Australian Government Personnel Security
Protocol
Version 2.1
Approved September 2014
Amended April 2015
© Commonwealth of Australia 2013
All material presented in this publication is provided under a Creative Commons Attribution 3.0
Australia licence (Creative Commons Licenses).
For the avoidance of doubt, this means this licence only applies to material as set out in this document.
The details of the relevant licence conditions are available on the Creative Commons website as is the
full legal code for the CC BY 3.0 AU licence (Creative Commons Licenses).
Use of the Coat of Arms
The terms under which the Coat of Arms can be used are detailed on the It's an Honour website.
Contact us
Enquiries regarding the licence and any use of this document are welcome at:
Commercial and Administrative Law Branch
Attorney-General’s Department
3–5 National Cct
BARTON ACT 2600
Call: 02 6141 6666
Email: copyright@ag.gov.au
Document details
Security classification
Unclassified
Dissemination limiting marking
Publicly available
Date of next review
Under review
Authority
Attorney-General
Author
Protective Security Policy Section
Attorney-General’s Department
Document status
Version 2.1 approved 1 September 2014 (replaces
Version 1), amended April 2015
i
Table of contents
Amendments ......................................................................................................................... v
1.
Scope ............................................................................................................................ 1
1.1.
Introduction .................................................................................................................. 1
1.2.
Status and applicability ................................................................................................. 1
Figure 1 - Personnel security policy hierarchy............................................................................ 1
1.3.
Terms used in this Protocol .......................................................................................... 2
1.4.
Agency responsibilities in personnel security ............................................................... 4
1.4.1. Agency heads ............................................................................................................ 4
1.4.2. Line managers .......................................................................................................... 4
1.4.3. Agency personnel...................................................................................................... 4
1.4.4. Need-to-know principle ............................................................................................ 5
1.5.
Policy exceptions .......................................................................................................... 5
1.5.1. Functional equivalents .............................................................................................. 5
1.6.
Sharing personal information ....................................................................................... 5
2.
Components of personnel security ................................................................................. 7
3.
Identifying personnel security risk .................................................................................. 9
3.1.
4.
Personnel security risk assessments ............................................................................. 9
Employment screening ................................................................................................. 10
4.1.
Recommended employment screening ...................................................................... 10
4.2.
Agency-specific employment screening checks.......................................................... 11
4.3.
Recording results of employment and additional agency specific screening............. 11
4.3.1. Additional information ........................................................................................... 11
5.
6.
Ongoing suitability for employment ............................................................................. 13
5.1.
Security awareness, training and education............................................................... 13
5.2.
Performance management ......................................................................................... 13
5.3.
Conflict of interest ...................................................................................................... 13
5.4.
Incident investigation ................................................................................................. 14
5.5.
Monitoring, evaluating and recording of ongoing personnel suitability .................... 14
Agency security clearance requirements ....................................................................... 15
6.1.
Cooperation in the clearance process ........................................................................ 15
6.2.
Identifying and recording positions that require a security clearance ....................... 15
6.2.1. Security clearance levels ......................................................................................... 16
6.2.2. Caveat and codeword access .................................................................................. 17
ii
6.2.3. Contractors requiring security clearances .............................................................. 17
6.2.4. Persons employed under the Members of Parliament (Staff) Act 1984 (Cth) ........ 18
6.3.
Australian office holders ............................................................................................. 18
6.4.
Other access arrangements ........................................................................................ 19
6.4.1. Foreign Nationals with non-Australian Government security clearances .............. 19
6.5.
Eligibility waivers (citizenship and checkable background) ........................................ 20
6.5.1. Eligibility waivers .................................................................................................... 20
6.5.2. Non-Australian citizens ........................................................................................... 21
6.5.3. Uncheckable backgrounds ...................................................................................... 21
6.5.4. Conditions for clearances subject to an eligibility waiver....................................... 22
7.
6.6.
Locally engaged staff .................................................................................................. 22
6.7.
State or Territory government security clearances .................................................... 23
Temporary access to classified information arrangements ............................................ 24
7.1.
Temporary access conditions ..................................................................................... 24
7.1.1. Types of temporary access ..................................................................................... 25
7.1.2. Short term access.................................................................................................... 26
7.1.3. Provisional access ................................................................................................... 27
7.2.
8.
Temporary access for MOPS Act staff ........................................................................ 27
Vetting agency responsibilities ..................................................................................... 29
8.1.
Authority to make clearance decisions....................................................................... 29
8.1.1. Confirming eligibility for a security clearance ........................................................ 29
8.2.
Assessing Suitability .................................................................................................... 29
8.2.1. Supplementary checks and inquiries....................................................................... 30
8.2.2. Mitigation ............................................................................................................... 30
8.2.3. Vetting agency consultation with sponsoring agencies ......................................... 30
8.3.
Vetting decisions ......................................................................................................... 30
8.4.
Failure to comply with the clearance process ............................................................ 30
8.5.
Personnel security checks for initial clearances ......................................................... 31
8.5.1. Statutory declaration .............................................................................................. 32
8.5.2. ASIO Security Assessment ....................................................................................... 32
8.6.
Reviews of security clearances ................................................................................... 32
8.6.1. Periodic Revalidations............................................................................................. 32
8.6.2. Reviews for cause ................................................................................................... 33
8.7.
Adverse findings.......................................................................................................... 34
iii
9.
8.8.
ASIO-initiated review of ASIO Security Assessment ................................................... 34
8.9.
Reviews of security clearance processes and outcomes ............................................ 34
8.10.
Review of clearance decisions .................................................................................... 34
8.11.
Transfer of Personal Security Files.............................................................................. 35
8.12.
Recognition of clearances ........................................................................................... 35
8.13.
Active and inactive clearances .................................................................................... 35
8.14.
Vetting staff training and qualifications ..................................................................... 36
8.15.
Vetting agencies’ management of outsourced vetting providers .............................. 36
Agency responsibilities for active monitoring of clearance holders ................................ 37
9.1.
Security awareness training for clearance holders..................................................... 38
9.2.
Managing specific clearance maintenance requirements .......................................... 38
9.3.
Annual health check ................................................................................................... 38
9.4.
Sharing of information ................................................................................................ 39
9.4.1. Reportable changes of personal circumstances ..................................................... 39
9.4.2. Contact reporting under the Australian Government Contact Reporting
Scheme.................................................................................................................... 40
9.4.3. Reporting security incidents to vetting agencies and other appropriate
agencies .................................................................................................................. 40
9.5.
Change of sponsorship of security clearances ............................................................ 41
9.6.
Personnel on temporary transfer or secondment ...................................................... 41
9.6.1. Clearance maintenance for personnel on secondment or temporary
assignment ............................................................................................................. 41
9.7.
Personnel on extended leave ..................................................................................... 42
9.8.
Clearance maintenance for contractors ..................................................................... 42
9.8.1. Clearance sponsorship of contractors that are no longer actively engaged
by an agency ........................................................................................................... 43
10. Agency separation actions............................................................................................ 44
10.1.
Prior to separation ...................................................................................................... 44
10.2.
On separation ............................................................................................................. 44
10.2.1. Separation of contractors ....................................................................................... 45
Annex A: Request for variation of Special Minister of State’s Determination 2012/1
for a Minister’s Electorate Officer.......................................................................... 46
iv
Amendments
No.
Date
Location
Amendment
1
April 2015
Section 1.3
Remove the term re-evaluation in regards to PV clearances
in the definition of ‘inactive’.
2
April 2015
Throughout
Update PSPF links
3
April 2015
Annex A
Update waiver request form to include phone numbers
4
v
1.
Scope
1.1. Introduction
1.
The core policies of the Protective Security Policy Framework (PSPF) provide the mandatory
requirements for protective security in Australian Government agencies. The Australian
Government Personnel Security Protocol provides more detailed advice for agencies to meet their
mandatory personnel security requirements.
2.
Personnel security is one element of good protective security management. The Australian
Government’s personnel security measures determine the suitability of personnel to access
Australian Government resources. A suitable person demonstrates integrity and reliability and is
not vulnerable to improper influence.
3.
Effective personnel security facilitates the sharing of Australian government resources and is an
essential mitigation tool to the threat posed by trusted insiders.
4.
An agency’s personnel security risk assessment should be incorporated into the agency’s security
risk management process and other agency risk management processes. Personnel security risk
management may impact on, and/or complement, information and physical security controls.
1.2. Status and applicability
5.
This Protocol forms part of the third level of the Australian Government’s personnel security
policy hierarchy, as shown in Figure 1. This protocol and its supporting guidelines will inform
agency-specific personnel security policy and procedures.
Figure 1 - Personnel security policy hierarchy
1
6.
7.
The Australian Government personnel Security Protocol derives its authority from the PSPF –
Directive on the security of Government business, Governance arrangements, and the Personnel
security core policy and mandatory requirements. It should be read in conjunction with:

the Australian Government information security management protocol

the Australian Government physical security management protocol

the Public Service Act 1999 (Cth) (PS Act)

the Privacy Act 1988 (Cth)

any agency specific legislation and/or guidance, and

the Personnel security guidelines:
o
Agency personnel security responsibilities, and
o
Vetting practices.
Positive Vetting (PV) security policy (developed by the Inter-Agency Security Forum) is detailed in
the Sensitive Material Security Management Protocol (SMSMP). Distribution of the SMSMP is
limited to agency security advisers with a need to know.
1.3. Terms used in this Protocol
8.
9.
10.
In this Protocol the use of the terms:

‘need to’ refers to a legislative requirement that agencies must meet

‘are to’ or ‘is to’ are controls that support compliance with the mandatory requirements of
the personnel security core policy

‘should’ refers to better practice. Agencies are expected to apply better practice unless the
agency risk assessment has identified reasons to apply other controls, and

‘required’ is used as common language and has no special meaning in this protocol.
Unless otherwise stated, the use of:

‘personnel’ in this protocol refers to employees, contractors and service providers as well as
anybody else who is given access to agency assets as part of agency sharing initiatives

‘employment screening’ refers to screening undertaken by an agency prior to employment
of staff or engagement of contractors

‘Australian Government resources’ refers to the collective term used for Australian
Government people, information and assets, and

‘vetting agency’ refers to the Australian Government Security Vetting Agency (AGSVA),
authorised agencies and State and Territory vetting agencies.

Financial statement – provides a detailed summary of a clearance subject’s assets, income,
liabilities and expenditure.

