Personnel Security Management Protocol

Australian Government Personnel
Security Protocol
Version 2.0
1 September 2014
Commonwealth of Australia 2013

All material presented in this publication is provided under a Creative Commons
Attribution 3.0 Australia licence (Creative Commons Licenses).
For the avoidance of doubt, this means this licence only applies to material as set
out in this document.
The details of the relevant licence conditions are available on the Creative
Commons website as is the full legal code for the CC BY 3.0 AU licence (Creative
Commons Licenses).
Use of the Coat of Arms
The terms under which the Coat of Arms can be used are detailed on the It's an
Honour website.
Contact us
Enquiries regarding the licence and any use of this document are welcome at:
Commercial and Administrative Law Branch
Attorney-Generals Department
35 National Cct
BARTON ACT 2600
Call: 02 6141 6666
Email: copyright@ag.gov.au
Document details
Security classification
Unclassified
Dissemination limiting marking
Publicly available
Date of next review
Under review
Authority
Attorney-General
Author
Protective Security Policy Section

Attorney-Generals Department
Document status
Version 2.0 approved 1 September 2014

replaces
Version 1
Table of contents
1.
Scope 1
1.1.
Introduction 1
1.2.
Status and applicability
1.3.
Terms used in this Protocol
1.4.
Agency responsibilities in personnel security 4
1.4.1.
Agency heads
1.4.2.
Line managers
1.4.3.
Agency personnel 4
1.4.4.
Need-to-know principle
1.5.
Policy exceptions
1.5.1.
1.6.
Functional equivalents
Sharing personal information
2.
Components of personnel security
3.
Identifying personnel security risk
3.1.
4.
Personnel security risk review
Employment screening
10
4.1.
Recommended employment screening 10
4.2.
Agency-specific employment screening checks
4.3.
Recording results of employment and additional agency specific

screening
11
4.3.1.
5.
Additional information
11
11
Ongoing suitability for employment
13
5.1.
Security awareness, training and education
5.2.
Performance management
5.3.
Conflict of interest 13
5.4.
Incident investigation
5.5.
Monitoring, evaluating and recording of ongoing personnel suitability

14
6.
13
13
14
Agency security clearance requirements
15
6.1.
Cooperation in the clearance process
15
6.2.
Identifying and recording positions that require a security clearance

15
6.2.1.
Security clearance levels 16
6.2.2.
Caveat and codeword access
6.2.3.
Contractors requiring security clearances
17
17
ii
6.2.4.
Persons employed under the Members of Parliament (Staff) Act
1984 (MoPS Act) 18
6.3.
Australian office holders
18
6.4.
Other access arrangements
19
6.4.1.
Foreign Nationals with non-Australian Government security
clearances
19
6.5.
Eligibility waivers (citizenship and checkable background) 20
6.5.1.
Eligibility waivers
20
6.5.2.
Non-Australian citizens
6.5.3.
Uncheckable backgrounds
6.5.4.
Conditions for clearances subject to an eligibility waiver
21
21
6.6.
Locally engaged staf
6.7.
State or Territory government security clearances
7.
22
22
23
Temporary access to classified information arrangements

24
7.1.
Temporary access conditions
24
7.1.1.
Types of temporary access
7.1.2.
Short term access 26
7.1.3.
Provisional access 27
7.2.
8.
8.1.
Temporary access for MOPS Act staf
27
Vetting agency responsibilities
28
Authority to make clearance decisions 28
8.1.1.
8.2.
25
Confirming eligibility for a security clearance 28
Assessing Suitability
28
8.2.1.
Supplementary checks and inquiries
29
8.2.2.
Mitigation
8.2.3.
Vetting agency consultation with sponsoring agencies
29
8.3.
Vetting decisions
8.4.
Failure to comply with the clearance process 29
8.5.
Personnel security checks for initial clearances
29
8.5.1.
Statutory declaration
8.5.2.
ASIO Security Assessment
8.6.
Reviews of security clearances
8.6.1.
Periodic Revalidations
8.6.2.
Reviews for cause 32
8.7.
Adverse findings
29
30
31
31
31
31
33
iii
8.8.
ASIO-initiated review of ASIO Security Assessment
8.9.
Reviews of security clearance processes and outcomes
8.10. Review of clearance decisions
33
33
34
8.11. Transfer of Personal Security Files
34
8.12. Recognition of clearances 34

