance.
11. Additional terms used in this Protocol can be found in the PSPF Glossary of Terms.
1.4. Agency responsibilities in personnel security

12. Effective personnel security management is a responsibility of all agency personnel including,
senior management, line managers, HR areas, and security areas.
1.4.1. Agency heads
13. Responsibility for development, implementation and maintenance of personnel security

management ultimately rests with the agency head.
14. Agency heads set:
leadership/vision and values
employment standards
the agencies risk tolerance, and
culture through policy, procedures and education.
1.4.2. Line managers
15. Line managers play a key role in personnel security. They are more likely than agency security staff
to have a detailed and accurate knowledge of their employees and the duties of a position in their
work area.
16. Line managers are responsible for:

positively influencing the protective security behaviour of their personnel
monitoring employee behaviour, and

reporting any concerns about a staff members suitability for access to official resources to
the agency security section.
1.4.3. Agency personnel
17. All agency personnel are responsible for:

applying the need-to-know principle
being aware of the importance of their role in, and responsibility for, ensuring the
maintenance of good personnel security practices throughout the agency
reporting issues of concern
complying with agency pre-engagement, ongoing suitability and security clearance

processes, and
complying with Australian Government-wide and agency-specific standards for the
protection of Australian Government security classified resources.
4
1.4.4. Need-to-know principle
18. Agencies are to limit access to, and dissemination of, Australian Government resources to those
personnel who need the resources to do their work.
19. Agencies are to limit access to, and dissemination of, Australian Government security classified
resources to those who hold the appropriate level of clearance.
20. Agencies are to provide information on the need-to-know principle to all personnel as part of
their security awareness training.
1.5. Policy exceptions

21. Exceptional circumstances or emergencies may arise that prevent agencies from applying relevant
controls identified in the PSPF. These may be either of an ongoing or of an emergency nature.
22. Policy exceptions can be made for an are to or is to statement. By making a policy exception, an
agency head is acknowledging that the agency:
is not applying the specified control

is aware of and willing to accept the risk posed to their agency, and
will manage the risk in another way.
23. Agencies cannot make policy exceptions to AUSTEO and Eyes Only access requirements. For
further information see Foreign Nationals with non-Australian Government security clearances.
24. Agencies are to document their policy exceptions, including the risk assessment, in accordance
with their agency specific policies and procedures.
25. Where appropriate, policy exceptions and risk assessments may cover policy decisions relating to
types of activity, rather than individual instances.
1.5.1. Functional equivalents
26. Where agencies use alternative personnel security measures that provide the same or better
functionality than specified controls, a policy exception is not required.
27. Before agreeing to the use of alternative protective security measures an agency head, or
delegate, should seek expert advice to confirm that the technical performance requirements of
the proposed measures meet or exceed those of the specified control.
28. For further information see Governance arrangements Audit, reviews and reporting.
1.6. Sharing personal information

29. The Australian Government expects agencies and vetting agencies to share information relevant
to the ongoing suitability of personnel to access Australian Government resources.
30. Agencies are to obtain written ongoing consent from all personnel (existing and potential) to
share information with other agencies for the purposes of assessing their ongoing suitability. This
5
includes employment screening and security clearance processes. A template informed consent
form is provided at Annex C of the Personnel security guidelines Agency personnel security
responsibilities and Annex H of the Personnel security guidelines Vetting practices.
31. Sharing relevant information does not breach an individuals privacy provided that informed
consent is received and the information is used for the purpose for which consent is provided.
For further information see Annex D of the Personnel security guidelines Agency personnel
security.
32. In order to prevent or minimise the impact of security concerns agencies may provide relevant
information about personnel to:
law enforcement agencies
intelligence agencies
potential gaining agencies (prior to personnel transferring), and
other agencies that are affected by a security concern.
33. Agencies are to include a contractual requirement for service providers and contracting
companies to seek written consent to share information with the agency from all the service
providers or contracting companys personnel who may access the agencies resources. The
agency may then on behalf of the Commonwealth share this information with other agencies for
the purposes of assessing suitability to access Australian Government resources. See Annex C of
the Personnel security guidelines Agency personnel security responsibilities for a template
informed consent form.
34. For further advice on protective security in contracting see Governance arrangements
Contracting.
6
2. Components of personnel security
35. Personnel security comprises three major components:
employment screening;
maintaining ongoing suitability, and
separation activities.
36. An agencys approach to personnel security is to be comprehensive and ongoing. The following
table gives examples of measures at the various stages.
7
Table 1 Summary of personnel security components
Stage Personnel security measures Examples of tools, techniques and
services
Employment checks Identity proofing National Identity Proofing Guidelines
including document verification
Eligibility Australian Citizenship (or correct visa)
Employment screening
Qualification checks Certificate verification for mandatory

qualifications
Previous employment checks Referee checks
Criminal records check No exclusion check under the spent
conviction scheme unless agency has
partial or full exemption,
Agency specific checks Credit checks, drug screening, etc.
Initial security clearances Suitability assessments by vetting
agencies
Countering manipulation Employee security awareness
Education
programs, contact reporting scheme

Security culture Using incentives to encourage the
reporting of security issues
Maintaining ongoing suitability
Access controls Physical and logical access privileges IT passwords, access passes, codes
Protective monitoring Physical access and IT systems System audit processes
monitoring
Monitoring & evaluation
Investigations Gather evidence about security

breaches for possible Code of
Conduct or criminal prosecution
Ongoing employment Change of circumstances Periodic credit checks, drug
suitability checks Agency specific screening screening, etc.
Security clearance Periodic revalidations Annual health check

maintenance Change of circumstances
Contact reporting
Reviews for cause
Ongoing obligations Post-employment personnel security Security clearance debrief
briefing obligations under Crimes Act/ Exit interview
Separation activities
Criminal Code and other legislation
Withdrawal of access Cancelling ID passes and ICT access
Security clearance actions Advice to vetting agency of the

separation
Advice to ASIO where security
concerns are present
8
3. Identifying personnel security risk
Mandatory Requirement
GOV 6: Agencies must adopt a risk management approach to cover all areas of protective security activity across
their organisation, in accordance with the Australian Standard AS/NZS ISO 31000:2009 Risk Management
Principles and Guidelines and the Australian Standards HB 167:2006 Security risk management
37. An agencys protection against threats is only as good as the weakest element of its protective
security (governance, information security, physical security and personnel security).
38. Adopting a comprehensive, risk-based approach to personnel security is important in the

protection of an agencys resources because:
it identifies an agencys vulnerability to a range of insider and other threats
it allows appropriate mitigation strategies to be implemented to manage these risks, and
it delivers a level of assurance about the credentials and integrity of the agencys workforce.
39. Agencies are to have personnel security measures that:

meet other agencies expectations for information sharing arrangements, and
meet or exceed the minimum controls for the protection of Australian Government
resources.
3.1. Personnel security risk assessments

40. The use of appropriate personnel security measures can prevent or deter a wide variety of insider
and other threats that may include:
the disclosure or altering of Australian Government information

the use of Australian Government resources without authorisation
corruption, theft or fraud
sabotage, or
unauthorised third party access to Australian Government resources.
41. For further advice see Managing the Insider Threat to your Business.
42. Based on their personnel security risk assessment, agencies are to determine what checks are
required for employment screening, ongoing suitability to access agency resources and for
separation from the agency. These may include agency specific employment screening checks or
security clearances. For example, the Australian Federal Police have a program of random drug
and alcohol testing.
43. For further advice on undertaking a personnel security risk assessment, see the United Kingdom
Centre for the Protection of National Infrastructure publication Personnel Security Risk
Assessment: A guide.
9
4. Employment screening
PERSEC 1: Agencies must ensure that their personnel who access Australian Government resources
(people, information and assets):
are eligible 1 to have access
have had their identity established
are suitable 2 to have access, and
agree to comply with the Governments policies, standards, protocols and guidelines that safeguard
the agencys resources from harm.
44. Agency heads set the minimum suitability requirements for all new staff employed in their
agencies, based on the agency risk assessment, any agency-specific legislation and the Australian
Governments expectation that agencies have in place measures to facilitate resource sharing.
These requirements are normally conditions of engagement or ongoing conditions of employment
and may include character checks and security clearances. For further advice see the Australian
Public Service Commission publication Conditions of engagement.
45. Agencies are to ensure all personnel agree that they are responsible for safeguarding against loss,
misuse or compromise any Australian Government resources for which they are responsible by
obtaining a signed confidentiality agreement.
46. All personnel requiring ongoing access to Australian Government security classified information or
resources are to have security clearances. This includes contractors and service providers; see
Section 6 - Agency security clearance requirements.
47. Agencies need to confirm that the person is an Australian Citizen or has a valid visa with work
rights, by sighting the documents in support of citizenship or visa. For further information see the
Department of Immigration and Border Protection.
4.1. Recommended employment screening