Financial history check - provides an overview of a clearance subject’s financial history.
Clearance decisions/status:
2

‘ineligible’ refers to a determination by a vetting agency that a clearance subject is not
eligible for an Australian Government security clearance as they do not hold Australian
citizenship and/or have a checkable background

‘deny’ refers to a determination by a vetting agency that a clearance subject is not eligible to
hold a Australian Government security clearance at one or more clearance levels

‘grant’ refers to a determination by a vetting agency that a clearance subject is eligible and
suitable to hold an Australian Government security clearance

‘grant – conditional’ refers to a determination by a vetting agency that the clearance
subject is eligible and suitable to hold an Australian Government security clearance with
conditions and/or after care requirements are attached to the clearance

‘cancel’ refers to a Security clearance initiated, but not completed by the vetting agency as
the sponsorship of the clearance was removed at the request of the sponsoring agency, the
sponsorship or clearance requirement could not be confirmed, or the clearance subject was
non-compliant with the clearance process

‘active’ refers to a maintained security clearance that is sponsored by an Australian
Government agency, and being maintained by a clearance holder and sponsoring agency

‘inactive’ refers to a security clearance that is within the revalidation period, however the
clearance:


-
is not sponsored by an Australian Government Agency
-
is not being maintained by the clearance holder for a period greater than six months
due to long term absence from their role
-
for the Positive Vetting level an annual security check was completed within the last
two years
-
can be reactivated or reinstated provided the clearance is sponsored by an
Australian Government agency before the end of the revalidation period, and
-
cannot be reactivated until all change of circumstances notifications covering the
period of inactivity have been assessed by a vetting agency.
‘expired’ refers to a security clearance that:
-
is outside the revalidation period and is not sponsored by an Australian Government
agency
-
is a PV clearance and did not have an annual security appraisal completed within a
two year period
-
cannot be reactivated and reinstated, and
-
reverts to an initial security clearance assessment process if an Australian
Government agency provides sponsorship after the end of the revalidation period.
‘Ceased’ refers to a security clearance:
-
that has been denied or revoked
-
that may have time-based conditions on when a clearance subject or holder can
reapply for a security clearance, and
3
-
11.
where the clearance subject or holder is ineligible to hold or maintain a security
clearance.
Additional terms used in this Protocol can be found in the PSPF – Glossary of Terms.
1.4. Agency responsibilities in personnel security
12.
Effective personnel security management is a responsibility of all agency personnel including,
senior management, line managers, HR areas, and security areas.
1.4.1.
Agency heads
13.
Responsibility for development, implementation and maintenance of personnel security
management ultimately rests with the agency head.
14.
Agency heads set:

leadership/vision and values

employment standards

the agencies risk tolerance, and

culture through policy, procedures and education.
1.4.2.
Line managers
15.
Line managers play a key role in personnel security. They are more likely than agency security staff
to have a detailed and accurate knowledge of their employees and the duties of a position in their
work area.
16.
Line managers are responsible for:

positively influencing the protective security behaviour of their personnel

monitoring employee behaviour, and

reporting any concerns about a staff member’s suitability for access to official resources to
the agency security section.
1.4.3.
17.
Agency personnel
All agency personnel are responsible for:

applying the ‘need-to-know’ principle

being aware of the importance of their role in, and responsibility for, ensuring the
maintenance of good personnel security practices throughout the agency

reporting issues of concern

complying with agency pre-engagement, ongoing suitability and security clearance
processes, and

complying with Australian Government-wide and agency-specific standards for the
protection of Australian Government security classified resources.
4
1.4.4.
Need-to-know principle
18.
Agencies are to limit access to, and dissemination of, Australian Government resources to those
personnel who need the resources to do their work.
19.
Agencies are to limit access to, and dissemination of, Australian Government security classified
resources to those who hold the appropriate level of clearance.
20.
Agencies are to provide information on the ‘need-to-know’ principle to all personnel as part of
their security awareness training.
1.5. Policy exceptions
21.
Exceptional circumstances or emergencies may arise that prevent agencies from applying relevant
controls identified in the PSPF. These may be either of an ongoing or of an emergency nature.
22.
Policy exceptions can be made for an ‘are to’ or ‘is to’ statement. By making a policy exception, an
agency head is acknowledging that the agency:

is not applying the specified control

is aware of and willing to accept the risk posed to their agency, and

will manage the risk in another way.
23.
Agencies cannot make policy exceptions to AUSTEO and Eyes Only access requirements. For
further information see Foreign Nationals with non-Australian Government security clearances.
24.
Agencies are to document their policy exceptions, including the risk assessment, in accordance
with their agency specific policies and procedures.
25.
Where appropriate, policy exceptions and risk assessments may cover policy decisions relating to
types of activity, rather than individual instances.
1.5.1.
Functional equivalents
26.
Where agencies use alternative personnel security measures that provide the same or better
functionality than specified controls, a policy exception is not required.
27.
Before agreeing to the use of alternative protective security measures an agency head, or
delegate, should seek expert advice to confirm that the technical performance requirements of
the proposed measures meet or exceed those of the specified control.
28.
For further information see Governance arrangements – Audit, reviews and reporting.
1.6. Sharing personal information
29.
The Australian Government expects agencies and vetting agencies to share information relevant
to the ongoing suitability of personnel to access Australian Government resources.
30.
Agencies are to obtain written ongoing consent from all personnel (existing and potential) to
share information with other agencies for the purposes of assessing their ongoing suitability. This
5
includes employment screening and security clearance processes. A template informed consent
form is provided at Annex C of the Personnel security guidelines – Agency personnel security
responsibilities and Annex H of the Personnel security guidelines – Vetting practices.
31. Sharing relevant information does not breach an individual’s privacy provided that informed
consent is received and the information is used for the purpose for which consent is provided.
For further information see Annex D of the Personnel security guidelines – Agency personnel
security.
32.
In order to prevent or minimise the impact of security concerns agencies may provide relevant
information about personnel to:

law enforcement agencies

intelligence agencies

potential gaining agencies (prior to personnel transferring), and

other agencies that are affected by a security concern.
33.
Agencies are to include a contractual requirement for service providers and contracting
companies to seek written consent to share information with the agency from all the service
provider’s or contracting company’s personnel who may access the agencies’ resources. The
agency may then on behalf of the Commonwealth share this information with other agencies for
the purposes of assessing suitability to access Australian Government resources. See Annex C of
the Personnel security guidelines – Agency personnel security responsibilities for a template
informed consent form.
34.
For further advice on protective security in contracting see Governance arrangements –
Contracting.
6
2.
35.
36.
Components of personnel security
Personnel security comprises three major components:

employment screening;

maintaining ongoing suitability, and

separation activities.
An agency’s approach to personnel security is to be comprehensive and ongoing. The following
table gives examples of measures at the various stages.
7
Table 1 – Summary of personnel security components
Personnel security measures
Examples of tools, techniques and
services
Employment checks
Identity proofing
National Identity Proofing Guidelines
including document verification
Eligibility
Australian Citizenship (or correct visa)
Qualification checks
Certificate verification for mandatory
qualifications
Previous employment checks
Referee checks
Criminal records check
No exclusion check under the spent
conviction scheme unless agency has
partial or full exemption,
Agency specific checks
Credit checks, drug screening, etc.
Monitoring & evaluation
Maintaining ongoing suitability
Education
Employment screening
Stage
Initial security clearances
Suitability assessments by vetting
agencies
Countering manipulation
Employee security awareness
programs, contact reporting scheme
Security culture
Using incentives to encourage the
reporting of security issues
Access controls
Physical and logical access privileges
IT passwords, access passes, codes
Protective monitoring
Physical access and IT systems
monitoring
System audit processes
Investigations
Gather evidence about security
breaches for possible Code of
Conduct or criminal prosecution
Ongoing employment
suitability checks
Change of circumstances
Agency specific screening
Periodic credit checks, drug
screening, etc.
Security clearance
maintenance
Periodic revalidations
Annual health check
Change of circumstances
Contact reporting
Separation activities
Reviews for cause
Ongoing obligations
briefing
Post-employment personnel security Security clearance debrief
obligations under Crimes Act/
Exit interview
Criminal Code and other legislation
Withdrawal of access
Cancelling ID passes and ICT access
Security clearance actions
Advice to vetting agency of the
separation
Advice to ASIO where security
concerns are present
8
3.
Identifying personnel security risk
Mandatory Requirement
GOV 6: Agencies must adopt a risk management approach to cover all areas of protective security activity across
their organisation, in accordance with the Australian Standard AS/NZS ISO 31000:2009 Risk Management—
Principles and Guidelines and the Australian Standards HB 167:2006 Security risk management
37.
An agency’s protection against threats is only as good as the weakest element of its protective
security (governance, information security, physical security and personnel security).
38.
Adopting a comprehensive, risk-based approach to personnel security is important in the
protection of an agency’s resources because:
39.