8.13. Active and inactive clearances
35
8.14. Vetting staf training and qualifications 35

8.15. Vetting agencies management of outsourced vetting providers
9.
35
Agency responsibilities for active monitoring of clearance

holders
36
9.1.
Security awareness training for clearance holders
9.2.
Managing specific clearance maintenance requirements
9.3.
Annual health check
37
9.4.
Sharing of information
38
9.4.1.
37
Reportable changes of personal circumstances
37
38
9.4.2.
Contact reporting under the Australian Government Contact
Reporting Scheme
39
9.4.3.
Reporting security incidents to vetting agencies and other
appropriate agencies 39
9.5.
Change of sponsorship of security clearances 40
9.6.
Personnel on temporary transfer or secondment
40
9.6.1.
Clearance maintenance for personnel on secondment or
temporary assignment 40
9.7.
Personnel on extended leave
41
9.8.
Clearance maintenance for contractors 41
9.8.1.
Clearance sponsorship of contractors that are no longer actively
engaged by an agency 42
10.
Agency separation actions 43
10.1. Prior to separation 43

10.2. On separation
10.2.1.
43
Separation of contractors 44
Annex A: Request for variation of Special Minister of States

Determination 2012/1 for a Ministers Electorate Officer
45
iv
Amendments
No.
Date
Location
Amendment
1
2
3
4
1. Scope
Introduction
1.
The core policies of the Protective Security Policy Framework (PSPF) provide the
mandatory requirements for protective security in Australian Government
agencies. The Australian Government Personnel Security Protocol provides
more detailed advice for agencies to meet their mandatory personnel security
requirements.
2.
Personnel security is one element of good protective security management.

The Australian Governments personnel security measures determine the
suitability of personnel to access Australian Government resources. A suitable
person demonstrates integrity and reliability and is not vulnerable to improper
influence.
3.
Efective personnel security facilitates the sharing of Australian government

resources and is an essential mitigation tool to the threat posed by trusted
insiders.
4.
An agencys personnel security risk assessment should be incorporated into

the agencys security risk management process and other agency risk
management processes. Personnel security risk management may impact on,
and/or complement, information and physical security controls.
Status and applicability

5.
This Protocol forms part of the third level of the Australian Governments
personnel security policy hierarchy, as shown in Figure 1. This protocol and its
supporting guidelines will inform agency-specific personnel security policy and
procedures.
Figure 1 - Personnel security policy hierarchy
6.
7.
The Personnel Security Protocol derives its authority from the PSPF Directive
on the security of Government business, Governance arrangements, and the
Personnel security core policy and mandatory requirements. It should be read
in conjunction with:
the Australian Government information security management protocol
the Australian Government physical security management protocol
the Public Service Act 1999 (Cth) (PS Act)
the Privacy Act 1988 (Cth)
any agency specific legislation and/or guidance, and
the Personnel Security Guidelines.
Positive Vetting (PV) security policy (developed by the Inter-Agency Security

Forum) is detailed in the Sensitive Material Security Management Protocol
(SMSMP). Distribution of the SMSMP is limited to agency security advisers with
a need to know.
Terms used in this Protocol

8.
9.
In this Protocol the use of the terms:
need to refers to a legislative requirement that agencies must meet
are to or is to are controls that support compliance with the mandatory

requirements of the personnel security core policy
should refers to better practice. Agencies are expected to apply better

practice unless the agency risk assessment has identified reasons to apply
other controls, and
required is used as common language and has no special meaning in

this protocol.
Unless otherwise stated, the use of:
personnel in this protocol refers to employees, contractors and service

providers as well as anybody else who is given access to agency assets as
part of agency sharing initiatives
employment screening refers to screening undertaken by an agency

prior to employment of staf or engagement of contractors
Australian Government resources refers to the collective term used

for Australian Government people, information and assets, and
vetting agency refers to the Australian Government Security Vetting

