Your guide to the Defence Industry Security Program (DISP)

Right now, there are currently more than 100 Defence tenders available across Australia.

There will be fierce competition between businesses that have the capability to:

• Work on classified information or assets safely and securely
• Store or transport weapons and explosive ordnance
• Provide security services for Defence bases and facilities.

Defence requires membership in the Defence Industry Security Program and ISO 27001 certification. Here, we take a closer look at the Defence Industry Security Program and its tender procurement requirements.

What is the Defence Industry Security Program?

The Defence Industry Security Program (DISP) manages security risks in the Australian Defence Force (ADF). The goal is to generate more robust security outcomes and protect sensitive information.

The DISP:

• Allows all parts of Defence to manage security within their operational contexts.
• Encourages members to make good security decisions in line with DISP principles.
• Ensures the most appropriate people are setting the security requirements.
• Sets clear processes and accountabilities, underpinning the assurance of Defence protective security arrangements.

All Australian businesses can achieve DISP membership but you must meet the eligibility requirements outlined in Control 16.1 of the Defence Security Principles Framework.

Why should I join DISP?

DISP helps Australian businesses understand and meet their security obligations with Defence. With this in mind, DISP membership can give your business a great advantage over competitors in the industry supply chain.

DISP membership comes with a wide range of benefits for your own business:

• You achieve the right security requirements when delivering Defence contracts and tenders.
• You will have access to Defence security advice and support services.
• You will understand and manage security risks across your business.
• You will instil confidence when procuring goods and services for Defence from other industry members.

DISP membership is mandatory for almost all Defence tenders. The only exception is if:

• Your business is working on classified information in Defence facilities or networks.
• You have an applicable Security of Information Agreement or Arrangement (SIA).

DISP membership is not always mandatory but it is highly recommended for Defence or government contracts. Subcontractors may also need to apply for DISP membership to ensure the security of your supply chain.

You can discuss this with your Defence contract manager.

How can I increase my chances of achieving DISP membership?

DISP applicants must meet certain standards across the Defence corporate networks.

One of the recommended standards is ISO 27001: information security management. ISO 27001 is internationally recognised and outlines the requirements for an information security management system (ISMS).

An ISMS is a systematic approach to managing and protecting sensitive company information like financial information, intellectual property, employee details or information entrusted by third parties.

As well as providing confidence and assurance in the tender procurement process for Defence, an ISMS can have a wide range of benefits for your own business.

To achieve ISO 27001 certification, you will need to prove compliance with the requirements of the Standard.