it identifies an agency’s vulnerability to a range of insider and other threats

it allows appropriate mitigation strategies to be implemented to manage these risks, and

it delivers a level of assurance about the credentials and integrity of the agency’s workforce.
Agencies are to have personnel security measures that:

meet other agencies’ expectations for information sharing arrangements, and

meet or exceed the minimum controls for the protection of Australian Government
resources.
3.1. Personnel security risk assessments
40.
The use of appropriate personnel security measures can prevent or deter a wide variety of insider
and other threats that may include:

the disclosure or altering of Australian Government information

the use of Australian Government resources without authorisation

corruption, theft or fraud

sabotage, or

unauthorised third party access to Australian Government resources.
41.
For further advice see Managing the Insider Threat to your Business.
42.
Based on their personnel security risk assessment, agencies are to determine what checks are
required for employment screening, ongoing suitability to access agency resources and for
separation from the agency. These may include agency specific employment screening checks or
security clearances. For example, the Australian Federal Police have a program of random drug
and alcohol testing.
43.
For further advice on undertaking a personnel security risk assessment, see the United Kingdom
Centre for the Protection of National Infrastructure publication Personnel Security Risk
Assessment: A guide.
9
4.
Employment screening
Mandatory Requirement
PERSEC 1: Agencies must ensure that their personnel who access Australian Government resources
(people, information and assets):
 are eligible1 to have access
 have had their identity established
 are suitable2 to have access, and
 agree to comply with the Government’s policies, standards, protocols and guidelines that safeguard
the agency’s resources from harm.
44.
Agency heads set the minimum suitability requirements for all new staff employed in their
agencies, based on the agency risk assessment, any agency-specific legislation and the Australian
Government’s expectation that agencies have in place measures to facilitate resource sharing.
These requirements are normally conditions of engagement or ongoing conditions of employment
and may include character checks and security clearances. For further advice see the Australian
Public Service Commission publication Conditions of engagement.
45.
Agencies are to ensure all personnel agree that they are responsible for safeguarding against loss,
misuse or compromise any Australian Government resources for which they are responsible by
obtaining a signed confidentiality agreement.
46.
All personnel requiring ongoing access to Australian Government security classified information or
resources are to have security clearances. This includes contractors and service providers; see
Section 6 - Agency security clearance requirements.
47.
Agencies need to confirm that the person is an Australian Citizen or has a valid visa with work
rights, by sighting the documents in support of citizenship or visa. For further information see the
Department of Immigration and Border Protection.
4.1. Recommended employment screening
48.
Agencies are to undertake employment screening for all new personnel. This screening will allow
access to unclassified official resources.
49.
Agencies should undertake employment screening that meets or exceeds the Australian Standard
4811-2006: Employment Screening.
1
For agencies enabled by the Public Service Act 1999 eligibility refers to the requirements for engagement of
APS employees listed in section 22 of the Public Service Act 1999. Agencies not enabled by the Public Service
Act 1999 should refer to the requirements of engagement of personnel contained within their own enabling
legislation.
2
To be suitable personnel need to demonstrate qualifications and/or experience required of the position
including satisfaction of any agency specific requirements. Agency specific requirements may include
demonstration and compliance with relevant codes of conduct (e.g. APS Code of Conduct), behaviours and/or
values.
10
50.
Further details on assessing employment screening checks are in the Australian Government
personnel security guidelines—Agency personnel security responsibilities.
51.
Agencies should, based on their risk assessment, undertake periodic reassessments of suitability
for employment.
4.2. Agency-specific employment screening checks
52.
Additional screening checks (e.g. drug and alcohol testing) are agency-specific and are separate
from the security clearance process.
53.
Additional screening may include:

conducting a credit reference check

obtaining a conflict of interest declaration, or

obtaining a signed Statutory Declaration from the person declaring all information provided
to the agency is truthful and complete.
54.
Agencies should advise applicants where additional screening is required as part of a condition of
engagement or an ongoing condition of employment. Agencies should identify this requirement
when advertising a vacancy or before offering employment.
55.
While a prospective employee may meet the minimum requirements for an Australian
Government security clearance, he or she may not meet the agency’s screening requirements and
vice-versa.
56.
If agency-specific checks identify issues relevant to a clearance subject’s suitability for a security
clearance the agency is to share this information with the vetting agency.
57.
If agency specific checks identify issues relevant to national security, the agency is to share this
information with ASIO.
58.
The vetting agency/ASIO may instigate supplementary security clearance assessments as a result
of this information.
59.
Agencies are responsible for reviews of their agency specific checks.
4.3. Recording results of employment and additional agency
specific screening
60.
Agencies are to record the results of the employment screening for successful applicants and any
additional agency specific screening relating to each person.
61.
Agencies should, based on their operating requirements, determine whether to create a separate
Personal Security File for each employee or add the results to their personnel file.
4.3.1.
62.
Additional information
Additional information on employment screening is available from:
11

AS4811-2006: Employment Screening

HB 323-2007: Employment Screening Handbook

AS 8001-2008: Fraud and Corruption Control

section 10 of the Public Governance, Performance and Accountability Rule 2014
(Fraud Rule)

APS Conditions of engagement.
12
5.
Ongoing suitability for employment
Mandatory Requirements
PERSEC 2: Agencies must have policies and procedures to assess and manage the ongoing suitability for
employment of their personnel.
GOV 1: Agencies must provide all staff, including contractors, with sufficient information and security
awareness training to ensure they are aware of, and meet the requirements of the PSPF.
63.
An agency’s policies and procedures to assess and manage the ongoing suitability for employment
of their personnel will be determined by the agency’s security risk assessment; see Section 3 identifying personnel security risks.
5.1. Security awareness, training and education
64.
Security awareness, training and education provide personnel with information on their
responsibilities under the PSPF and their agency specific responsibilities. Training may include
induction sessions, attaining formal qualifications and professional development.
65.
Agencies are to determine specific security training or briefings required by their personnel. This
may include but is not limited to:
66.

personal safety and security measures in agency facilities and in the field

confidentiality requirements for information, including intellectual property

self-managing risk

information control measures (need-to-know)

overseas travel safety and security

contact reporting

incident reporting

unusual and suspicious behaviour, and

handling and security requirements for valuable assets.
For further advice see the Australian Government personnel security guidelines—Agency personnel
security responsibilities, Section 8.2.
5.2. Performance management
67.
Agencies should include personnel security compliance as part of their personnel performance
management.
5.3. Conflict of interest
68.
Public confidence in the integrity of personnel is vital to the proper operation of government.
Confidence may be jeopardised if the community perceives a conflict of interest. Personnel need
to be aware that their private interests, both financial and personal, could conflict with their
official duties.
13
69.
Ultimately it is the agency head's responsibility to determine what actions are taken where there
is a conflict. While it is best to avoid a conflict, it is not always practical. Agencies are to establish
processes that deliver effective personnel security outcomes and that withstand scrutiny.
5.4. Incident investigation
70.
Agencies are to investigate reports of a security incident in accordance with their agency specific
policies and procedures.
71.
Agencies are to consult with the AFP, jurisdictional police, ASIO and/or ASD where the security
incident may have criminal or National Security implications.
72.
For further details on undertaking an investigation see Protective security governance guidelines—
Reporting incidents and conducting security investigations and the Australian Government
Investigation Standards .These guidelines also provide advice on referring matters to the
appropriate law enforcement agencies, ASIO and the Australian Signals Directorate, depending on
the nature of the incident.
5.5. Monitoring, evaluating and recording of ongoing personnel
suitability
73.
Employment screening and subsequent employment checks provide only a snapshot of the
employee’s suitability at a point in time.
74.
Based on their personnel security risk assessments, agencies are to have policies and procedures
in place to monitor ongoing suitability of staff. These may include:

requiring managers to monitor all personnel’s continuing suitability to access Australian
Government resources

advising personnel what personal behaviours or concerns that they are required to report—
e.g. criminal arrests or convictions, change of circumstances, contacts that are suspicious,
on-going, unusual or persistent and other significant incidents. For more information see
Section 8 - Agency responsibilities for active monitoring of clearance holders

providing guidance to personnel on reporting suspect conduct by other personnel, and

undertaking periodic employment re-screening.
75.
Agencies should determine the period between original screening and any subsequent
re-screening. The period will depend on the agency’s risk profile and any specific risks associated
with the position.
76.
Agencies should record the outcomes of their monitoring and evaluations on the same file as any
employment screening results.
14
6.
77.
Agency security clearance requirements
Agency heads may require a security clearance as a condition of employment. A security clearance
is a determination by a vetting agency that an individual is suitable to access security classified
resources.
6.1. Cooperation in the clearance process
78.
Agencies are to advise clearance subjects of their responsibilities to comply with the vetting
process. Where possible, agencies should assist clearance subjects to provide accurate and
complete information that is timely.
79.
Clearance subjects are to cooperate with the vetting agency throughout the clearance process,
including by providing within the timeframes advised:

a completed clearance pack

copies of any requested supporting documents, and

complete and truthful responses.
80.
Vetting agencies are to cancel the clearance process for any failure to cooperate in the clearance
process. Agencies are to remove any access to Australian Government security classified resources
from clearance subjects, if advised by the vetting agency that the clearance has been revoked or
the process cancelled.
81.
Agencies are to apply this control to all personnel, irrespective of their position or duties.
82.
Agencies are not to use temporary access provisions to provide access to Australian Government
security classified resources to personnel that are not actively cooperating with the vetting
process.
6.2. Identifying and recording positions that require a security
clearance
Mandatory Requirements
PERSEC 3: Agencies must identify, record and review positions that require a security clearance, including
the level of clearance required.
PERSEC 4: Agencies must ensure their personnel with ongoing access to Australian Government security
classified resources hold a security clearance at the appropriate level, sponsored by an Australian
Government agency.
83.
Anyone requiring ongoing access to Australian Government security classified resources is to hold
a security clearance at the appropriate level.
84.
An agency head or their delegate is to decide if a role or position requires a security clearance.
85.
An agency head may require that all agency staff in a particular category be cleared to a specified
level. Factors that may influence this decision include:
15

the nature of the agency’s business

an agencies risk assessment

the need to access the agency’s security classified information or resources or ICT systems,
or

the need for increased levels of assurance of employees’ suitability to perform particular
roles.
86.
Agencies may use security clearances as an assurance measure in addition to their employment
screening and agency specific controls for positions where the agency risk assessment deems the
security clearance process is to apply.
87.
Positions that have a business impact level of high or above may include those:

whose occupants have access to aggregations of information or assets, or

where the nature of the position requires greater assurance about a person’s integrity; for
example, a higher level of clearance with greater background checking to support fraud
mitigation or as an anti-corruption measure.
88.
Agencies should assess whether the checks undertaken for a security clearance provide the
required level of assurance or whether agency-specific checks will better meet their needs.
89.
Agencies are to maintain a register of positions that require a clearance. Before advertising a
position, agencies are to identify:
90.

if the position requires a security clearance

the level of clearance required

whether the clearance is for access to Australian Government security classified information
or to give a level of assurance, and

when the requirement for a security clearance will be reassessed.
Agencies should periodically reassess the security clearance requirement for positions, at least
each time the position becomes vacant and before it is advertised.
6.2.1.
91.
Security clearance levels
There are four security clearance levels:
i.
Baseline – provides ongoing access to information or resources up to and including
PROTECTED.
ii.
Negative Vetting Level 1– provides ongoing access to information or resources up to and
including SECRET.
iii.
Negative Vetting Level 2 – provides ongoing access to information or resources up to and
including TOP SECRET.
iv.
Positive Vetting – provides access to certain types of sensitive, caveated, compartmented
and codeword information. PV is an additional process that is designed to ensure, beyond
reasonable doubt, that a candidate is suitable to access the highest classification of security
classified and caveated information. PV builds upon the requirements for the granting and
16
maintenance of Negative Vetting Level 2. PV requirements are managed by the InterAgency Security Forum on behalf of the Australian Intelligence Community and are detailed
in the Sensitive Material Security Management Protocol (SM SMP) which is only available to
Agency Security Advisers.
Positive vetting