Agency (AGSVA), authorised agencies and State and Territory vetting
agencies.
Financial statement provides a detailed summary of a clearance

subjects assets, income, liabilities and expenditure.
Financial history check - provides an overview of a clearance subjects

financial history.
10. Clearance decisions/status:
ineligible refers to a determination by a vetting agency that a clearance

subject is not eligible for an Australian Government security clearance as
they do not hold Australian citizenship and/or have a checkable
background
deny refers to a determination by a vetting agency that a clearance

subject is not eligible to hold a Australian Government security clearance
at one or more clearance levels
grant refers to a determination by a vetting agency that a clearance

subject is eligible and suitable to hold an Australian Government security
clearance
grant conditional refers to a determination by a vetting agency that

the clearance subject is eligible and suitable to hold an Australian
Government security clearance with conditions and/or after care
requirements are attached to the clearance
cancel refers to a Security clearance initiated, but not completed by the

vetting agency as the sponsorship of the clearance was removed at the
request of the sponsoring agency, the sponsorship or clearance
requirement could not be confirmed, or the clearance subject was noncompliant with the clearance process
active refers to a maintained security clearance that is sponsored by an

Australian Government agency, and being maintained by a clearance
holder and sponsoring agency
inactive refers to a security clearance that is within the revalidation

period, however the clearance:
is not sponsored by an Australian Government Agency
is not being maintained by the clearance holder for a period greater

than six months due to long term absence from their role
for the Positive Vetting level is within re-evaluation period but is

unsponsored; however, an annual security check was completed
within the last two years
can be reactivated or reinstated provided the clearance is

sponsored by an Australian Government agency before the end of
the revalidation period, and
cannot be reactivated until all change of circumstances notifications

covering the period of inactivity have been assessed by a vetting
agency.
expired refers to a security clearance that:

-
is outside the revalidation period and is not sponsored by an

Australian Government agency
3
is a PV clearance and did not have an annual security appraisal

completed within a two year period
cannot be reactivated and reinstated, and
reverts to an initial security clearance assessment process if an

Australian Government agency provides sponsorship after the end
of the revalidation period.
Ceased refers to a security clearance:

-
that has been denied or revoked
that may have time-based conditions on when a clearance subject

or holder can reapply for a security clearance, and
where the clearance subject or holder is ineligible to hold or

maintain a security clearance.
11. Additional terms used in this Protocol can be found in the PSPF Glossary of
Terms.
Agency responsibilities in personnel

security
12. Efective personnel security management is a responsibility of all agency
personnel including, senior management, line managers, HR areas, and
security areas.
Agency heads
13. Responsibility for development, implementation and maintenance of personnel
security management ultimately rests with the agency head.
14. Agency heads set:
leadership/vision and values
employment standards
the agencies risk tolerance, and
culture through policy, procedures and education.
Line managers
15. Line managers play a key role in personnel security. They are more likely than
agency security staf to have a detailed and accurate knowledge of their
employees and the duties of a position in their work area.
16. Line managers are responsible for:
positively influencing the protective security behaviour of their personnel
monitoring employee behaviour, and
reporting any concerns about a staf members suitability for access to

official resources to the agency security section
4
Agency personnel
17. All agency personnel are responsible for:
applying the need-to-know principle
being aware of the importance of their role in, and responsibility for,
ensuring the maintenance of good personnel security practices throughout
the agency
reporting issues of concern
complying with agency pre-engagement, ongoing suitability and security

clearance processes, and
complying with Australian Government-wide and agency-specific