48. Agencies are to undertake employment screening for all new personnel. This screening will allow
access to unclassified official resources.
49. Agencies should undertake employment screening that meets or exceeds the Australian Standard
4811-2006: Employment Screening.
1
For agencies enabled by the Public Service Act 1999 eligibility refers to the requirements for engagement of
APS employees listed in section 22 of the Public Service Act 1999. Agencies not enabled by the Public Service
Act 1999 should refer to the requirements of engagement of personnel contained within their own enabling
legislation.
2
To be suitable personnel need to demonstrate qualifications and/or experience required of the position
including satisfaction of any agency specific requirements. Agency specific requirements may include
demonstration and compliance with relevant codes of conduct (e.g. APS Code of Conduct), behaviours and/or
values.
10
50. Further details on assessing employment screening checks are in the Australian Government
personnel security guidelinesAgency personnel security responsibilities.
51. Agencies should, based on their risk assessment, undertake periodic reassessments of suitability
for employment.
4.2. Agency-specific employment screening checks

52. Additional screening checks (e.g. drug and alcohol testing) are agency-specific and are separate
from the security clearance process.
53. Additional screening may include:

conducting a credit reference check
obtaining a conflict of interest declaration, or
obtaining a signed Statutory Declaration from the person declaring all information provided
to the agency is truthful and complete.
54. Agencies should advise applicants where additional screening is required as part of a condition of
engagement or an ongoing condition of employment. Agencies should identify this requirement
when advertising a vacancy or before offering employment.
55. While a prospective employee may meet the minimum requirements for an Australian
Government security clearance, he or she may not meet the agencys screening requirements and
vice-versa.
56. If agency-specific checks identify issues relevant to a clearance subjects suitability for a security
clearance the agency is to share this information with the vetting agency.
57. If agency specific checks identify issues relevant to national security, the agency is to share this
information with ASIO.
58. The vetting agency/ASIO may instigate supplementary security clearance assessments as a result
of this information.
59. Agencies are responsible for reviews of their agency specific checks.
4.3. Recording results of employment and additional agency

specific screening
60. Agencies are to record the results of the employment screening for successful applicants and any
additional agency specific screening relating to each person.
61. Agencies should, based on their operating requirements, determine whether to create a separate
Personal Security File for each employee or add the results to their personnel file.
4.3.1. Additional information
62. Additional information on employment screening is available from:
11
AS4811-2006: Employment Screening
HB 323-2007: Employment Screening Handbook
AS 8001-2008: Fraud and Corruption Control
section 10 of the Public Governance, Performance and Accountability Rule 2014

(Fraud Rule)
APS Conditions of engagement.
12
5. Ongoing suitability for employment
Mandatory Requirements
PERSEC 2: Agencies must have policies and procedures to assess and manage the ongoing suitability for
employment of their personnel.
GOV 1: Agencies must provide all staff, including contractors, with sufficient information and security
awareness training to ensure they are aware of, and meet the requirements of the PSPF.
63. An agencys policies and procedures to assess and manage the ongoing suitability for employment
of their personnel will be determined by the agencys security risk assessment; see Section 3 -
identifying personnel security risks.
5.1. Security awareness, training and education

64. Security awareness, training and education provide personnel with information on their
responsibilities under the PSPF and their agency specific responsibilities. Training may include
induction sessions, attaining formal qualifications and professional development.
65. Agencies are to determine specific security training or briefings required by their personnel. This
may include but is not limited to:
personal safety and security measures in agency facilities and in the field
confidentiality requirements for information, including intellectual property
self-managing risk
information control measures (need-to-know)
overseas travel safety and security
contact reporting
incident reporting
unusual and suspicious behaviour, and

handling and security requirements for valuable assets.
66. For further advice see the Australian Government personnel security guidelinesAgency personnel
security responsibilities, Section 8.2.
5.2. Performance management

67. Agencies should include personnel security compliance as part of their personnel performance
management.
5.3. Conflict of interest

68. Public confidence in the integrity of personnel is vital to the proper operation of government.
Confidence may be jeopardised if the community perceives a conflict of interest. Personnel need
to be aware that their private interests, both financial and personal, could conflict with their
official duties.
13
69. Ultimately it is the agency head's responsibility to determine what actions are taken where there
is a conflict. While it is best to avoid a conflict, it is not always practical. Agencies are to establish
processes that deliver effective personnel security outcomes and that withstand scrutiny.
5.4. Incident investigation

70. Agencies are to investigate reports of a security incident in accordance with their agency specific
policies and procedures.
71. Agencies are to consult with the AFP, jurisdictional police, ASIO and/or ASD where the security
incident may have criminal or National Security implications.
72. For further details on undertaking an investigation see Protective security governance guidelines
Reporting incidents and conducting security investigations and the Australian Government
Investigation Standards .These guidelines also provide advice on referring matters to the
appropriate law enforcement agencies, ASIO and the Australian Signals Directorate, depending on
the nature of the incident.
5.5. Monitoring, evaluating and recording of ongoing personnel

suitability
73. Employment screening and subsequent employment checks provide only a snapshot of the
employees suitability at a point in time.
74. Based on their personnel security risk assessments, agencies are to have policies and procedures
in place to monitor ongoing suitability of staff. These may include:
requiring managers to monitor all personnels continuing suitability to access Australian
Government resources
advising personnel what personal behaviours or concerns that they are required to report
e.g. criminal arrests or convictions, change of circumstances, contacts that are suspicious,
on-going, unusual or persistent and other significant incidents. For more information see
Section 8 - Agency responsibilities for active monitoring of clearance holders
providing guidance to personnel on reporting suspect conduct by other personnel, and

undertaking periodic employment re-screening.
75. Agencies should determine the period between original screening and any subsequent
re-screening. The period will depend on the agencys risk profile and any specific risks associated
with the position.
76. Agencies should record the outcomes of their monitoring and evaluations on the same file as any
employment screening results.
14
6. Agency security clearance requirements
77. Agency heads may require a security clearance as a condition of employment. A security clearance
is a determination by a vetting agency that an individual is suitable to access security classified
resources.
6.1. Cooperation in the clearance process

78. Agencies are to advise clearance subjects of their responsibilities to comply with the vetting
process. Where possible, agencies should assist clearance subjects to provide accurate and
complete information that is timely.
79. Clearance subjects are to cooperate with the vetting agency throughout the clearance process,
including by providing within the timeframes advised:
a completed clearance pack
copies of any requested supporting documents, and

complete and truthful responses.
80. Vetting agencies are to cancel the clearance process for any failure to cooperate in the clearance
process. Agencies are to remove any access to Australian Government security classified resources
from clearance subjects, if advised by the vetting agency that the clearance has been revoked or
the process cancelled.
81. Agencies are to apply this control to all personnel, irrespective of their position or duties.
82. Agencies are not to use temporary access provisions to provide access to Australian Government
security classified resources to personnel that are not actively cooperating with the vetting
process.
6.2. Identifying and recording positions that require a security

clearance
PERSEC 3: Agencies must identify, record and review positions that require a security clearance, including
the level of clearance required.
PERSEC 4: Agencies must ensure their personnel with ongoing access to Australian Government security
classified resources hold a security clearance at the appropriate level, sponsored by an Australian
Government agency.
83. Anyone requiring ongoing access to Australian Government security classified resources is to hold
a security clearance at the appropriate level.
84. An agency head or their delegate is to decide if a role or position requires a security clearance.
85. An agency head may require that all agency staff in a particular category be cleared to a specified
level. Factors that may influence this decision include:
15
the nature of the agencys business
an agencies risk assessment
the need to access the agencys security classified information or resources or ICT systems,
or
the need for increased levels of assurance of employees suitability to perform particular
roles.
86. Agencies may use security clearances as an assurance measure in addition to their employment
screening and agency specific controls for positions where the agency risk assessment deems the
security clearance process is to apply.
87. Positions that have a business impact level of high or above may include those:
whose occupants have access to aggregations of information or assets, or
where the nature of the position requires greater assurance about a persons integrity; for
example, a higher level of clearance with greater background checking to support fraud
mitigation or as an anti-corruption measure.
88. Agencies should assess whether the checks undertaken for a security clearance provide the
required level of assurance or whether agency-specific checks will better meet their needs.
89. Agencies are to maintain a register of positions that require a clearance. Before advertising a
position, agencies are to identify:
if the position requires a security clearance
the level of clearance required
whether the clearance is for access to Australian Government security classified information
or to give a level of assurance, and
when the requirement for a security clearance will be reassessed.
90. Agencies should periodically reassess the security clearance requirement for positions, at least
each time the position becomes vacant and before it is advertised.
6.2.1. Security clearance levels
91. There are four security clearance levels:

i. Baseline provides ongoing access to information or resources up to and including
PROTECTED.
ii. Negative Vetting Level 1 provides ongoing access to information or resources up to and
including SECRET.
iii. Negative Vetting Level 2 provides ongoing access to information or resources up to and
including TOP SECRET.
iv. Positive Vetting provides access to certain types of sensitive, caveated, compartmented
and codeword information. PV is an additional process that is designed to ensure, beyond
reasonable doubt, that a candidate is suitable to access the highest classification of security
classified and caveated information. PV builds upon the requirements for the granting and
16
maintenance of Negative Vetting Level 2. PV requirements are managed by the Inter-
Agency Security Forum on behalf of the Australian Intelligence Community and are detailed
in the Sensitive Material Security Management Protocol (SM SMP) which is only available to
Agency Security Advisers.
Table 2 Information access requirements
Certain Sensitive and
UNCLASSIFIED with a
LIMITING MARKER
Compartmented
DISSEMINATION
CONFIDENTIAL
UNCLASSIFIED
1
Information
TOP SECRET
PROTECTED
SECRET
Positive vetting
Negative vetting level 2 2