Negative vetting level 2
Negative vetting level 1
Baseline
Employment screening
UNCLASSIFIED
UNCLASSIFIED with a
DISSEMINATION
LIMITING MARKER
PROTECTED
CONFIDENTIAL
SECRET
TOP SECRET
Certain Sensitive and
Compartmented
Information 1
Table 2 – Information access requirements
2

































Notes:
1. Access to Sensitive and Compartmented Information is detailed in the Sensitive Material Security
Management Protocol (SMSMP) which is only available to those with a need to know.
2. In certain limited circumstances Compartmented information is available at the NV2 level. For further
information see the SMSMP.
6.2.2.
92.
93.
Caveat and codeword access
Agencies are to liaise with the agency responsible for administering a caveat or codeword to
determine the personnel security measures required in addition to a security clearance. This could
include but is not limited to:

specific compartment briefings, and

reporting or restrictions on overseas travel.
For further information on access to caveats and codewords, refer to the Australian Government
Information Core Policy and supporting Protocol and guidelines; and the SMSMP.
6.2.3.
Contractors requiring security clearances
94.
Agencies are to identify contractors requiring security clearances for access to security classified
information and resources or those requiring a security clearance as a level of assurance, as part
of the procurement process.
95.
Agencies engaging contractors who will require security clearances are to sponsor the contractor’s
clearance. See PSPF—Governance arrangements—Contracting.
96.
Contractors may work concurrently for a number of agencies. The agency that is to sponsor a
contractor is the agency:

first engaging the contractor where a security clearance is required, or
17

requiring the highest level of security clearance.
97.
The lead agency for a contract is to sponsor all contractor clearances where a single contract
covers a number of agencies—e.g. as the result of a panel arrangement.
98.
The lead agency is to ensure that they have arrangements (policies and procedures) in place to
ensure the ongoing suitability of contractors in accordance with this protocol. For further
information see Section 8.8 – clearance maintenance for contractors.
99.
Lead agencies are to ensure that ongoing suitability assessments of contractors are included in the
contract.
100. If an interested party becomes aware of a contractor’s change in circumstances, the interested
party is to inform the vetting agency. The vetting agency is to inform all other interested parties.
For further information on sharing see Section 1.6 - Sharing Personal Information.
6.2.4.
Persons employed under the Members of Parliament (Staff)
Act 1984 (Cth) (MoPS Act)
101.
Special Minister of State Determination 2012/1 directs that Ministerial staff employed
under Part III of the Members of Parliament (Staff) Act 1984 (Cth) need to obtain and maintain a
Negative Vetting Level 2 security clearance. This direction allows for variation in certain
circumstances for electorate officers. For further information see Annex A: Request for variation
of Special Minister of State’s Determination 2012/1 for a Minister’s Electorate Officer.
6.3. Australian office holders
102. The following Australian office holders are not required to hold a security clearance to access
Australian Government security classified information while exercising the duties of the office:

Members and Senators of the Commonwealth, State and Territory Parliaments

Judges of The High Court of Australia, The Supreme Court, Family Court of Australia, The
Federal Circuit Court of Australia and Magistrates

Royal Commissioners, and

the Governor-General, State Governors, Northern Territory Administrator, and

members of the Executive Council.
103. Other appointed office holders may have enabling legislation which gives the same privileges as
the people identified in the preceding paragraph—e.g. Members of the Administrative Appeals
Tribunal and Members of the Social Security Appeals Tribunal.
104. Personnel of the office holders in paragraphs 100 and 101 are not exempt from the requirements
for a security clearance and are to be security cleared to the appropriate level if they require
ongoing access to security classified information.
105. An Australian officer holder’s exemption from the requirements of the PSPF is limited to the
requirement for a security clearance. Agencies responsible for managing protective security for
18
Australian office holders are to ensure that classified material in their possession is appropriately
safeguarded at all times in accordance with the PSPF.
6.4. Other access arrangements
6.4.1.
Foreign Nationals with non-Australian Government security
clearances
Mandatory Requirement
GOV 10: Agencies must adhere to any provisions concerning the security of people, information and assets
contained in multilateral or bilateral agreements and arrangements to which Australia is a party.
106. Foreign nationals routinely contribute to Australia’s National Interest through exchange, longterm posting and/or attachment to the Australian Government.
107. Foreign nationals can only access Australian Government security classified information and
resources under an Agreement or Arrangement3 if they:

access the information in accordance with that Agreement or Arrangement, and

hold a security clearance granted by their national government which is recognised by the
Australian Government in accordance with the Agreement or Arrangement.
108. Agencies are not to permit non-Australian citizens access to information caveated ‘Australian Eyes
Only’ (AUSTEO). Non-Australian citizens can only access other ‘Eyes Only’ information if they are a
citizen of a country included in the Eyes Only caveat.
109. Agencies cannot make policy exceptions to AUSTEO and Eyes Only access requirements. For
further details see Information security management core policy.
110. In limited circumstances foreign nationals may access information caveated Australian
Government Access Only (AGAO). AGAO is used by the Department of Defence, ASIS and ASIO.
These agencies may pass information marked with the AGAO caveat to appropriately cleared
representatives of foreign governments.
111. AGAO material received in other agencies is to be handled as if it were marked AUSTEO.
112. For further details see the Australian Government information security management guidelines—
Australian Government security classification system.
3
An agreement or an arrangement includes treaties, security of information agreements and memorandums
of understanding.
19
6.5. Eligibility waivers (citizenship and checkable background)
Mandatory Requirements
PERSEC 5: Before issuing an eligibility waiver (citizenship or checkable background) and prior to
requesting an Australian Government security clearance an agency must:

justify an exceptional business requirement

conduct and document a risk assessment

define the period covered by the waiver (which cannot be open-ended)

gain agreement from the clearance applicant to meet the conditions of the waiver, and

consult with the vetting agency
113. Agencies are to include details in their annual PSPF compliance report stating numbers and levels
of security clearances granted subject to:

citizenship waivers, and

uncheckable background waivers.
114. Only Australian citizens with a checkable background are eligible for an Australian Government
security clearance, unless these eligibility requirements have been waived by the sponsoring
agency head. Agency Heads need to be aware that granting an eligibility waiver, does not
guarantee that a clearance will be granted by the vetting agency.
115. Sponsoring agencies are to confirm all clearance subjects are eligible, by confirming citizenship
and checkable background requirements, prior to requesting a security clearance.
6.5.1.
Eligibility waivers
116. An agency head may, under certain conditions waive the citizenship or checkable background
requirements for a person to be eligible for a security clearance.
117. An agency head’s decision to waive an eligibility requirement is to be based on a thorough analysis
of the risks to the Australian Government and the possible impact on the National Interest. For
further information see Personnel security guidelines—Agency personnel security responsibilities.
118. Agency heads need to be aware of the inherent risks posed from a malicious trusted insider when
granting eligibility waivers. Any decision to grant a waiver needs to be assessed against and linked
to the agency’s risks. Agency heads need to be aware that by granting a waiver, they are taking on
a risk that may be detrimental to the Australian Government. If the documents supporting the
waiver do not fully detail the risks to the National Interest, mitigations and any residual risks, the
vetting agency may reject the request for security clearance.
119. The vetting agency is to record, or place, the waiver on the clearance subject’s Personal Security
File.
20
120. An eligibility waiver is role-specific, non-transferable, finite and subject to review. In other words,
the waiver is to apply only while the clearance holder remains in the position for which the
clearance was granted.
121. The waiver is not to follow the clearance holder to any other position without review. An eligibility
waiver is not open-ended and is to be subject to regular review to confirm that there is a
continuing requirement for the waiver.
122. Agencies are to reassess eligibility waivers yearly.
6.5.2.
Non-Australian citizens
123. An agency is to only grant an eligibility (citizenship) waiver where:

it has been identified that there is no Australian citizen who could fill the position, and

the agency understands and agrees to manage the risk.
124. Permanent residence status is not an acceptable alternative to the citizenship requirement.
125. The vetting agency may decline the request for clearance if, notwithstanding the citizenship
waiver, other minimum checks are unable to be made, or standards met. It may not be possible
for the vetting agency to conduct the required checks overseas or, if checks can be conducted, to
have confidence in the level of assurance provided by the checks.
126. Non-Australian citizens are not to access information caveated ‘Australian Eyes Only’ (AUSTEO).
Foreign nationals can only access other ‘Eyes Only’ information if they are a citizen of a country
included in the Eyes Only caveat and have a need to know. Agencies cannot make policy
exceptions to AUSTEO and Eyes Only access requirements.
6.5.3.
Uncheckable backgrounds
127. A checkable background is established when a vetting agency has validated information provided
by a clearance subject with respect to their background from independent and reliable sources.
128. A clearance subject has an uncheckable background when the vetting agency cannot complete the
minimum checks and inquiries for the relevant checking period, or the checks and inquiries, where
able to be made, do not provide adequate assurance about the clearance subject’s life or
background. In these circumstances, the vetting agency may decline the request for a clearance.
129. Any clearance subject that has spent greater than 12 months (cumulative) out of Australia within
the requisite background checking period is to be considered to have an uncheckable background
(if their periods of time out of Australia cannot be verified from independent and reliable sources).
If the clearance subject’s periods of time out of Australia cannot be verified from independent and
reliable sources, the subject is to be assessed by the vetting agency as ineligible to be considered
for an Australian Government security clearance.
130. Vetting agencies are to consider the security risk to the Australian Government as the primary
factor when assessing whether a person is considered to have a checkable background, and
therefore whether they are eligible to be considered for an Australian Government security
clearance.
21
131. For an individual to be eligible for an Australian Government security clearance, background
checks should generally be able to be undertaken in Australia. It is expected that individuals
sponsored by agencies for an Australian Government security clearance will have strong,
established ties to Australia.
6.5.4.
Conditions for clearances subject to an eligibility waiver
132. Clearances granted with eligibility waivers are to be subject to strict conditions. These may include
conditions such as but not limited to:

the continuation of the eligibility waiver being conditional on the applicant taking Australian
citizenship as soon as they are eligible where the subject has indicated they are actively
seeking citizenship or do not have a valid reason not to seek citizenship

