All you need to know about the DISP membership in Australia
The Defence Industry Security Program (DISP) has existed in some form since 1978. Today, it defines the chief security policy for persons, contractors, suppliers, and vendors who intend to work with the defence sector. It aims to meet the requirements of a modern Defence organisation and is open to any Australian business looking to work with a Defence organisation or expand their existing engagement with a Defence organisation.
It was revamped in 2019 to help businesses meet their security obligations while working on Defence projects and tenders in line with the needs of modern Defence organisations.
Introduction to DISP
DISP is a membership program that is becoming an important requirement to do business with a Defence organization. Simply put, DISP is a risk mitigation and assurance program that sets forth the minimum security requirements to enter the Defence supply chain.
The aims of the DISP are to:
- Allow companies to sufficiently prove that their practices safeguard information and assets while dealing with Defence organisation
- Help secure the Defence supply chain
- Establish good practices for risk mitigation
- Define and maintain responsibilities related to information security while partnering with Defence organisations
Why is DISP important?
DISP helps Australian businesses manage the risks involved in providing services, products, or capabilities to organisations in the defence sector. It helps protect the defence supply chain from security threats by assessing the business’ processes and security measures.
According to the Australian Department of Defence, suppliers need to have an adequate level of DISP membership in the below scenarios:
- The engagement involves working on sensitive or classified information
- The suppliers are involved in storing or transporting Defence ordnance
- The suppliers are providing security services that need them to be on the Defence premises
- DISP is needed as part of the mandatory requirement for working with Defence organisations
Please note that a DISP membership might not always be a mandatory requirement to do business with a Defence organisation. However, it is preferable to have the membership for those who want to supply to the defence sector. It is an important aspect of proving your commitment to information security.
Also, since many organizations in the defence sector now ask for DISP membership, it is fast becoming a part of business development activities. It definitely gives a competitive advantage for tendering and bidding.
DISP membership also gives companies an opportunity to join international supply chains involving those countries with which Australia has bilateral ties.
The requirements for joining DISP
Technically, any Australian company that intends to do business with the defence sector can join DISP. The detailed eligibility criteria are as below.
- The company must be registered as a legal business entity in Australia
- The company should have a designated CSO (Chief Security Officer) who has obtained an Australian security clearance
- The company should also have a designated officer for the role of a Security Officer
- The company should be financially solvent
- The company should submit a FOCI declaration (Foreign Ownership Control and Influence)
- The company should not be involved with listed terrorist groups, entities on DFAT’s consolidated list, and regimes subject to Australian sanction laws
- The company must meet the sustainability criteria and should be able to demonstrate that it can fulfil its delivery obligations on time
- The company has the resources to protect its ICT networks. (Having an ISO 20071 certification can evidence adequate ICT protection)
It is important to note that you don’t need to have an active contract with a Defence organisation to apply for a DISP membership. This was an important reform in the 2019 launch of the program. This change was to encourage more Australian businesses to improve their security practices and also explore defence sector opportunities.
Even after a business gets the DISP membership, there are certain ongoing requirements that need to be fulfilled. Below are the requirements.
- Continue to uphold the security of information and assets
- Retain the roles of Security Officer and Chief Security Officer in the company
- Ensure compliance with the Defence Security Principles Framework (DSPF)
- Ensure compliance with audit activities as directed by the Defence Security and Vetting Service
- Complete an Annual Security Report every year
- Record all overseas travel and make the information available when requested
- If there are any company-level changes that can affect the DISP membership, these changes must be reported
DISP Membership Levels
After the DISP revamp in 2019, the program has tiered membership levels. A supplier needs to attain the appropriate level based on the nature of engagement they have with the Defence organisation. The membership levels accredit different levels for the security categories.
The higher levels of membership require a more rigorous assessment. It is important to note that a company can have different levels of accreditation for different security categories. The Security Governance category is a reflection of the highest level of accreditation for other categories.
What is the cost of the DISP membership application?
There is no direct or upfront cost for applying or obtaining any level of DISP membership. However, implementation of the security measures to fulfil the eligibility criteria will entail appropriate costs.
It is quite possible that a company already has implemented adequate security practices in which case, there are no additional costs involved. However, in cases where the security framework is weak, companies will need to invest in security strengthening before applying for membership.
What are the benefits of joining DISP?
Below is a summary of the significant benefits of joining DISP.
- You can sponsor your own security clearance. However, this is not applicable to Entry Level DISP membership
- It opens up the opportunities to enter international supply chains
- It can align your processes with information security requirements making your business secure and compliant with security regulations
- You can get access to security training and materials
- Get access to advice and insights on the latest security trends
- Get access to defence security services when delivering contracts and tenders
The 6clicks platform with its powerful automation simplifies compliance. Get in touch with our experts and check out how the platform works with speed and accuracy.
Related useful resources
Written by Andrew Robinson
Andrew started his career in the startup world and went on to perform in cyber and information security advisory roles for the Australian Federal Government and several Victorian Government entities. Andrew has a Masters in Policing, Intelligence and Counter-Terrorism (PICT) specialising in Cyber Security and holds IRAP, ISO 27001 LA, CISSP, CISM and SCF certifications.