Negative vetting level 1
Baseline
Employment screening
Notes:
1. Access to Sensitive and Compartmented Information is detailed in the Sensitive Material Security
Management Protocol (SMSMP) which is only available to those with a need to know.
2. In certain limited circumstances Compartmented information is available at the NV2 level. For further
information see the SMSMP.
6.2.2. Caveat and codeword access
92. Agencies are to liaise with the agency responsible for administering a caveat or codeword to
determine the personnel security measures required in addition to a security clearance. This could
include but is not limited to:
specific compartment briefings, and
reporting or restrictions on overseas travel.
93. For further information on access to caveats and codewords, refer to the Australian Government
Information Core Policy and supporting Protocol and guidelines; and the SMSMP.
6.2.3. Contractors requiring security clearances
94. Agencies are to identify contractors requiring security clearances for access to security classified
information and resources or those requiring a security clearance as a level of assurance, as part
of the procurement process.
95. Agencies engaging contractors who will require security clearances are to sponsor the contractors
clearance. See PSPFGovernance arrangementsContracting.
96. Contractors may work concurrently for a number of agencies. The agency that is to sponsor a
contractor is the agency:
first engaging the contractor where a security clearance is required, or
17
requiring the highest level of security clearance.
97. The lead agency for a contract is to sponsor all contractor clearances where a single contract
covers a number of agenciese.g. as the result of a panel arrangement.
98. The lead agency is to ensure that they have arrangements (policies and procedures) in place to
ensure the ongoing suitability of contractors in accordance with this protocol. For further
information see Section 8.8 clearance maintenance for contractors.
99. Lead agencies are to ensure that ongoing suitability assessments of contractors are included in the
contract.
100. If an interested party becomes aware of a contractors change in circumstances, the interested
party is to inform the vetting agency. The vetting agency is to inform all other interested parties.
For further information on sharing see Section 1.6 - Sharing Personal Information.
6.2.4. Persons employed under the Members of Parliament (Staff)

Act 1984 (Cth) (MoPS Act)
101. Special Minister of State Determination 2012/1 directs that Ministerial staff employed
under Part III of the Members of Parliament (Staff) Act 1984 (Cth) need to obtain and maintain a
Negative Vetting Level 2 security clearance. This direction allows for variation in certain
circumstances for electorate officers. For further information see Annex A: Request for variation
of Special Minister of States Determination 2012/1 for a Ministers Electorate Officer.
6.3. Australian office holders

102. The following Australian office holders are not required to hold a security clearance to access
Australian Government security classified information while exercising the duties of the office:
Members and Senators of the Commonwealth, State and Territory Parliaments
Judges of The High Court of Australia, The Supreme Court, Family Court of Australia, The
Federal Circuit Court of Australia and Magistrates
Royal Commissioners, and
the Governor-General, State Governors, Northern Territory Administrator, and
members of the Executive Council.
103. Other appointed office holders may have enabling legislation which gives the same privileges as
the people identified in the preceding paragraphe.g. Members of the Administrative Appeals
Tribunal and Members of the Social Security Appeals Tribunal.
104. Personnel of the office holders in paragraphs 100 and 101 are not exempt from the requirements
for a security clearance and are to be security cleared to the appropriate level if they require
ongoing access to security classified information.
105. An Australian officer holders exemption from the requirements of the PSPF is limited to the
requirement for a security clearance. Agencies responsible for managing protective security for
18
Australian office holders are to ensure that classified material in their possession is appropriately
safeguarded at all times in accordance with the PSPF.
6.4. Other access arrangements

6.4.1. Foreign Nationals with non-Australian Government security
clearances
GOV 10: Agencies must adhere to any provisions concerning the security of people, information and assets
contained in multilateral or bilateral agreements and arrangements to which Australia is a party.
106. Foreign nationals routinely contribute to Australias National Interest through exchange, long-
term posting and/or attachment to the Australian Government.
107. Foreign nationals can only access Australian Government security classified information and
resources under an Agreement or Arrangement 3 if they:
access the information in accordance with that Agreement or Arrangement, and

hold a security clearance granted by their national government which is recognised by the
Australian Government in accordance with the Agreement or Arrangement.
108. Agencies are not to permit non-Australian citizens access to information caveated Australian Eyes
Only (AUSTEO). Non-Australian citizens can only access other Eyes Only information if they are a
citizen of a country included in the Eyes Only caveat.
109. Agencies cannot make policy exceptions to AUSTEO and Eyes Only access requirements. For
further details see Information security management core policy.
110. In limited circumstances foreign nationals may access information caveated Australian
Government Access Only (AGAO). AGAO is used by the Department of Defence, ASIS and ASIO.
These agencies may pass information marked with the AGAO caveat to appropriately cleared
representatives of foreign governments.
111. AGAO material received in other agencies is to be handled as if it were marked AUSTEO.
112. For further details see the Australian Government information security management guidelines
Australian Government security classification system.
3
An agreement or an arrangement includes treaties, security of information agreements and memorandums
of understanding.
19
6.5. Eligibility waivers (citizenship and checkable background)
PERSEC 5: Before issuing an eligibility waiver (citizenship or checkable background) and prior to
requesting an Australian Government security clearance an agency must:
justify an exceptional business requirement
conduct and document a risk assessment
define the period covered by the waiver (which cannot be open-ended)

gain agreement from the clearance applicant to meet the conditions of the waiver, and
consult with the vetting agency
113. Agencies are to include details in their annual PSPF compliance report stating numbers and levels
of security clearances granted subject to:
citizenship waivers, and
uncheckable background waivers.
114. Only Australian citizens with a checkable background are eligible for an Australian Government
security clearance, unless these eligibility requirements have been waived by the sponsoring
agency head. Agency Heads need to be aware that granting an eligibility waiver, does not
guarantee that a clearance will be granted by the vetting agency.
115. Sponsoring agencies are to confirm all clearance subjects are eligible, by confirming citizenship
and checkable background requirements, prior to requesting a security clearance.
6.5.1. Eligibility waivers
116. An agency head may, under certain conditions waive the citizenship or checkable background
requirements for a person to be eligible for a security clearance.
117. An agency heads decision to waive an eligibility requirement is to be based on a thorough analysis
of the risks to the Australian Government and the possible impact on the National Interest. For
further information see Personnel security guidelinesAgency personnel security responsibilities.
118. Agency heads need to be aware of the inherent risks posed from a malicious trusted insider when
granting eligibility waivers. Any decision to grant a waiver needs to be assessed against and linked
to the agencys risks. Agency heads need to be aware that by granting a waiver, they are taking on
a risk that may be detrimental to the Australian Government. If the documents supporting the
waiver do not fully detail the risks to the National Interest, mitigations and any residual risks, the
vetting agency may reject the request for security clearance.
119. The vetting agency is to record, or place, the waiver on the clearance subjects Personal Security
File.
20
120. An eligibility waiver is role-specific, non-transferable, finite and subject to review. In other words,
the waiver is to apply only while the clearance holder remains in the position for which the
clearance was granted.
121. The waiver is not to follow the clearance holder to any other position without review. An eligibility
waiver is not open-ended and is to be subject to regular review to confirm that there is a
continuing requirement for the waiver.
122. Agencies are to reassess eligibility waivers yearly.
6.5.2. Non-Australian citizens
123. An agency is to only grant an eligibility (citizenship) waiver where:

it has been identified that there is no Australian citizen who could fill the position, and
the agency understands and agrees to manage the risk.
124. Permanent residence status is not an acceptable alternative to the citizenship requirement.
125. The vetting agency may decline the request for clearance if, notwithstanding the citizenship
waiver, other minimum checks are unable to be made, or standards met. It may not be possible
for the vetting agency to conduct the required checks overseas or, if checks can be conducted, to
have confidence in the level of assurance provided by the checks.
126. Non-Australian citizens are not to access information caveated Australian Eyes Only (AUSTEO).
Foreign nationals can only access other Eyes Only information if they are a citizen of a country
included in the Eyes Only caveat and have a need to know. Agencies cannot make policy
exceptions to AUSTEO and Eyes Only access requirements.
6.5.3. Uncheckable backgrounds
127. A checkable background is established when a vetting agency has validated information provided
by a clearance subject with respect to their background from independent and reliable sources.
128. A clearance subject has an uncheckable background when the vetting agency cannot complete the
minimum checks and inquiries for the relevant checking period, or the checks and inquiries, where
able to be made, do not provide adequate assurance about the clearance subjects life or
background. In these circumstances, the vetting agency may decline the request for a clearance.
129. Any clearance subject that has spent greater than 12 months (cumulative) out of Australia within
the requisite background checking period is to be considered to have an uncheckable background
(if their periods of time out of Australia cannot be verified from independent and reliable sources).
If the clearance subjects periods of time out of Australia cannot be verified from independent and
reliable sources, the subject is to be assessed by the vetting agency as ineligible to be considered
for an Australian Government security clearance.
130. Vetting agencies are to consider the security risk to the Australian Government as the primary
factor when assessing whether a person is considered to have a checkable background, and
therefore whether they are eligible to be considered for an Australian Government security
clearance.
21
131. For an individual to be eligible for an Australian Government security clearance, background
checks should generally be able to be undertaken in Australia. It is expected that individuals
sponsored by agencies for an Australian Government security clearance will have strong,
established ties to Australia.
6.5.4. Conditions for clearances subject to an eligibility waiver
132. Clearances granted with eligibility waivers are to be subject to strict conditions. These may include
conditions such as but not limited to:
the continuation of the eligibility waiver being conditional on the applicant taking Australian
citizenship as soon as they are eligible where the subject has indicated they are actively
seeking citizenship or do not have a valid reason not to seek citizenship
the agency not allowing non-Australian citizens granted a waiver access to Eyes Only
information unless it includes the persons country of citizenship and they have a need to
know
the agency not granting access to security classified information from a foreign government
without the written agreement of that foreign government or as outlined in the provisions
of any information sharing agreements, and
the agency limiting access to security classified information to that required to perform the
specific duty identified.
133. Sponsoring agencies are to ensure a person subject to a waiver follow any conditions placed on
the clearance. Sponsoring agencies are to advise vetting agencies of any non-compliance with
conditions of the waiver.
134. The vetting agency is to cease a clearance where the clearance subject does not adhere to the
conditions of the waiver.
135. The sponsoring agency is to reassess the waiver and advise the vetting agency if the clearance
subject changes duties.
6.6. Locally engaged staff

136. Locally engaged staff who are not Australian citizens, may be granted a diplomatic mission
clearance. Diplomatic mission clearances are recognised as clearances within the mission they
are granted, they are role specific and are not portable. For information about locally engaged
staff (LES) in diplomatic missions contact DFAT.
137. The Australian Trade Commission (AUSTRADE) is a managing agency under the Guidelines for
Management of the Australian Government Presence Overseas (February 2007). Accordingly,
AUSTRADE conducts security screening for its LES, and for those of attached agencies where
applicable.
138. An agency may grant an eligibility (citizenship) waiver for LES where:
the preferred person for a position requiring a security clearance is not an Australian citizen,
and
the agency understands and agrees to manage the risk.
22
6.7. State or Territory government security clearances
139. The Australian Government recognises security clearances up to Negative Vetting 2 issued by the
States and Territories if the clearance is undertaken for their own personnel and has been
processed in accordance with the Australian Government Personnel Security Protocol and
supporting guidelines. State and Territory clearances may be transferred between other State and
Territory agencies and the Commonwealth. This is in accordance with the Memorandum of
Understanding on the Protection of National Security Information between the Commonwealth
and States and Territories (2007).
Note: The Australian Security Intelligence Organisation Act 1979 (Cth) restricts ASIO from passing
Security Assessments directly to the States and Territories. Requests by the States and Territories
for ASIO Security Assessments are facilitated through the Attorney Generals Department or the
sponsoring Commonwealth agency.
23
7. Temporary access to classified information arrangements
PERSEC 4: Agencies must ensure their personnel with ongoing access to Australian Government security
classified resources hold a security clearance at the appropriate level, sponsored by an Australian
Government agency.
GOV 6: Agencies must adopt a risk management approach to cover all areas of protective security
activity across their organisation, in accordance with the Australian Standard for Risk Management
AS/NZS ISO 31000:2009 and the Australian Standards HB 167:2006 Security risk management.
140. Temporary access allows limited, supervised access to security classified resources.
141. Temporary access is not a security clearance.
142. Temporary access provisions are not to apply to positions where security clearances are used only
as a measure of assurance, where there is no access to classified information.
7.1. Temporary access conditions

143. Agencies are not to use temporary access provisions for routine business needs or as a substitute
for sound personnel management (for temporary access provisions for MOPS personnel see
section 7.2).
144. Agencies are to base any decision to approve temporary access on a documented risk assessment.
Agencies should consider any existing mitigating factors as part of the risk assessmente.g.
holding a security clearance at a lower level, employment screening or any agency specific checks
undertaken. For further details on undertaking a temporary access risk assessment, see the
Australian Government personnel security guidelinesAgency personnel security responsibilities.
145. Agency head written approval is to be sought and granted for any temporary access
arrangements.
146. Prior to granting temporary access the sponsoring agency is to confirm with the vetting agency
that there are no known concerns about the person who may be given temporary access.
147. The vetting agency is to advise the sponsoring agency of any existing or prior limitations on the
person requiring access.
148. If advised of any concerns by the vetting agency, the sponsoring agency is to base any decision to
remove the clearance subjects temporary access to security classified information and resources
on a documented risk assessment.
149. The sponsoring agency is to withdraw temporary access to security classified resources if concerns
cannot be mitigated.
24
150. Agencies are not to use temporary access arrangements for access to:
TOP SECRET classified resources unless the person requiring access holds a Negative Vetting
Level 1 clearance.
caveat, compartmented or codeword information.
151. Temporary access to TOP SECRET resources (where the person does not hold a Negative Vetting
Level 1 clearance), or caveat, compartmented or codeword material may only be given after a
policy exception is approved by the agency head. Agencies should seek agreement from the
information owners and compartment controllers, prior to granting temporary access to TOP
SECRET resources.
152. Sponsoring agencies are to advise the vetting agency of any temporary access approved. The
vetting agency is to record the access on the clearance subjects PSF and/or security records
database.
7.1.1. Types of temporary access
153. There are two types of temporary access arrangements:

i. short term access allows an employee access to Australian Government classified resources
where they do not hold a clearance at the appropriate level and are not being assessed for a
clearance or are yet to submit a completed clearance pack, and
ii. provisional access access to Australian Government classified resources while a clearance
subject is undergoing a clearance after they have submitted a completed clearance pack.
25
Table 3 Summary of temporary access requirements
Short term access Provisional access
Period of access Maximum of 3 months in one calendar Until clearance granted or denied, or
year 2 suitability concerns are identified by
the vetting agency
Classified Resources allowed TS TS1 S2, C2 P TS TS 1 S2, C2 P
SCI SCI

Requirements: documented risk assessment

Agency head written approval
The person and their manager have signed an undertaking to protect
official resources
Security briefing by home agency
Approval of information owner required
N/A Complete pack with vetting
agency
Vetting agency advised there are
no obvious suitability concerns
Risk mitigations may include: Employment screening
Agency specific checks
Clearance at a lower level
Knowledge of personal history
(TS TOP SECRET; S SECRET; C CONFIDENTIAL; P PROTECTED)
Notes:
1. Only allowed in exceptional circumstances with an existing NV1 clearance and agency head approval (for
temporary access provisions for MOPS personnel see section 7.2).
2. Only allowed in exceptional circumstances
7.1.2. Short term access
154. Short term access to Australian Government security classified resources may be allowed where
there is an unforeseen requirement for access. Short term access is for a maximum of:
a continuous period of three months, or
an aggregation of shorter periods of no more than three months in one calendar year.
155. Short term access to PROTECTED can be based on a business need.
156. Agencies are to only approve short term access to CONFIDENTIAL or SECRET classified resources in
exceptional circumstances where:
the exception is critical to the agency meeting its outcomes, and
the risks to the agency can be mitigated or managed.
157. Agencies are to only approve short term access to TOP SECRET classified resources in exceptional
circumstances where:
the person requiring access holds a Negative Vetting Level 1 clearance

the risks to any affected agency can be mitigated or managed.
26
7.1.3. Provisional access
158. Sponsoring agencies may approve provisional access for up to SECRET security classified resources
where there is a sound business case to support access during the clearance process.
159. Agencies are to only approve provisional access to TOP SECRET classified resources in exceptional
circumstances where:
the person requiring access holds a Negative Vetting Level 1 clearance

160. Before granting provisional access, sponsoring agencies are to confirm with the vetting agency
that:
the clearance applicant has submitted a completed clearance pack and required documents,
and
there are no readily identifiable suitability concerns.
161. Agencies may approve provisional access until the clearance process is complete. Agencies may
change the type of temporary access from short term to provisional once the vetting agency has
confirmed it has received the completed pack and advises there are no concerns.
7.2. Temporary access for MOPS Act staff