the agency not allowing non-Australian citizens granted a waiver access to ‘Eyes Only’
information unless it includes the person’s country of citizenship and they have a need to
know

the agency not granting access to security classified information from a foreign government
without the written agreement of that foreign government or as outlined in the provisions
of any information sharing agreements, and

the agency limiting access to security classified information to that required to perform the
specific duty identified.
133. Sponsoring agencies are to ensure a person subject to a waiver follow any conditions placed on
the clearance. Sponsoring agencies are to advise vetting agencies of any non-compliance with
conditions of the waiver.
134. The vetting agency is to cease a clearance where the clearance subject does not adhere to the
conditions of the waiver.
135. The sponsoring agency is to reassess the waiver and advise the vetting agency if the clearance
subject changes duties.
6.6. Locally engaged staff
136. Locally engaged staff who are not Australian citizens, may be granted a ‘diplomatic mission
clearance’. ‘Diplomatic mission clearances’ are recognised as clearances within the mission they
are granted, they are role specific and are not portable. For information about locally engaged
staff (LES) in diplomatic missions contact DFAT.
137. The Australian Trade Commission (AUSTRADE) is a managing agency under the Guidelines for
Management of the Australian Government Presence Overseas (February 2007). Accordingly,
AUSTRADE conducts security screening for its LES, and for those of attached agencies where
applicable.
138. An agency may grant an eligibility (citizenship) waiver for LES where:

the preferred person for a position requiring a security clearance is not an Australian citizen,
and

the agency understands and agrees to manage the risk.
22
6.7. State or Territory government security clearances
139. The Australian Government recognises security clearances up to Negative Vetting 2 issued by the
States and Territories if the clearance is undertaken for their own personnel and has been
processed in accordance with the Australian Government Personnel Security Protocol and
supporting guidelines. State and Territory clearances may be transferred between other State and
Territory agencies and the Commonwealth. This is in accordance with the Memorandum of
Understanding on the Protection of National Security Information between the Commonwealth
and States and Territories (2007).
Note: The Australian Security Intelligence Organisation Act 1979 (Cth) restricts ASIO from passing
Security Assessments directly to the States and Territories. Requests by the States and Territories
for ASIO Security Assessments are facilitated through the Attorney General’s Department or the
sponsoring Commonwealth agency.
23
7.
Temporary access to classified information arrangements
Mandatory Requirements
PERSEC 4: Agencies must ensure their personnel with ongoing access to Australian Government security
classified resources hold a security clearance at the appropriate level, sponsored by an Australian
Government agency.
GOV 6: Agencies must adopt a risk management approach to cover all areas of protective security
activity across their organisation, in accordance with the Australian Standard for Risk Management
AS/NZS ISO 31000:2009 and the Australian Standards HB 167:2006 Security risk management.
140. Temporary access allows limited, supervised access to security classified resources.
141. Temporary access is not a security clearance.
142. Temporary access provisions are not to apply to positions where security clearances are used only
as a measure of assurance, where there is no access to classified information.
7.1. Temporary access conditions
143. Agencies are not to use temporary access provisions for routine business needs or as a substitute
for sound personnel management (for temporary access provisions for MOPS personnel see
section 7.2).
144. Agencies are to base any decision to approve temporary access on a documented risk assessment.
Agencies should consider any existing mitigating factors as part of the risk assessment—e.g.
holding a security clearance at a lower level, employment screening or any agency specific checks
undertaken. For further details on undertaking a temporary access risk assessment, see the
Australian Government personnel security guidelines—Agency personnel security responsibilities.
145. Agency head written approval is to be sought and granted for any temporary access
arrangements.
146. Prior to granting temporary access the sponsoring agency is to confirm with the vetting agency
that there are no known concerns about the person who may be given temporary access.
147. The vetting agency is to advise the sponsoring agency of any existing or prior limitations on the
person requiring access.
148. If advised of any concerns by the vetting agency, the sponsoring agency is to base any decision to
remove the clearance subject’s temporary access to security classified information and resources
on a documented risk assessment.
149. The sponsoring agency is to withdraw temporary access to security classified resources if concerns
cannot be mitigated.
24
150. Agencies are not to use temporary access arrangements for access to:

TOP SECRET classified resources unless the person requiring access holds a Negative Vetting
Level 1 clearance.

caveat, compartmented or codeword information.
151. Temporary access to TOP SECRET resources (where the person does not hold a Negative Vetting
Level 1 clearance), or caveat, compartmented or codeword material may only be given after a
policy exception is approved by the agency head. Agencies should seek agreement from the
information owners and compartment controllers, prior to granting temporary access to TOP
SECRET resources.
152. Sponsoring agencies are to advise the vetting agency of any temporary access approved. The
vetting agency is to record the access on the clearance subject’s PSF and/or security records
database.
7.1.1.
Types of temporary access
153. There are two types of temporary access arrangements:
i. short term access –allows an employee access to Australian Government classified resources
where they do not hold a clearance at the appropriate level and are not being assessed for a
clearance or are yet to submit a completed clearance pack, and
ii. provisional access – access to Australian Government classified resources while a clearance
subject is undergoing a clearance after they have submitted a completed clearance pack.
25
Table 3 – Summary of temporary access requirements
Short term access
Provisional access
Period of access
Maximum of 3 months in one calendar
year 2
Until clearance granted or denied, or
suitability concerns are identified by
the vetting agency
Classified Resources allowed
TS
SCI
TS1
S2, C2
P
TS
SCI
TS 1
S2, C2
P











Requirements:


documented risk assessment
Agency head written approval
The person and their manager have signed an undertaking to protect
official resources
Security briefing by home agency
Approval of information owner required
N/A


Complete pack with vetting
agency
Vetting agency advised there are
no obvious suitability concerns
 Employment screening
 Agency specific checks
 Clearance at a lower level
 Knowledge of personal history
(TS – TOP SECRET; S – SECRET; C – CONFIDENTIAL; P – PROTECTED)
Notes:
1. Only allowed in exceptional circumstances with an existing NV1 clearance and agency head approval (for
temporary access provisions for MOPS personnel see section 7.2).
2. Only allowed in exceptional circumstances
Risk mitigations may include:
7.1.2.
Short term access
154. Short term access to Australian Government security classified resources may be allowed where
there is an unforeseen requirement for access. Short term access is for a maximum of:

a continuous period of three months, or

an aggregation of shorter periods of no more than three months in one calendar year.
155. Short term access to PROTECTED can be based on a business need.
156. Agencies are to only approve short term access to CONFIDENTIAL or SECRET classified resources in
exceptional circumstances where:

the exception is critical to the agency meeting its outcomes, and

the risks to the agency can be mitigated or managed.
157. Agencies are to only approve short term access to TOP SECRET classified resources in exceptional
circumstances where:

the person requiring access holds a Negative Vetting Level 1 clearance

the exception is critical to the agency meeting its outcomes, and

the risks to any affected agency can be mitigated or managed.
26
7.1.3.
Provisional access
158. Sponsoring agencies may approve provisional access for up to SECRET security classified resources
where there is a sound business case to support access during the clearance process.
159. Agencies are to only approve provisional access to TOP SECRET classified resources in exceptional
circumstances where:

the person requiring access holds a Negative Vetting Level 1 clearance

the exception is critical to the agency meeting its outcomes, and

the risks to any affected agency can be mitigated or managed.
160. Before granting provisional access, sponsoring agencies are to confirm with the vetting agency
that:

the clearance applicant has submitted a completed clearance pack and required documents,
and

there are no readily identifiable suitability concerns.
161. Agencies may approve provisional access until the clearance process is complete. Agencies may
change the type of temporary access from short term to provisional once the vetting agency has
confirmed it has received the completed pack and advises there are no concerns.
7.2. Temporary access for MOPS Act staff
162. It is reasonable to expect that some staff employed by an Australian Government Minister under
the MOPS Act will require temporary access. This is particularly relevant following any change of
Government.
163. MOPS Act Staff may be given temporary access to TOP SECRET information, where there is a need
to know, without the requirement to hold a Negative Vetting Level 1 clearance, subject to:

a detailed risk assessment

consultation with the information originators, and

the risks to any affected agency can be mitigated or managed.
164. MOPs Staff are not to be given temporary access to sensitive compartmented, codeword or
caveat information
165. A Minister’s Portfolio Department should approve short term access for new MOPS Act staff for
the Department’s Minister until their security clearances are granted unless advised to withdraw
the access due to concerns including non-compliance with the clearance process.
166. The vetting agency is to notify the Portfolio Department and the Department of Finance of any
concerns or non-compliance with the security clearance process.
167. The Department of Finance is to advise Portfolio Departments of any Ministerial staff whose
clearance process has been cancelled for non-compliance with the security clearance process.
27
168. The Portfolio Department is to withdraw any temporary access to security classified information
for MOPS staff whose clearance process has been cancelled. For more information see Section 6.1
– Cooperation in the clearance process.
28
8.
Vetting agency responsibilities
Mandatory Requirements
PERSEC 6: Agencies other than authorised vetting agencies must use the Australian Government Security
Vetting Agency to conduct initial vetting and reviews.
PERSEC 8: Sponsoring and vetting agencies must share information that may impact on an individual’s
ongoing suitability to hold a security clearance.
8.1. Authority to make clearance decisions
169. Only vetting agencies are authorised to make clearance decisions.
8.1.1.
Confirming eligibility for a security clearance
170. Vetting agencies are to confirm citizenship and checkable background eligibility for all clearance
subjects.
171. If citizenship cannot be confirmed or there is an uncheckable background, the vetting agency is to
advise the sponsoring agency that the eligibility criteria have not been met and the clearance
request is cancelled.
172. Vetting agencies may impose an exclusion period that precludes the clearance subject from reapplying until the eligibility criteria is satisfied.
173. Sponsoring agencies may choose to consult with the vetting agency to initiate an eligibility waiver.
8.2. Assessing Suitability
174. Vetting agencies are to:

conduct all minimum mandatory checks, as detailed in Table 4, and any appropriate
supplementary checks, and collect all relevant, reliable and independently verified
information before assessing a clearance subject’s suitability to hold a security clearance

take into account the result of all checks and inquiries as the basis for determining suitability

assess clearance subjects against common factor areas in accordance with the Adjudicative
Guidelines, as detailed in Section 5 of the Australian Government personnel security
guidelines - Vetting practices