standards for the protection of Australian Government security classified
resources.
Need-to-know principle
18. Agencies are to limit access to, and dissemination of, Australian Government
resources to those personnel who need the resources to do their work.
19. Agencies are to limit access to, and dissemination of, Australian Government
security classified resources to those who hold the appropriate level of
clearance.
20. Agencies are to provide information on the need-to-know principle to all
personnel as part of their security awareness training.
Policy exceptions
21. Exceptional circumstances or emergencies may arise that prevent agencies
from applying relevant controls identified in the PSPF. These may be either of
an ongoing or of an emergency nature.
22. Policy exceptions can be made for an are to or is to statement. By making
a policy exception, an agency head is acknowledging that the agency:
is not applying the specified control
is aware of and willing to accept the risk posed to their agency, and
will manage the risk in another way.
23. Agencies cannot make policy exceptions to AUSTEO and Eyes Only access
requirements. For further information see Foreign Nationals with non-Australian
Government security clearances.
24. Agencies are to document their policy exceptions, including the risk
assessment, in accordance with their agency specific policies and procedures.
25. Where appropriate, policy exceptions and risk assessments may cover policy
decisions relating to types of activity, rather than individual instances.
5
Functional equivalents
26. Where agencies use alternative personnel security measures that provide the
same or better functionality than specified controls, a policy exception is not
required.
27. Before agreeing to the use of alternative protective security measures an
agency head, or delegate, should seek expert advice to confirm that the
technical performance requirements of the proposed measures meet or exceed
those of the specified control.
28. For further information see Governance arrangements Audit, reviews and
reporting.
Sharing personal information

29. The Australian Government expects agencies and vetting agencies to share
information relevant to the ongoing suitability of personnel to access Australian
Government resources.
30. Agencies are to obtain written ongoing consent from all personnel (existing
and potential) to share information with other agencies for the purposes of
assessing their ongoing suitability. This includes employment screening and
security clearance processes. A template informed consent form is provided at
Annex C of the Personnel security guidelines Agency personnel security
responsibilities and Annex H of the Personnel security guidelines Vetting
practices
31.Sharing relevant information does not breach an individuals privacy provided
that informed consent is received and the information is used for the purpose
for which consent is provided. For further information see Annex D of the
Personnel security guidelines Agency personnel security .
32. In order to prevent or minimise the impact of security concerns agencies may
provide relevant information about personnel to:
law enforcement agencies
intelligence agencies
potential gaining agencies (prior to personnel transferring), and
other agencies that are afected by a security concern.
33. Agencies are to include a contractual requirement for service providers and
contracting companies to seek written consent to share information with the
agency from all the service providers or contracting companys personnel who
may access the agencies resources. The agency may then on behalf of the
Commonwealth share this information with other agencies for the purposes of
assessing suitability to access Australian Government resources. See Annex C
of the Personnel security guidelines Agency responsibilities for a template
informed consent form.
34. For further advice on protective security in contracting see Governance

arrangements Contracting.
2. Components of personnel security

35. Personnel security comprises three major components:
employment screening;
maintaining ongoing suitability, and
separation activities.
36. An agencys approach to personnel security is to be comprehensive and

ongoing. The following table gives examples of measures at the various stages.
Table 1 Summary of personnel security components

Personnel security measures
Examples of tools, techniques

and services
Employment checks
Identity proofing
National Identity Proofing

Guidelines including
document verification
Eligibility
Australian Citizenship (or

correct visa)
Qualification checks
Certificate verification for

mandatory qualifications
Previous employment checks
Referee checks
Criminal records check
No exclusion check under the

spent conviction scheme
unless agency has partial or
full exemption,
Agency specific checks
Credit checks, drug

screening, etc.
Monitoring & evaluation
Maintaining ongoing suitability
Education
Stage
Initial security
clearances
Suitability assessments by
vetting agencies
Countering
manipulation
Employee security awareness

programs, contact reporting
scheme
Security culture
Using incentives to
encourage the reporting of
security issues
Access controls
Physical and logical access

privileges
IT passwords, access passes,

codes
Protective
monitoring
Physical access and IT

systems monitoring
System audit processes
Investigations
Gather evidence about

security breaches for possible
Code of Conduct or criminal
prosecution
Ongoing
employment
suitability checks
Change of circumstances
Agency specific screening
Periodic credit checks, drug

screening, etc.
Security clearance
maintenance
Periodic revalidations
Annual health check
Change of circumstances
Contact reporting
Separation activities
Reviews for cause

Ongoing obligations
briefing
Post-employment personnel
security obligations under
Crimes Act/ Criminal Code
and other legislation
Security clearance debrief

Exit interview
Withdrawal of
access
Cancelling ID passes and ICT

access
Security clearance
actions
Advice to vetting agency of

the separation
Advice to ASIO where
security concerns are present
3. Identifying personnel security risk