162. It is reasonable to expect that some staff employed by an Australian Government Minister under
the MOPS Act will require temporary access. This is particularly relevant following any change of
Government.
163. MOPS Act Staff may be given temporary access to TOP SECRET information, where there is a need
to know, without the requirement to hold a Negative Vetting Level 1 clearance, subject to:
a detailed risk assessment
consultation with the information originators, and
164. MOPs Staff are not to be given temporary access to sensitive compartmented, codeword or
caveat information
165. A Ministers Portfolio Department should approve short term access for new MOPS Act staff for
the Departments Minister until their security clearances are granted unless advised to withdraw
the access due to concerns including non-compliance with the clearance process.
166. The vetting agency is to notify the Portfolio Department and the Department of Finance of any
concerns or non-compliance with the security clearance process.
167. The Department of Finance is to advise Portfolio Departments of any Ministerial staff whose
clearance process has been cancelled for non-compliance with the security clearance process.
27
168. The Portfolio Department is to withdraw any temporary access to security classified information
for MOPS staff whose clearance process has been cancelled. For more information see Section 6.1
Cooperation in the clearance process.
28
8. Vetting agency responsibilities
PERSEC 6: Agencies other than authorised vetting agencies must use the Australian Government Security
Vetting Agency to conduct initial vetting and reviews.
PERSEC 8: Sponsoring and vetting agencies must share information that may impact on an individuals
ongoing suitability to hold a security clearance.
8.1. Authority to make clearance decisions

169. Only vetting agencies are authorised to make clearance decisions.
8.1.1. Confirming eligibility for a security clearance
170. Vetting agencies are to confirm citizenship and checkable background eligibility for all clearance
subjects.
171. If citizenship cannot be confirmed or there is an uncheckable background, the vetting agency is to
advise the sponsoring agency that the eligibility criteria have not been met and the clearance
request is cancelled.
172. Vetting agencies may impose an exclusion period that precludes the clearance subject from re-
applying until the eligibility criteria is satisfied.
173. Sponsoring agencies may choose to consult with the vetting agency to initiate an eligibility waiver.
8.2. Assessing Suitability

174. Vetting agencies are to:
conduct all minimum mandatory checks, as detailed in Table 4, and any appropriate
supplementary checks, and collect all relevant, reliable and independently verified
information before assessing a clearance subjects suitability to hold a security clearance
take into account the result of all checks and inquiries as the basis for determining suitability
assess clearance subjects against common factor areas in accordance with the Adjudicative
Guidelines, as detailed in Section 5 of the Australian Government personnel security
guidelines - Vetting practices
resolve any doubts about suitability for access to security classified resources in favour of
the National Interest, and
identify any risk management or specific clearance maintenance conditions relating to the
clearance.
175. Vetting agencies should consider any information they become aware of, that is relevant to
suitability, even if the matters falls outside of the minimum checking period.
29
176. The vetting agency is to deny a security clearance where any reasonable doubts about the
clearance subjects suitability that cannot be resolved. Reasonable doubt exists when concerns
regarding the suitability of a clearance subject remain after all minimum and any supplementary
checks are completed.
8.2.1. Supplementary checks and inquiries
177. Vetting agencies are to conduct appropriate supplementary checks and inquiries if the minimum
checks are insufficient to clearly establish the clearance subjects suitability or unsuitability. For
further details on supplementary checks see Australian Government personnel security guidelines -
Vetting practices.
8.2.2. Mitigation
178. Where the background assessment, including supplementary checks, identifies a personal
vulnerability, the vetting agency is to determine if there are any mitigating factors. Mitigating
factors are detailed in section 5 of the Personnel security guidelines - Vetting practices.
8.2.3. Vetting agency consultation with sponsoring agencies
179. Vetting agencies are to advise sponsoring agencies of any information provided as part of the
vetting process or ongoing clearance maintenance that may impact on a persons suitability to
access Australian Government resources or where risk mitigation measures are required.
180. Vetting agencies are to consult with sponsoring agencies before granting a security clearance that
imposes additional clearance maintenance conditions.
181. If mitigation is not satisfied by agreement to additional clearance maintenance conditions by

either the clearance subject or sponsoring agency, the vetting agency is to deny the clearance.
8.3. Vetting decisions

182. Vetting agencies are to base all vetting on an assessment of the whole personSee the
Adjudicative Guidelines.
183. The vetting agency is to advise the clearance subject and sponsoring agency in writing of the
decision to grant including any risk mitigations, deny, deem ineligible or cancel a security
clearance and any conditions imposed.
8.4. Failure to comply with the clearance process

184. The vetting agency is to cancel a clearance process and notify the sponsoring agency where a
clearance holder does not comply with the clearance process requirements.
30
8.5. Personnel security checks for initial clearances
Table 4 Minimum personnel security checks and requirements for initial clearances1
Postive Vetting
Psychological assessment
Negative Vetting 2 Financial probity check
Negative Vetting 1 Security interview Security interview

Digital footprint checks Digital footprint checks Digital footprint checks
3 3 3
Financial statement Financial statement Financial statement and supporting
documents
Suitability screening questionnaire Suitability screening questionnaire Suitability screening questionnaire
Baseline Vetting ASIO assessment ASIO assessment ASIO assessment
2 2 2
Qualification verification Qualification verification Qualification verification Qualification and document verification
4 4
Professional referee check Referee checks (including 1 professional) Referee checks (including 1 professional Referee checks (including 1 professional
4 4
and 1 un-nominated) and 1 un-nominated)
5 5 5
Police Records Check (No Exclusion) Police Records Check (Full Exclusion) Police Records Check (Full Exclusion) Police Records Check (Full Exclusion)
8
Financial history check Financial history check Financial history check Financial history check
6 6 6 7
5 year background check 10 year background check 10 year background check Whole of life background check
Official secrets declaration Official secrets declaration Official secrets declaration Official secrets declaration
Statutory Declaration Statutory Declaration Statutory Declaration Statutory Declaration
6 6 6 6
Identity verification Identity verification Identity verification Identity verification
Notes:
1. Suitability is assessed against the criteria contained in the Australian Government personnel security guidelines - Vetting practices section 5 (Adjudicative guidelines)
2. Qualifications checks should be part of an agency employment screening process where qualifications are claimed and/or mandatory.
3. Financial statement provides a detailed summary of a clearance subjects assets, income, liabilities and expenditure, see the Australian Government personnel security guidelines - Vetting practices section 4.6.2.
4. Referees are to collectively cover the whole checking period. Professional checks are to cover at least the preceding 3 months. Additional referees may be required.
5. The application of spent convictions legislation will vary dependent on the jurisdiction in which the offence occurred.
6. Identity checked in accordance with the Australian Identity Proofing Guidelines (level 3 for baseline and NV1 and level 4 for NV2 and PV). In addition to documentation to confirm residential addresses, employment, supporting
documentation is also required to confirm citizenship status, and if relevant overseas travel see Australian Government personnel security guidelines - Vetting practices
7. For further details see the Sensitive Material Security Management Protocol
8. Financial history check - provides an overview of a clearance subjects financial history. See the Australian Government personnel security guidelines - Vetting practices section 4.6.2 for further details on financial history checks.
31
185. Table 4 shows the hierarchy of checks and processes that reflects the level of assurance required
for each level of security clearance.
8.5.1. Statutory declaration
186. Clearance subjects are to sign a Statutory Declaration made under the Statutory Declarations Act
1959 (Cth) that confirms:
they have provided complete and truthful information to the vetting agency
they have not altered the original documents or the copies provided to the vetting agency,
and
the original documents relate specifically to them.
187. For further information on the requirements see Statutory Declarations.
8.5.2. ASIO Security Assessment
188. Either the Commonwealth vetting agency, or the Commonwealth facilitating agency for State and
Territory assessments, is to obtain an ASIO Security Assessment for all NV and PV clearance
subjects. The only exception is where the vetting agency has already assessed that the person
would be unsuitable for a security clearance regardless of any assessment ASIO might make. For
further information see the Australian Government personnel security guidelinesVetting
practices.
189. Vetting agencies are to provide ASIO with the details of any security concerns about the clearance
subject.
8.6. Reviews of security clearances