resolve any doubts about suitability for access to security classified resources in favour of
the National Interest, and

identify any risk management or specific clearance maintenance conditions relating to the
clearance.
175. Vetting agencies should consider any information they become aware of, that is relevant to
suitability, even if the matters falls outside of the minimum checking period.
29
176. The vetting agency is to deny a security clearance where any reasonable doubts about the
clearance subject’s suitability that cannot be resolved. Reasonable doubt exists when concerns
regarding the suitability of a clearance subject remain after all minimum and any supplementary
checks are completed.
8.2.1.
Supplementary checks and inquiries
177. Vetting agencies are to conduct appropriate supplementary checks and inquiries if the minimum
checks are insufficient to clearly establish the clearance subject’s suitability or unsuitability. For
further details on supplementary checks see Australian Government personnel security guidelines Vetting practices.
8.2.2.
Mitigation
178. Where the background assessment, including supplementary checks, identifies a personal
vulnerability, the vetting agency is to determine if there are any mitigating factors. Mitigating
factors are detailed in section 5 of the Personnel security guidelines - Vetting practices.
8.2.3.
Vetting agency consultation with sponsoring agencies
179. Vetting agencies are to advise sponsoring agencies of any information provided as part of the
vetting process or ongoing clearance maintenance that may impact on a person’s suitability to
access Australian Government resources or where risk mitigation measures are required.
180. Vetting agencies are to consult with sponsoring agencies before granting a security clearance that
imposes additional clearance maintenance conditions.
181. If mitigation is not satisfied by agreement to additional clearance maintenance conditions by
either the clearance subject or sponsoring agency, the vetting agency is to deny the clearance.
8.3. Vetting decisions
182. Vetting agencies are to base all vetting on an assessment of the whole person—See the
Adjudicative Guidelines.
183. The vetting agency is to advise the clearance subject and sponsoring agency in writing of the
decision to grant including any risk mitigations, deny, deem ineligible or cancel a security
clearance and any conditions imposed.
8.4. Failure to comply with the clearance process
184. The vetting agency is to cancel a clearance process and notify the sponsoring agency where a
clearance holder does not comply with the clearance process requirements.
30
8.5. Personnel security checks for initial clearances
Table 4 – Minimum personnel security checks and requirements for initial clearances1
Postive Vetting
Psychological assessment
Negative Vetting 1
Digital footprint checks
Financial statement
Baseline Vetting
Qualification verification
2
Negative Vetting 2
Financial probity check
Security interview
Security interview
Digital footprint checks
3
Financial statement
Digital footprint checks
3
Financial statement 3 and supporting
documents
Suitability screening questionnaire
Suitability screening questionnaire
Suitability screening questionnaire
ASIO assessment
ASIO assessment
ASIO assessment
Qualification verification
2
Qualification verification
2
Qualification and document verification
Professional referee check 4
Referee checks (including 1 professional) 4
Referee checks (including 1 professional
and 1 un-nominated) 4
Police Records Check (No Exclusion) 5
Police Records Check (Full Exclusion) 5
Police Records Check (Full Exclusion)
Financial history check
Financial history check
Financial history check
8
Police Records Check (Full Exclusion)
Financial history check
6
10 year background check
Official secrets declaration
Official secrets declaration
Official secrets declaration
Official secrets declaration
Statutory Declaration
Statutory Declaration
Statutory Declaration
Statutory Declaration
6
6
6
Identity verification 6
5 year background check
Identity verification
Identity verification
6
5
Referee checks (including 1 professional
and 1 un-nominated) 4
10 year background check
Identity verification
6
Whole of life background check 7
Notes:
1. Suitability is assessed against the criteria contained in the Australian Government personnel security guidelines - Vetting practices section 5 (Adjudicative guidelines)
2. Qualifications checks should be part of an agency employment screening process where qualifications are claimed and/or mandatory.
3. Financial statement – provides a detailed summary of a clearance subject’s assets, income, liabilities and expenditure, see the Australian Government personnel security guidelines - Vetting practices section 4.6.2.
4. Referees are to collectively cover the whole checking period. Professional checks are to cover at least the preceding 3 months. Additional referees may be required.
5. The application of spent convictions legislation will vary dependent on the jurisdiction in which the offence occurred.
6. Identity checked in accordance with the Australian Identity Proofing Guidelines (level 3 for baseline and NV1 and level 4 for NV2 and PV). In addition to documentation to confirm residential addresses, employment, supporting
documentation is also required to confirm citizenship status, and if relevant overseas travel see Australian Government personnel security guidelines - Vetting practices
7. For further details see the Sensitive Material Security Management Protocol
8. Financial history check - provides an overview of a clearance subject’s financial history. See the Australian Government personnel security guidelines - Vetting practices section 4.6.2 for further details on financial history checks.
31
185. Table 4 shows the hierarchy of checks and processes that reflects the level of assurance required
for each level of security clearance.
8.5.1.
Statutory declaration
186. Clearance subjects are to sign a Statutory Declaration made under the Statutory Declarations Act
1959 (Cth) that confirms:

they have provided complete and truthful information to the vetting agency

they have not altered the original documents or the copies provided to the vetting agency,
and

the original documents relate specifically to them.
187. For further information on the requirements see Statutory Declarations.
8.5.2.
ASIO Security Assessment
188. Either the Commonwealth vetting agency, or the Commonwealth facilitating agency for State and
Territory assessments, is to obtain an ASIO Security Assessment for all NV and PV clearance
subjects. The only exception is where the vetting agency has already assessed that the person
would be unsuitable for a security clearance regardless of any assessment ASIO might make. For
further information see the Australian Government personnel security guidelines—Vetting
practices.
189. Vetting agencies are to provide ASIO with the details of any security concerns about the clearance
subject.
8.6. Reviews of security clearances
190. Vetting agencies are to undertake:

periodic revalidations of security clearances, and

reviews for cause for all clearances where concerns about a clearance holder’s suitability to
hold a clearance are identified. For further information see Section 10.6.2 - Reviews for
cause.
191. The vetting agency is to advise the clearance subject’s sponsoring agency of any
review/investigation being undertaken by the vetting agency, to allow the sponsoring agency to
assess whether to deny access pending the outcome of the review.
8.6.1.
Periodic Revalidations
192. Vetting agencies are to periodically initiate revalidations of all Baseline, Negative and Positive
Vetting security clearances.
193. The requirements for the revalidation of security clearances are listed in Table 5. The table shows
the hierarchy of checks and processes that reflect the level of assurance required for each level of
security clearance. Vetting agencies are to undertake additional checks to resolve concerns on a
case-by-case basis.
32
Table 5: Summary of minimum revalidation requirements
Baseline
Negative vetting
level 1
Negative vetting
level 2
Positive vetting
To be undertaken by
vetting agencies at least
every 15 years.
To be undertaken by
vetting agencies at least
every 10 years.
To be undertaken by
vetting agencies at least
every 5 years.
To be undertaken by
vetting agencies at least
every 5 years.
Updated personal
particulars covering
period since previous
vetting
Updated personal
particulars covering period
since previous vetting
Updated personal
particulars covering period
since previous vetting
Updated personal
particulars covering
period since previous
vetting
Police records check
(No exclusion)
Police records check
(Full exclusion)
Police records check
(Full exclusion)
Police records check
(Full exclusion)
Financial history check
Financial history check
Financial history check
Financial history check
1 professional referee
check
1 professional referee
check
2 referee checks –
(including 1 professional
and 1 un-nominated)
3 Referee checks
(including 1 professional
and 1 un-nominated)
ASIO check
ASIO check
ASIO check
Financial statement
Financial statement
Financial statement and
supporting documents
Interview
Interview
Psychological
assessment
8.6.2.
Reviews for cause
194. A review for cause may be initiated whenever a security concern regarding a clearance subject
arises.
195. Upon receipt of information raising concerns about the suitability of a clearances holder, vetting
agencies are to assess if a review for cause is warranted.
196. Prior to initiating a review for cause the vetting agency is to advise the sponsoring agency and
interested parties (for contractors). If the sponsoring agency or interested parties (for contractors)
advises of any ongoing investigation that might be compromised by the review for cause the
vetting agency should not commence the review until the investigation is complete.
197. Vetting agencies should advise the clearance subject prior to starting any reviews for cause, and
the reasons for the review.
198. Sponsoring agencies should advise the clearance subject of their responsibility to comply with the
review for cause process.
199. Vetting agencies are to undertake any checks required to resolve the concern(s) that led to the
initiation of the review for cause. This may include:

targeted checks to resolve an issue, or

a full revalidation if the concerns are wide ranging.
200. Vetting agencies are to advise both the clearance subject and the sponsoring agency including
interested parties (for contractors) of the review for cause outcome.
33
8.7. Adverse findings
201. Decisions and actions taken during a security clearance could be subject to judicial review. Vetting
agencies will need to demonstrate that they have met the requirements of procedural fairness.
For further information see section 6.2 of the Australian Government personnel security guidelines
– Vetting practices.
202. Where a decision is made to deny a clearance, the vetting agency is to inform the clearance
subject of the procedures for seeking a review of the decision.
203. The vetting agency is to also advise the sponsoring agency of the decision to deny the clearance.
204. Vetting agencies are to report any denial of NV and PV security clearances, including any exclusion
periods, to ASIO.
8.8. ASIO-initiated review of ASIO Security Assessment
205. ASIO may provide preliminary advice to a Commonwealth agency regarding the subject of an ASIO
security assessment pending the issuing of a new ASIO security assessment.
206. Section 39 of the ASIO Act permits Commonwealth agencies to take appropriate action (such as
suspending a person’s security clearance and preventing ongoing access to classified information)
if the Commonwealth agency is satisfied, on the preliminary advice from ASIO, that it is necessary
to take that action as a matter of urgency due to the requirements of security. Any action taken is
to be temporary pending receipt of a new ASIO Security Assessment. Section 39(1) prevents
Commonwealth agencies from taking other prescribed kinds of action on the basis of preliminary
advice from ASIO.
207. ASIO will normally liaise with the Commonwealth agency and the relevant vetting agency in these
circumstances.
8.9. Reviews of security clearance processes and outcomes
208. Vetting agencies are to have procedures to resolve any grievances and are to advise the clearance
subject of these procedures as part of the clearance process.
209. Vetting agencies are to resolve any grievances raised by the clearance subject regarding:

the security clearance process, and

the manner in which the vetting agency conducted the clearance, or the decision made.
210. Vetting agencies are to advise the clearance subject of these procedures as part of the clearance
process.
8.10. Review of clearance decisions
211. Clearance subjects or sponsoring agencies may seek a review of any security clearance decision.
The initial review is to be carried out by the vetting agency responsible for denying or varying a
clearance.
34
212. An application by a clearance subject for a review does not change the original decision. A review
may determine that the process was flawed and a new process should be undertaken.
213. Clearance subjects may also seek external review. The avenue for review will vary. Some examples
are:

APS employees may seek review through the Australian Public Service Commissioner or the
Commonwealth Ombudsman, and

contractors may seek review through the Office of the Commonwealth Ombudsman.
214. Any person may seek review through the Federal Court.
215. The delegate for the purposes of the review should be independent from the original decision
maker.
216. The Public Service Regulations 1999 (Cth) provides guidance on review processes for APS
employees.
217. The vetting agency and the clearance subject seeking the review are to co-operate fully with the
review process.
8.11. Transfer of Personal Security Files
218. Vetting agencies are to transfer PSFs—to the extent that their enabling legislation allows—to the
new vetting agency when a clearance holder transfers to another agency covered by a different
vetting agency. For further information see the Australian Government personnel security
guidelines—Vetting practices.
219. The receiving vetting agency is to address any anomalies within the incoming clearance subject’s
PSF at the time of transfer.
220. Vetting agencies are to advise sponsoring agencies of any concerns with the transferring clearance
holder's PSF. The sponsoring agency can then make a risk based decision on continuing access by
the clearance subject to security classified resources. For further information see the Australian
Government personnel security guidelines—Vetting practices.
8.12. Recognition of clearances
221. Vetting agencies are to recognise the security clearances granted by another vetting agency,
unless:

the clearance has exceeded its revalidation period

the clearance was granted with an eligibility waiver, or

the vetting agency has concerns that the incoming clearance subject is no longer suitable to
access Australian Government security classified resources at that clearance level.
8.13. Active and inactive clearances
222. An active clearance is a security clearance that is sponsored by an Australian Government agency,
and being maintained by a clearance holder and sponsoring agency.
35
223. An inactive clearance is a security clearance that is within the revalidation period, however the
clearance:

is not sponsored by an Australian Government Agency

is not being maintained by the clearance holder for a period greater than six months due to
long term absence from their role, and

for the Positive Vetting level is unsponsored; however, an annual security check was
completed within the last two years.
224. Security clearances without sponsorship, but still within the revalidation period, are considered
inactive—i.e. the clearance is not in use but has not been cancelled as a result of a review for
cause.
225. Upon notification of change of sponsorship for a clearance within the revalidation period, the
vetting agency is to identify the security clearances as active, only once the vetting agency has
assessed any changes of circumstances.
226. Vetting agencies are to identify security clearances as active upon notification of sponsorship by a
new agency, where the clearance is within the revalidation period subject to the vetting agency’s
assessment of any changes of circumstances. For further information see the Australian
Government personnel security guidelines—Vetting practices.
8.14. Vetting staff training and qualifications
227. Vetting agencies are to use qualified personnel in the vetting process.
228. Vetting agencies are to:

provide appropriate initial and supplementary training to assessing officers, and

assess, and periodically reassess, the competency of assessing officers.
229. See the Australian Government personnel security guidelines—Vetting practices for details of
qualifications, competencies and training requirements for vetting staff.
8.15. Vetting agencies’ management of outsourced vetting
providers
230. Vetting agencies are to ensure contractors engaged in vetting meet the requirements of the PSPF
and any agency specific polices or procedures. For further information see Australian Government
personnel security guidelines—Vetting practices.
36
9.
Agency responsibilities for active monitoring of clearance
holders
Mandatory Requirements
PERSEC 7: Agencies must establish, implement and maintain security clearance policies and procedures for
clearance maintenance in their agencies.
PERSEC 8: Agencies and vetting agencies must share information that may impact on an individual’s ongoing
suitability to hold an Australian Government security clearance.
GOV 1: Agencies must provide all staff, including contractors, with sufficient information and security
awareness training to ensure they are aware of, and meet the requirements of the PSPF.
231. Clearance maintenance is a joint responsibility of vetting agencies, sponsoring agencies and the
individual clearance holder. The purpose of clearance maintenance is to provide continuing
mitigation to the risk from the malicious trusted insider. It is an ongoing process throughout the
life of a security clearance.
232. Vetting agencies are responsible for the periodic review of clearance holders’ suitability
(revalidations) and conducting any reviews for cause when specific issues or concerns arise that
may affect a clearance holder's suitability. For more information see Sections 10.6 - Reviews of
Security Clearance and 10.6.2 - Reviews for Cause.
233. Sponsoring agencies’ are responsible for their security clearance holders (including Contractors).
Sponsoring agencies’ are to:

providing security awareness training and security clearance specific briefings

advise and remind clearance holders of their ongoing obligation to report changes of
circumstances and contacts that are suspicious, on-going, unusual or persistent. For further
information see the Personnel security guidelines – Agency personnel security
responsibilities.

provide ongoing supervision and management of clearance subjects including their
suitability to access official resources

notify the vetting agency of other issues of security concern relating to the ongoing
suitability of clearance holders, including security incidents and any concerns relating to
integrity

manage any additional specific clearance maintenance requirements agreed by the vetting
agency and the sponsoring agency as a condition of the security clearance, and

additional agency responsibilities for the ongoing clearance maintenance of their
contractors are detailed in Section 9.8 - Clearance maintenance for contractors.
234. These responsibilities are in addition to the controls identified for all personnel contained in
Section 5 – Ongoing suitability for employment.
37
9.1. Security awareness training for clearance holders
235. Agencies are to ensure that people who have access to Australian Government security classified
resources, understand and accept their day-to-day security responsibilities.
236. In addition to a program of security briefings and training that directly responds to the agency’s
security risk assessment, agencies are to:

advise clearance holders and their managers of their day-to-day security responsibilities

advise clearance holders and their managers of their reporting requirements—for example:

-
changes of circumstances, and
-
suspicious, on-going, unusual or persistent contacts.
provide the clearance holder with a briefing and/or training reminding them of their
clearance responsibilities, at least every five years or at clearance revalidation, whichever is
the sooner.
237. Agencies may also need to coordinate additional training/ briefings for personnel with access to
Sensitive Compartmented Information with the compartment owners.
9.2. Managing specific clearance maintenance requirements
238. Some concerns identified in the clearance process may be mitigated by applying additional specific
clearance maintenance requirements, e.g. additional periodic drug screening for reformed drug
users.
239. Agencies are to:

undertake any additional specific clearance maintenance requirements agreed to by the
sponsoring agency and vetting agency, and

are to report any results including any non-compliance with the additional requirements, to
the vetting agency.
240. Where compliance with additional requirements is not met by the clearance subject, the vetting
agency is to undertake a review for cause into the clearance subjects ongoing suitability. The
resultant action by the vetting agency may be the variation or withdrawal of a security clearance.
9.3. Annual health check
241. Agencies are to annually require:

clearance holders to confirm that they have reported to their agency security section:
-
all changes of circumstances, and
-
any suspicious, on-going, unusual or persistent contacts

clearance holders to complete any required security awareness training, and

managers responsible for personnel to confirm they have reported any concerns about the
clearance holders.
38
242. Agencies are to report any security concerns they have as to the ongoing suitability of their
clearance subjects to their vetting agency.
243. The annual health check does not replace an agency’s ongoing responsibility for their performance
management including code of conduct investigations.

For further information on the annual health check see section 14.1 of the Australian
Government personnel security guidelines – Agency personnel security responsibilities.
9.4. Sharing of information
244. Agencies are to provide vetting agencies with any information about the suitability of a person to
hold a security clearance. This includes but is not limited to:

negative results of agency specific checks

reportable changes of circumstances

suspicious, on-going, unusual or persistent contacts

incident and investigation results, and

where a breach of the code of conduct has been established or a security violation proven or
personnel management concerns that may call into question the integrity of the person.
245. Agencies should not use the clearance review process to deal with personnel management
problems (e.g. underperformance). However, if it is likely that such concerns could affect a
person’s suitability to hold a clearance, line managers should notify their agency security section
who in turn may notify the vetting agency.
246. Vetting agencies are to advise sponsoring agencies of any suitability concerns raised about
clearance subjects and any pending or active reviews for cause. In such cases and based on a risk
assessment the sponsoring agency is to, determine whether to limit or suspend the clearance
subject’s access to security classified resources.
9.4.1.
Reportable changes of personal circumstances
247. Agencies are to require their clearance holders to advise the agency security section of any
reportable changes in personal circumstances. For further details on what is a reportable change
of circumstance see Australian Government personnel security guidelines – Agency personnel
security responsibilities.
248. Agencies are to also require agency personnel to advise the agency of changes in personal
circumstances of other clearance holders if they have concerns that may be relevant to a
clearance holder’s suitability.
249. The agency is to then advise the vetting agency of any notified reportable changes in
circumstances.
39
9.4.2.
Contact reporting under the Australian Government Contact
Reporting Scheme
250. Agencies are to require their personnel to report suspicious, on-going, unusual or persistent
contacts with foreign officials and other foreign nationals to their agency security section.
251. Agencies are to:

collect Contact Reports from their personnel

acknowledge receipt of all reports

assess the reports, and

forward any reports of suspicious, ongoing, unusual or persistent nature to ASIO – Contact
Reporting.
252. For further information see Australian Government personnel security guidelines – Agency
personnel security responsibilities.
9.4.3.
Reporting security incidents to vetting agencies and other
appropriate agencies
253. Agencies are to advise the vetting agency of:

any security violations4 attributed to particular security clearance holders as reasonably
practicable, and

the results of any investigations into security breaches attributed to particular security
clearance holders and conduct or incidents that may indicate a disregard for security by
clearance holders—e.g. multiple infringements of agency security policies.
254. Agencies are to consult with the Australian Federal Police (AFP) and/or the Australian Security
Intelligence Organisation (ASIO) in respect of investigations that may have potentially serious
issues.
255. Agencies are to also advise security incidents to:

the Director, Australian Signals Directorate for matters relating to the Australian
Government Information Security Manual (ISM)

the Director-General, Australian Security Intelligence Organisation for matters relating to
national security, and

