DISP is essentially a form of security vetting which allows the Department of Defence to safeguard their supply chain and is a prerequisite for companies wanting to participate in government and private defence company tenders. DISP members also have access to Defence security advice and support services, and demonstrate that they have a high degree of cyber security. There are four levels of membership, with the higher levels requiring more rigorous assessment.
In order to gain membership, companies must provide evidence that they meet the security requirements of the Australia Defence across four categories; ‘personnel security’, ‘physical security’, ‘information & cyber security’, and ‘security governance’.
- Personal security – employees and contractors meet the appropriate standards of integrity and honesty required to access Australian Government resources.
- Physical security – the company provides a safe and secure environment for their employees and infrastructure.
- Information & cyber security – Good Cyber Security such that confidentiality, integrity and availability of all official information is maintained.
- Governance – Security risks are managed and a positive security culture exists.
While the requirements for DISP membership expand beyond cyber security, the majority of the requirements are of this nature. This includes items such as having regular penetration testing, monitoring for threats, and security governance and information handling policy and procedures. Companies that are ISO27001 certified will satisfy many of these requirements. Vertex Cyber Security has helped many companies achieve DISP and ISO27001 certification. Feel free to contact us on 1300 2 CYBER (29237) or if you would like more information about how we can help. For a comprehensive overview of the requirements for DISP membership, check out the official Defence Security Principles Framework pdf.
How To Apply
At a high level, the process for applying to become a DISP member is as follows:
- Determine the level of membership you need.
- Assess what work needs to be done to satisfy the criteria for the level of membership you want.
- Do the implementation to align your company to the requirements (Vertex Cyber Security can help with this).
- Submit your application.
A more thorough process can be found on the Australian Government Defence website.