190. Vetting agencies are to undertake:
periodic revalidations of security clearances, and
reviews for cause for all clearances where concerns about a clearance holders suitability to
hold a clearance are identified. For further information see Section 10.6.2 - Reviews for
cause.
191. The vetting agency is to advise the clearance subjects sponsoring agency of any
review/investigation being undertaken by the vetting agency, to allow the sponsoring agency to
assess whether to deny access pending the outcome of the review.
8.6.1. Periodic Revalidations
192. Vetting agencies are to periodically initiate revalidations of all Baseline, Negative and Positive
Vetting security clearances.
193. The requirements for the revalidation of security clearances are listed in Table 5. The table shows
the hierarchy of checks and processes that reflect the level of assurance required for each level of
security clearance. Vetting agencies are to undertake additional checks to resolve concerns on a
case-by-case basis.
32
Table 5: Summary of minimum revalidation requirements
Baseline Negative vetting Negative vetting Positive vetting
level 1 level 2
To be undertaken by To be undertaken by To be undertaken by To be undertaken by
vetting agencies at least vetting agencies at least vetting agencies at least vetting agencies at least
every 15 years. every 10 years. every 5 years. every 5 years.
Updated personal Updated personal Updated personal Updated personal
particulars covering particulars covering period particulars covering period particulars covering
period since previous since previous vetting since previous vetting period since previous
vetting vetting
Police records check Police records check Police records check Police records check
(No exclusion) (Full exclusion) (Full exclusion) (Full exclusion)
Financial history check Financial history check Financial history check Financial history check
1 professional referee 1 professional referee 2 referee checks 3 Referee checks
check check (including 1 professional (including 1 professional
and 1 un-nominated) and 1 un-nominated)
ASIO check ASIO check ASIO check
Financial statement Financial statement Financial statement and
supporting documents
Interview Interview
Psychological
assessment
8.6.2. Reviews for cause
194. A review for cause may be initiated whenever a security concern regarding a clearance subject
arises.
195. Upon receipt of information raising concerns about the suitability of a clearances holder, vetting
agencies are to assess if a review for cause is warranted.
196. Prior to initiating a review for cause the vetting agency is to advise the sponsoring agency and
interested parties (for contractors). If the sponsoring agency or interested parties (for contractors)
advises of any ongoing investigation that might be compromised by the review for cause the
vetting agency should not commence the review until the investigation is complete.
197. Vetting agencies should advise the clearance subject prior to starting any reviews for cause, and
the reasons for the review.
198. Sponsoring agencies should advise the clearance subject of their responsibility to comply with the
review for cause process.
199. Vetting agencies are to undertake any checks required to resolve the concern(s) that led to the
initiation of the review for cause. This may include:
targeted checks to resolve an issue, or

a full revalidation if the concerns are wide ranging.
200. Vetting agencies are to advise both the clearance subject and the sponsoring agency including
interested parties (for contractors) of the review for cause outcome.
33
8.7. Adverse findings
201. Decisions and actions taken during a security clearance could be subject to judicial review. Vetting
agencies will need to demonstrate that they have met the requirements of procedural fairness.
For further information see section 6.2 of the Australian Government personnel security guidelines
Vetting practices.
202. Where a decision is made to deny a clearance, the vetting agency is to inform the clearance
subject of the procedures for seeking a review of the decision.
203. The vetting agency is to also advise the sponsoring agency of the decision to deny the clearance.
204. Vetting agencies are to report any denial of NV and PV security clearances, including any exclusion
periods, to ASIO.
8.8. ASIO-initiated review of ASIO Security Assessment

205. ASIO may provide preliminary advice to a Commonwealth agency regarding the subject of an ASIO
security assessment pending the issuing of a new ASIO security assessment.
206. Section 39 of the ASIO Act permits Commonwealth agencies to take appropriate action (such as
suspending a persons security clearance and preventing ongoing access to classified information)
if the Commonwealth agency is satisfied, on the preliminary advice from ASIO, that it is necessary
to take that action as a matter of urgency due to the requirements of security. Any action taken is
to be temporary pending receipt of a new ASIO Security Assessment. Section 39(1) prevents
Commonwealth agencies from taking other prescribed kinds of action on the basis of preliminary
advice from ASIO.
207. ASIO will normally liaise with the Commonwealth agency and the relevant vetting agency in these
circumstances.
8.9. Reviews of security clearance processes and outcomes

208. Vetting agencies are to have procedures to resolve any grievances and are to advise the clearance
subject of these procedures as part of the clearance process.
209. Vetting agencies are to resolve any grievances raised by the clearance subject regarding:
the security clearance process, and

the manner in which the vetting agency conducted the clearance, or the decision made.
210. Vetting agencies are to advise the clearance subject of these procedures as part of the clearance
process.
8.10. Review of clearance decisions

211. Clearance subjects or sponsoring agencies may seek a review of any security clearance decision.
The initial review is to be carried out by the vetting agency responsible for denying or varying a
clearance.
34
212. An application by a clearance subject for a review does not change the original decision. A review
may determine that the process was flawed and a new process should be undertaken.
213. Clearance subjects may also seek external review. The avenue for review will vary. Some examples
are:
APS employees may seek review through the Australian Public Service Commissioner or the
Commonwealth Ombudsman, and
contractors may seek review through the Office of the Commonwealth Ombudsman.
214. Any person may seek review through the Federal Court.
215. The delegate for the purposes of the review should be independent from the original decision
maker.
216. The Public Service Regulations 1999 (Cth) provides guidance on review processes for APS
employees.
217. The vetting agency and the clearance subject seeking the review are to co-operate fully with the
review process.
8.11. Transfer of Personal Security Files

218. Vetting agencies are to transfer PSFsto the extent that their enabling legislation allowsto the
new vetting agency when a clearance holder transfers to another agency covered by a different
vetting agency. For further information see the Australian Government personnel security
guidelinesVetting practices.
219. The receiving vetting agency is to address any anomalies within the incoming clearance subjects
PSF at the time of transfer.
220. Vetting agencies are to advise sponsoring agencies of any concerns with the transferring clearance
holder's PSF. The sponsoring agency can then make a risk based decision on continuing access by
the clearance subject to security classified resources. For further information see the Australian
Government personnel security guidelinesVetting practices.
8.12. Recognition of clearances

221. Vetting agencies are to recognise the security clearances granted by another vetting agency,
unless:
the clearance has exceeded its revalidation period
the clearance was granted with an eligibility waiver, or
the vetting agency has concerns that the incoming clearance subject is no longer suitable to
access Australian Government security classified resources at that clearance level.
8.13. Active and inactive clearances

222. An active clearance is a security clearance that is sponsored by an Australian Government agency,
and being maintained by a clearance holder and sponsoring agency.
35
223. An inactive clearance is a security clearance that is within the revalidation period, however the
clearance:
is not sponsored by an Australian Government Agency
is not being maintained by the clearance holder for a period greater than six months due to
long term absence from their role, and
for the Positive Vetting level is unsponsored; however, an annual security check was
completed within the last two years.
224. Security clearances without sponsorship, but still within the revalidation period, are considered
inactivei.e. the clearance is not in use but has not been cancelled as a result of a review for
cause.
225. Upon notification of change of sponsorship for a clearance within the revalidation period, the
vetting agency is to identify the security clearances as active, only once the vetting agency has
assessed any changes of circumstances.
226. Vetting agencies are to identify security clearances as active upon notification of sponsorship by a
new agency, where the clearance is within the revalidation period subject to the vetting agencys
assessment of any changes of circumstances. For further information see the Australian
Government personnel security guidelinesVetting practices.
8.14. Vetting staff training and qualifications

227. Vetting agencies are to use qualified personnel in the vetting process.
228. Vetting agencies are to:

provide appropriate initial and supplementary training to assessing officers, and
assess, and periodically reassess, the competency of assessing officers.
229. See the Australian Government personnel security guidelinesVetting practices for details of
qualifications, competencies and training requirements for vetting staff.
8.15. Vetting agencies management of outsourced vetting

providers
230. Vetting agencies are to ensure contractors engaged in vetting meet the requirements of the PSPF
and any agency specific polices or procedures. For further information see Australian Government
personnel security guidelinesVetting practices.
36
9. Agency responsibilities for active monitoring of clearance
holders
PERSEC 7: Agencies must establish, implement and maintain security clearance policies and procedures for
clearance maintenance in their agencies.
PERSEC 8: Agencies and vetting agencies must share information that may impact on an individuals ongoing
suitability to hold an Australian Government security clearance.
GOV 1: Agencies must provide all staff, including contractors, with sufficient information and security
awareness training to ensure they are aware of, and meet the requirements of the PSPF.
231. Clearance maintenance is a joint responsibility of vetting agencies, sponsoring agencies and the
individual clearance holder. The purpose of clearance maintenance is to provide continuing
mitigation to the risk from the malicious trusted insider. It is an ongoing process throughout the
life of a security clearance.
232. Vetting agencies are responsible for the periodic review of clearance holders suitability
(revalidations) and conducting any reviews for cause when specific issues or concerns arise that
may affect a clearance holder's suitability. For more information see Sections 10.6 - Reviews of
Security Clearance and 10.6.2 - Reviews for Cause.
233. Sponsoring agencies are responsible for their security clearance holders (including Contractors).
Sponsoring agencies are to:
providing security awareness training and security clearance specific briefings

advise and remind clearance holders of their ongoing obligation to report changes of
circumstances and contacts that are suspicious, on-going, unusual or persistent. For further
information see the Personnel security guidelines Agency personnel security
responsibilities.
provide ongoing supervision and management of clearance subjects including their
suitability to access official resources
notify the vetting agency of other issues of security concern relating to the ongoing
suitability of clearance holders, including security incidents and any concerns relating to
integrity
manage any additional specific clearance maintenance requirements agreed by the vetting
agency and the sponsoring agency as a condition of the security clearance, and
additional agency responsibilities for the ongoing clearance maintenance of their
contractors are detailed in Section 9.8 - Clearance maintenance for contractors.
234. These responsibilities are in addition to the controls identified for all personnel contained in
Section 5 Ongoing suitability for employment.
37
9.1. Security awareness training for clearance holders
235. Agencies are to ensure that people who have access to Australian Government security classified
resources, understand and accept their day-to-day security responsibilities.
236. In addition to a program of security briefings and training that directly responds to the agencys
security risk assessment, agencies are to:
advise clearance holders and their managers of their day-to-day security responsibilities
advise clearance holders and their managers of their reporting requirementsfor example:
- changes of circumstances, and
- suspicious, on-going, unusual or persistent contacts.
provide the clearance holder with a briefing and/or training reminding them of their
clearance responsibilities, at least every five years or at clearance revalidation, whichever is
the sooner.
237. Agencies may also need to coordinate additional training/ briefings for personnel with access to
Sensitive Compartmented Information with the compartment owners.
9.2. Managing specific clearance maintenance requirements