the heads of any agencies whose people, information or assets may be affected.
256. Agencies are to withdraw all access to security classified resources for any person responsible for
a security violation as soon as reasonably practicable after the violation is identified.
4Security violation – a deliberate action that leads, or could lead, to the compromise of official resources; or an accidental failure that
leads to the compromise of CONFIDENTIAL or above material.
40
257. Agencies should make a risk based decision on whether to remove or restrict access for personnel
directly responsible for security breaches5 or conduct that indicates a disregard for security.
258. Agencies should reassess any clearance holder’s access when an investigation into a violation or
breach is finalised.
259. Agencies are to notify the vetting agency when a breach of the code of conduct or other
disciplinary finding has been made against a clearance holder, including any cases where a breach
is established following the clearance holder’s departure from the agency.
260. Agencies are to include security incidents as part of their compliance reporting requirements
detailed in mandatory requirement GOV7.
9.5. Change of sponsorship of security clearances
261. Where clearance holders are moving permanently from one agency to another and require a
security clearance for their new role, the gaining agency is to request a transfer of the clearance
sponsorship. Once transferred, the gaining agency has ongoing responsibility for the clearance
maintenance.
262. Gaining agencies are to only sponsor clearances at the level required for the position the person
will be occupying—e.g. the gaining agency will only sponsor an NV1 clearance for an existing NV2
holder who moves to a position requiring an NV1 clearance.
263. Agencies should advise the change of agency to the vetting agency.
9.6. Personnel on temporary transfer or secondment
264. Agencies should, in consultation with the person’s home agency, make a determination of
whether the clearance sponsorship should stay with the home agency or be transferred for the
duration of the transfer or secondment.
265. Where temporary personnel have been granted a security clearance by a State or Territory in
accordance with the PSPF, the clearance is to be recognised by the gaining agency for the period
of the transfer or secondment. Agencies should request confirmation of the clearance from the
vetting agency that granted the clearance.
9.6.1.
Clearance maintenance for personnel on secondment or
temporary assignment
266. Agencies are to agree on the clearance maintenance arrangements before a secondment or
temporary assignment commences.
267. Irrespective of the agreed clearance maintenance arrangements, agencies are to advise of any
identified security concerns that arise during the secondment or temporary assignment to the
5Security breach – an accidental or unintentional failure to observe the protective security mandatory requirements
41
home agency. This includes concerns identified after the secondment or temporary assignment
concluded.
9.7. Personnel on extended leave
268. Agencies are to have procedures to notify their agency security staff of personnel planning to go
on extended leave. The period will depend on the agency’s risk profile and any specific risks
associated with the position.
269. Agencies are to, where possible, resolve any security issues before the leave is taken.
9.8. Clearance maintenance for contractors
270. There are additional risks for the ongoing maintenance and management of security clearances
for contractors.
271. In addition to provisions outlined in Section 9 - Agency responsibilities for active monitoring of
clearance holders, contracts are to contain clearance maintenance provisions including:

arrangements for dealing with any reportable changes in circumstances and the reporting
and investigation of security incidents or breaches

the requirement for contract staff to protect the agency’s information and assets, and

ongoing security awareness training that includes the contracting company’s responsibility
to require contracted staff to:
-
protect the agency’s assets and information
-
report changes in personal circumstances, and
-
report suspicious, on-going, unusual or persistent contacts.
272. The agency should require the contracting company to inform the agency if an individual
employed by the company is/has:

employed on other concurrent contracts with other agencies or governments, so that all
affected agencies can be advised of any security concerns and can identify any conflicts of
interest

employed on any new contracts

been expelled from an accrediting body

been arrested or is undergoing disciplinary proceedings

subject to law enforcement action or criminal legal proceedings, or

been dismissed, has resigned or is on long term leave.
273. The agency should include in the contract:

any standards of behaviour which it also expects employees to observe relating to code of
conduct and the application of protective security measures, and

provisions for revoking physical and ICT access upon a contracted staff member’s exit from
the company.
42
274. For further advice on protective security in contracting see PSPF—Governance arrangements—
Contracting and the Centre for Protection of National Infrastructure (UK) publication ‘The secure
procurement of contracting staff - a good practice guide for the oil and gas industry’.
9.8.1.
Clearance sponsorship of contractors that are no longer
actively engaged by an agency
275. Lead agencies are to advise vetting agencies that security clearance sponsorship has been
withdrawn for contractors when they are no longer actively engaged by that agency.
276. Vetting agencies are to notify any interested parties (other agencies) that the lead agency has
withdrawn sponsorship for the contractor. If the interested party requires the contractor to hold a
security clearance, they will need to take on sponsorship of that contractor. This includes the
responsibilities for clearance maintenance. For further information see Section 10.1.
43
10. Agency separation actions
Mandatory Requirement
PERSEC 9: Agencies must have separation policies and procedures for departing clearance holders, which
includes a requirement to:
 inform vetting agencies when a clearance holder leaves agency employment or contract engagement,
and
 advise vetting agencies of any security concerns.
10.1. Prior to separation
277. Prior to a clearance holder’s separation an agency is to:

debrief separating personnel who have access to:
-
Australian Government classified resources
-
codeword information (and advise the agency providing the codeword information),
and/or
-
caveat information.

remind the clearance holder of their continuing personal obligations under the Crimes Act,
Criminal Code and other relevant legislation, and

obtain formal acknowledgement of that continuing obligation.
278. Agencies are to report any security concerns (non-compliance with the separation procedures)
about departing clearance holders to the vetting agency and ASIO ( for security as defined in the
Australian Security Intelligence Organisation Act 1979(Cth)), particularly where the clearance
holder departs without having a security debrief.
279. The vetting agency is to place this information on the PSF where it will be reviewed prior to
consideration of any new vetting action.
280. If departing clearance holders do not cooperate with these procedures or are otherwise assessed
to pose a risk to security, the agency is to undertake a risk assessment and implement mitigations.
10.2. On separation
281. On separation of a clearance holder, an agency is to advise the vetting agency:

that the clearance holder has left, and

of the details, if known, of any other agency or contracted service provider the clearance
holder is transferring to
282. Agencies are to forward a copy of a signed recognition of continuing obligation to the vetting
agency.
44
283. Where employees leave before these actions have been completed, the agency security advisor is
to review the circumstances to ascertain whether there are any security related concerns.
284. The agency is to report any such concerns to the vetting agency and ASIO.
10.2.1.
Separation of contractors
285. Sponsorship of a contractor clearance ceases when the contractor no longer has a business
relationship with the sponsoring agency.
286. An agency should include in their contracts an obligation on the contracting company to advise
the agency when the contractor’s staff or sub-contractors with sponsored clearances have ceased
to work on the agency’s contract.
287. Agencies are to advise the vetting agency when a sponsored contractor no longer requires a
security clearance to access the agency’s security classified resources.
288. Vetting agencies are to advise any other known agencies using the contractor that the
contractor’s clearance is no longer sponsored by that agency, giving interested parties the
opportunity to assume sponsorship including the responsibilities for clearance maintenance of the
contractor.
45
Annex A: Request for variation of Special Minister of State’s
Determination 2012/1 for a Minister’s Electorate Officer
289. Under Determination 2012/1, a Minister’s Chief of Staff may request a variation of the security
clearance requirement from the Secretary of the Attorney-General’s Department where:

the person is an electorate officer

the electorate officer is not required to access, and will not come into contact with, security
classified information or resources:
-
above PROTECTED for electorate officers employed by a National Security Committee
of Cabinet (NSC) Minister, or
-
above SECRET for electorate officers employed by a non-NSC Minister.
290. The Secretary, Attorney-General’s Department will approve the request to vary the requirement for
a Negative Vetting Level 2 security clearance following a recommendation by the Portfolio
Department that confirms the electorate officer will not access security classified information or
resources above PROTECTED or SECRET as appropriate (see above).
291. The following security clearance levels are to apply:


Negative Vetting Level 2:
-
electorate officers for NSC Ministers who access security classified information or
resources above PROTECTED, and
-
electorate officers for Ministers who are not members of the NSC, and who access
security classified information or resources at TOP SECRET.
Negative Vetting Level 1:
-

electorate officers for Ministers who are not members of the NSC, and who access
security classified information or resources at CONFIDENTIAL and/or SECRET.
Baseline:
-
electorate officers who access official information and security classified information
or resources up to and including PROTECTED.
46
Request for variation of Special Minister of State’s Determination 2012/1
for a Minister’s Electorate Officer
All staff employed by Ministers, including Parliamentary Secretaries, employed under Part III of the Members of Parliament
(Staff) Act 1984 are required to be security cleared to Negative Vetting Level 2 unless:
 the staff member:
- is an electorate officer, and
- does not require access to, and will not be exposed to, security classified material
 the Minister’s Chief of Staff requests an exemption, and certifies the electorate officer will not access classified
material
 the Minister’s Portfolio Department endorsed the request for variation, AND
 the variation is approved by the Secretary of the Attorney-General’s Department
Minister’s Chief of Staff request for variation
I certify that Name of electorate officer
is an electorate officer for Minister’s name
and is not required to access, and will not come into contact with, TOP SECRET security classified material. I request a
variation of the requirement for the above electorate officer to hold a Negative Vetting Level 2 security clearance.
Name and phone number of Chief of Staff
Signature
Date
/
/
Forward request to the Agency Security Adviser of the Portfolio Department
Portfolio Department endorsement of request
Name of Portfolio Department
I endorse the request to vary the requirement for a Negative Vetting Level 2 security clearance for the above mentioned
electorate officer. I confirm he/she will not have access to TOP SECRET material, and may have access to or come in
contact with security classified material:

At or below PROTECTED

AT CONFIDENTIAL OR SECRET
(Tick whichever is applicable)
Name, position and phone number of endorsing officer
Signature
Date
/
/
Send to: Protective Security Policy Section, Attorney-General’s Department, 3-5 National Circuit, BARTON ACT 2600
Email: pspf@ag.gov.au
Approval of request
As the delegate for Secretary, Attorney-General’s Department, I vary the requirement for the above mentioned
electorate officer to be security cleared to Negative Vetting Level 2, subject to them undergoing:

Baseline

Negative Vetting Level 1

Variation not approved - Negative Vetting Level 2 required
(Tick whichever is applicable).
Name and position of approving officer
Signature
Date
/
/
Send to: Ministerial and Parliamentary Services, Department of Finance and Deregulation, Parkes Place, PARKES
ACT 2600
47