238. Some concerns identified in the clearance process may be mitigated by applying additional specific
clearance maintenance requirements, e.g. additional periodic drug screening for reformed drug
users.
239. Agencies are to:

undertake any additional specific clearance maintenance requirements agreed to by the
sponsoring agency and vetting agency, and
are to report any results including any non-compliance with the additional requirements, to
the vetting agency.
240. Where compliance with additional requirements is not met by the clearance subject, the vetting
agency is to undertake a review for cause into the clearance subjects ongoing suitability. The
resultant action by the vetting agency may be the variation or withdrawal of a security clearance.
9.3. Annual health check

241. Agencies are to annually require:
clearance holders to confirm that they have reported to their agency security section:
- all changes of circumstances, and
- any suspicious, on-going, unusual or persistent contacts
clearance holders to complete any required security awareness training, and
managers responsible for personnel to confirm they have reported any concerns about the
clearance holders.
38
242. Agencies are to report any security concerns they have as to the ongoing suitability of their
clearance subjects to their vetting agency.
243. The annual health check does not replace an agencys ongoing responsibility for their performance
management including code of conduct investigations.
For further information on the annual health check see section 14.1 of the Australian
Government personnel security guidelines Agency personnel security responsibilities.
9.4. Sharing of information

244. Agencies are to provide vetting agencies with any information about the suitability of a person to
hold a security clearance. This includes but is not limited to:
negative results of agency specific checks

reportable changes of circumstances
suspicious, on-going, unusual or persistent contacts
incident and investigation results, and
where a breach of the code of conduct has been established or a security violation proven or
personnel management concerns that may call into question the integrity of the person.
245. Agencies should not use the clearance review process to deal with personnel management
problems (e.g. underperformance). However, if it is likely that such concerns could affect a
persons suitability to hold a clearance, line managers should notify their agency security section
who in turn may notify the vetting agency.
246. Vetting agencies are to advise sponsoring agencies of any suitability concerns raised about
clearance subjects and any pending or active reviews for cause. In such cases and based on a risk
assessment the sponsoring agency is to, determine whether to limit or suspend the clearance
subjects access to security classified resources.
9.4.1. Reportable changes of personal circumstances
247. Agencies are to require their clearance holders to advise the agency security section of any
reportable changes in personal circumstances. For further details on what is a reportable change
of circumstance see Australian Government personnel security guidelines Agency personnel
security responsibilities.
248. Agencies are to also require agency personnel to advise the agency of changes in personal
circumstances of other clearance holders if they have concerns that may be relevant to a
clearance holders suitability.
249. The agency is to then advise the vetting agency of any notified reportable changes in
circumstances.
39
9.4.2. Contact reporting under the Australian Government Contact
Reporting Scheme
250. Agencies are to require their personnel to report suspicious, on-going, unusual or persistent
contacts with foreign officials and other foreign nationals to their agency security section.
251. Agencies are to:
collect Contact Reports from their personnel

acknowledge receipt of all reports
assess the reports, and

forward any reports of suspicious, ongoing, unusual or persistent nature to ASIO Contact
Reporting.
252. For further information see Australian Government personnel security guidelines Agency
personnel security responsibilities.
9.4.3. Reporting security incidents to vetting agencies and other

appropriate agencies
253. Agencies are to advise the vetting agency of:

any security violations 4 attributed to particular security clearance holders as reasonably
practicable, and
the results of any investigations into security breaches attributed to particular security
clearance holders and conduct or incidents that may indicate a disregard for security by
clearance holderse.g. multiple infringements of agency security policies.
254. Agencies are to consult with the Australian Federal Police (AFP) and/or the Australian Security
Intelligence Organisation (ASIO) in respect of investigations that may have potentially serious
issues.
255. Agencies are to also advise security incidents to:

the Director, Australian Signals Directorate for matters relating to the Australian
Government Information Security Manual (ISM)
the Director-General, Australian Security Intelligence Organisation for matters relating to

national security, and
the heads of any agencies whose people, information or assets may be affected.
256. Agencies are to withdraw all access to security classified resources for any person responsible for
a security violation as soon as reasonably practicable after the violation is identified.
4Security violation a deliberate action that leads, or could lead, to the compromise of official resources; or an accidental failure that
leads to the compromise of CONFIDENTIAL or above material.
40
257. Agencies should make a risk based decision on whether to remove or restrict access for personnel
directly responsible for security breaches 5 or conduct that indicates a disregard for security.
258. Agencies should reassess any clearance holders access when an investigation into a violation or
breach is finalised.
259. Agencies are to notify the vetting agency when a breach of the code of conduct or other
disciplinary finding has been made against a clearance holder, including any cases where a breach
is established following the clearance holders departure from the agency.
260. Agencies are to include security incidents as part of their compliance reporting requirements
detailed in mandatory requirement GOV7.
9.5. Change of sponsorship of security clearances

261. Where clearance holders are moving permanently from one agency to another and require a
security clearance for their new role, the gaining agency is to request a transfer of the clearance
sponsorship. Once transferred, the gaining agency has ongoing responsibility for the clearance
maintenance.
262. Gaining agencies are to only sponsor clearances at the level required for the position the person
will be occupyinge.g. the gaining agency will only sponsor an NV1 clearance for an existing NV2
holder who moves to a position requiring an NV1 clearance.
263. Agencies should advise the change of agency to the vetting agency.
9.6. Personnel on temporary transfer or secondment

264. Agencies should, in consultation with the persons home agency, make a determination of
whether the clearance sponsorship should stay with the home agency or be transferred for the
duration of the transfer or secondment.
265. Where temporary personnel have been granted a security clearance by a State or Territory in
accordance with the PSPF, the clearance is to be recognised by the gaining agency for the period
of the transfer or secondment. Agencies should request confirmation of the clearance from the
vetting agency that granted the clearance.
9.6.1. Clearance maintenance for personnel on secondment or

temporary assignment
266. Agencies are to agree on the clearance maintenance arrangements before a secondment or
temporary assignment commences.
267. Irrespective of the agreed clearance maintenance arrangements, agencies are to advise of any
identified security concerns that arise during the secondment or temporary assignment to the
5
Security breach an accidental or unintentional failure to observe the protective security mandatory requirements
41
home agency. This includes concerns identified after the secondment or temporary assignment
concluded.
9.7. Personnel on extended leave

268. Agencies are to have procedures to notify their agency security staff of personnel planning to go
on extended leave. The period will depend on the agencys risk profile and any specific risks
associated with the position.
269. Agencies are to, where possible, resolve any security issues before the leave is taken.
9.8. Clearance maintenance for contractors

270. There are additional risks for the ongoing maintenance and management of security clearances
for contractors.
271. In addition to provisions outlined in Section 9 - Agency responsibilities for active monitoring of
clearance holders, contracts are to contain clearance maintenance provisions including:
arrangements for dealing with any reportable changes in circumstances and the reporting
and investigation of security incidents or breaches
the requirement for contract staff to protect the agencys information and assets, and
ongoing security awareness training that includes the contracting companys responsibility
to require contracted staff to:
- protect the agencys assets and information
- report changes in personal circumstances, and
- report suspicious, on-going, unusual or persistent contacts.
272. The agency should require the contracting company to inform the agency if an individual
employed by the company is/has:
employed on other concurrent contracts with other agencies or governments, so that all
affected agencies can be advised of any security concerns and can identify any conflicts of
interest
employed on any new contracts

been expelled from an accrediting body
been arrested or is undergoing disciplinary proceedings
subject to law enforcement action or criminal legal proceedings, or
been dismissed, has resigned or is on long term leave.
273. The agency should include in the contract:

any standards of behaviour which it also expects employees to observe relating to code of
conduct and the application of protective security measures, and
provisions for revoking physical and ICT access upon a contracted staff members exit from
the company.
42
274. For further advice on protective security in contracting see PSPFGovernance arrangements
Contracting and the Centre for Protection of National Infrastructure (UK) publication The secure
procurement of contracting staff - a good practice guide for the oil and gas industry.
9.8.1. Clearance sponsorship of contractors that are no longer

actively engaged by an agency
275. Lead agencies are to advise vetting agencies that security clearance sponsorship has been
withdrawn for contractors when they are no longer actively engaged by that agency.
276. Vetting agencies are to notify any interested parties (other agencies) that the lead agency has
withdrawn sponsorship for the contractor. If the interested party requires the contractor to hold a
security clearance, they will need to take on sponsorship of that contractor. This includes the
responsibilities for clearance maintenance. For further information see Section 10.1.
43
10. Agency separation actions
PERSEC 9: Agencies must have separation policies and procedures for departing clearance holders, which
includes a requirement to:
inform vetting agencies when a clearance holder leaves agency employment or contract engagement,
and
advise vetting agencies of any security concerns.
10.1. Prior to separation

277. Prior to a clearance holders separation an agency is to:
debrief separating personnel who have access to:
- Australian Government classified resources
- codeword information (and advise the agency providing the codeword information),
and/or
- caveat information.
remind the clearance holder of their continuing personal obligations under the Crimes Act,
Criminal Code and other relevant legislation, and
obtain formal acknowledgement of that continuing obligation.
278. Agencies are to report any security concerns (non-compliance with the separation procedures)
about departing clearance holders to the vetting agency and ASIO ( for security as defined in the
Australian Security Intelligence Organisation Act 1979(Cth)), particularly where the clearance
holder departs without having a security debrief.
279. The vetting agency is to place this information on the PSF where it will be reviewed prior to
consideration of any new vetting action.
280. If departing clearance holders do not cooperate with these procedures or are otherwise assessed
to pose a risk to security, the agency is to undertake a risk assessment and implement mitigations.
10.2. On separation
281. On separation of a clearance holder, an agency is to advise the vetting agency:
that the clearance holder has left, and
of the details, if known, of any other agency or contracted service provider the clearance
holder is transferring to
282. Agencies are to forward a copy of a signed recognition of continuing obligation to the vetting
agency.
44
283. Where employees leave before these actions have been completed, the agency security advisor is
to review the circumstances to ascertain whether there are any security related concerns.
284. The agency is to report any such concerns to the vetting agency and ASIO.
10.2.1. Separation of contractors
285. Sponsorship of a contractor clearance ceases when the contractor no longer has a business
relationship with the sponsoring agency.
286. An agency should include in their contracts an obligation on the contracting company to advise
the agency when the contractors staff or sub-contractors with sponsored clearances have ceased
to work on the agencys contract.
287. Agencies are to advise the vetting agency when a sponsored contractor no longer requires a
security clearance to access the agencys security classified resources.
288. Vetting agencies are to advise any other known agencies using the contractor that the
contractors clearance is no longer sponsored by that agency, giving interested parties the
opportunity to assume sponsorship including the responsibilities for clearance maintenance of the
contractor.
45
Annex A: Request for variation of Special Minister of States
Determination 2012/1 for a Ministers Electorate Officer
289. Under Determination 2012/1, a Ministers Chief of Staff may request a variation of the security
clearance requirement from the Secretary of the Attorney-Generals Department where:
the person is an electorate officer
the electorate officer is not required to access, and will not come into contact with, security
classified information or resources:
- above PROTECTED for electorate officers employed by a National Security Committee
of Cabinet (NSC) Minister, or
- above SECRET for electorate officers employed by a non-NSC Minister.
290. The Secretary, Attorney-Generals Department will approve the request to vary the requirement for
a Negative Vetting Level 2 security clearance following a recommendation by the Portfolio
Department that confirms the electorate officer will not access security classified information or
resources above PROTECTED or SECRET as appropriate (see above).
291. The following security clearance levels are to apply:
Negative Vetting Level 2:

- electorate officers for NSC Ministers who access security classified information or
resources above PROTECTED, and
- electorate officers for Ministers who are not members of the NSC, and who access
security classified information or resources at TOP SECRET.
Negative Vetting Level 1:
- electorate officers for Ministers who are not members of the NSC, and who access
security classified information or resources at CONFIDENTIAL and/or SECRET.
Baseline:
- electorate officers who access official information and security classified information
or resources up to and including PROTECTED.
46
Request for variation of Special Minister of States Determination 2012/1
for a Ministers Electorate Officer
All staff employed by Ministers, including Parliamentary Secretaries, employed under Part III of the Members of Parliament
(Staff) Act 1984 are required to be security cleared to Negative Vetting Level 2 unless:
the staff member:
- is an electorate officer, and
- does not require access to, and will not be exposed to, security classified material
the Ministers Chief of Staff requests an exemption, and certifies the electorate officer will not access classified
material
the Ministers Portfolio Department endorsed the request for variation, AND
the variation is approved by the Secretary of the Attorney-Generals Department
Ministers Chief of Staff request for variation

I certify that Name of electorate officer is an electorate officer for Ministers name
and is not required to access, and will not come into contact with, TOP SECRET security classified material. I request a
variation of the requirement for the above electorate officer to hold a Negative Vetting Level 2 security clearance.
Name and phone number of Chief of Staff Signature Date
/ /
Forward request to the Agency Security Adviser of the Portfolio Department

Portfolio Department endorsement of request Name of Portfolio Department
I endorse the request to vary the requirement for a Negative Vetting Level 2 security clearance for the above mentioned
electorate officer. I confirm he/she will not have access to TOP SECRET material, and may have access to or come in
contact with security classified material:
At or below PROTECTED AT CONFIDENTIAL OR SECRET
(Tick whichever is applicable)
Name, position and phone number of endorsing officer Signature Date

/ /
Send to: Protective Security Policy Section, Attorney-Generals Department, 3-5 National Circuit, BARTON ACT 2600
Email: pspf@ag.gov.au
Approval of request
As the delegate for Secretary, Attorney-Generals Department, I vary the requirement for the above mentioned
electorate officer to be security cleared to Negative Vetting Level 2, subject to them undergoing:
Baseline
Negative Vetting Level 1
Variation not approved - Negative Vetting Level 2 required
(Tick whichever is applicable).
Name and position of approving officer Signature Date

/ /
Send to: Ministerial and Parliamentary Services, Department of Finance and Deregulation, Parkes Place, PARKES
ACT 2600
47

Australian Government Personnel Security Management Protocol 2.1

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Australian Government Personnel Security Management Protocol 2.1

Hochgeladen von

Copyright:

Verfügbare Formate

Australian Government Personnel Security

Approved September 2014

Use of the Coat of Arms

Commercial and Administrative Law Branch

Date of next review Under review

1.2. Status and applicability

Figure 1 - Personnel security policy hierarchy

the Australian Government information security management protocol

the Australian Government physical security management protocol

the Privacy Act 1988 (Cth)

the Personnel security guidelines:

1.3. Terms used in this Protocol

9. Unless otherwise stated, the use of:

10. Clearance decisions/status:

active refers to a maintained security clearance that is sponsored by an Australian

1.4. Agency responsibilities in personnel security

1.4.1. Agency heads

13. Responsibility for development, implementation and maintenance of personnel security

leadership/vision and values

culture through policy, procedures and education.

1.4.2. Line managers

16. Line managers are responsible for:

monitoring employee behaviour, and

1.4.3. Agency personnel

17. All agency personnel are responsible for:

complying with agency pre-engagement, ongoing suitability and security clearance

1.5. Policy exceptions

is not applying the specified control

1.5.1. Functional equivalents

1.6. Sharing personal information

law enforcement agencies

other agencies that are affected by a security concern.

Qualification checks Certificate verification for mandatory

programs, contact reporting scheme

Investigations Gather evidence about security

Security clearance Periodic revalidations Annual health check

Criminal Code and other legislation

Withdrawal of access Cancelling ID passes and ICT access

Security clearance actions Advice to vetting agency of the

38. Adopting a comprehensive, risk-based approach to personnel security is important in the

39. Agencies are to have personnel security measures that:

3.1. Personnel security risk assessments

the disclosure or altering of Australian Government information

unauthorised third party access to Australian Government resources.

4.1. Recommended employment screening

4.2. Agency-specific employment screening checks

53. Additional screening may include:

4.3. Recording results of employment and additional agency

4.3.1. Additional information

62. Additional information on employment screening is available from:

AS 8001-2008: Fraud and Corruption Control

section 10 of the Public Governance, Performance and Accountability Rule 2014

APS Conditions of engagement.

5.1. Security awareness, training and education

unusual and suspicious behaviour, and

5.2. Performance management

5.3. Conflict of interest

5.4. Incident investigation

5.5. Monitoring, evaluating and recording of ongoing personnel

providing guidance to personnel on reporting suspect conduct by other personnel, and

6.1. Cooperation in the clearance process

copies of any requested supporting documents, and

6.2. Identifying and recording positions that require a security

6.2.1. Security clearance levels