Mandatory Requirement
security activity across their organisation, in accordance with the Australian Standard AS/NZS
ISO 31000:2009 Risk ManagementPrinciples and Guidelines and the Australian Standards
HB 167:2006 Security risk management
37. An agencys protection against threats is only as good as the weakest element
of its protective security (governance, information security, physical security
and personnel security).
38. Adopting a comprehensive, risk-based approach to personnel security is
important in the protection of an agencys resources because:
it identifies an agencys vulnerability to a range of insider and other

threats
it allows appropriate mitigation strategies to be implemented to manage

these risks, and
it delivers a level of assurance about the credentials and integrity of the

agencys workforce.
39. Agencies are to have personnel security measures that:
meet other agencies expectations for information sharing arrangements,

and
meet or exceed the minimum controls for the protection of Australian

Government resources.
Personnel security risk review

40. The use of appropriate personnel security measures can prevent or deter a
wide variety of insider and other threats that may include:
the disclosure or altering of Australian Government information
the use of Australian Government resources without authorisation
corruption, theft or fraud
sabotage, or
unauthorised third party access to Australian Government resources.
41. For further advice see Managing the Insider Threat to your Business.
42. Based on their personnel security risk review, agencies are to determine what
checks are required for employment screening, ongoing suitability to access
agency resources and for separation from the agency. These may include
agency specific employment screening checks or security clearances. For
example, the Australian Federal Police have a program of random drug and
alcohol testing.
10
43. For further advice on undertaking a personnel security risk review, see the
United Kingdom Centre for the Protection of National Infrastructure publication
Personnel Security Risk Assessment: A guide.
11
4. Employment screening
PERSEC 1: Agencies must ensure that their personnel who access Australian
Government resources (people, information and assets):
are eligible1 to have access
have had their identity established
are suitable2 to have access, and
agree to comply with the Governments policies, standards, protocols and

guidelines that safeguard the agencys resources from harm.
44. Agency heads set the minimum suitability requirements for all new staf
employed in their agencies, based on the agency risk assessment, any agencyspecific legislation and the Australian Governments expectation that agencies
have in place measures to facilitate resource sharing. These requirements are
normally conditions of engagement or ongoing conditions of employment and
may include character checks and security clearances. For further advice see
the Australian Public Service Commission publication Conditions of
engagement.
45. Agencies are to ensure all personnel agree that they are responsible for
safeguarding against loss, misuse or compromise any Australian Government
resources for which they are responsible by obtaining a signed confidentiality
agreement.
46. All personnel requiring ongoing access to Australian Government security
classified information or resources are to have security clearances. This
includes contractors and service providers; see Section 6 - Agency security
clearance requirements.
47. Agencies need to confirm that the person is an Australian Citizen or has a
valid visa with work rights, by sighting the documents in support of citizenship
or visa. For further information see the Department of Immigration and Border
Protection.
Recommended employment screening

48. Agencies are to undertake employment screening for all new personnel. This
screening will allow access to unclassified official resources.
49. Agencies should undertake employment screening that meets or exceeds the
Australian Standard 4811-2006: Employment Screening .
For agencies enabled by the Public Service Act 1999 eligibility refers to the requirements
for engagement of APS employees listed in section 22 of the Public Service Act 1999.
Agencies not enabled by the Public Service Act 1999 should refer to the requirements of
engagement of personnel contained within their own enabling legislation.
2
To be suitable personnel need to demonstrate qualifications and/or experience required
of the position including satisfaction of any agency specific requirements. Agency specific
requirements may include demonstration and compliance with relevant codes of conduct
(e.g. APS Code of Conduct), behaviours and/or values.
1
12
50. Further details on assessing employment screening checks are in the Personnel
security guidelinesAgency personnel security responsibilities.
51. Agencies should, based on their risk assessment, undertake periodic
reassessments of suitability for employment.
Agency-specific employment screening

checks
52. Additional screening checks (e.g. drug and alcohol testing) are agency-specific
and are separate from the security clearance process.
53. Additional screening may include:
conducting a credit reference check
obtaining a conflict of interest declaration, or
obtaining a signed Statutory Declaration from the person declaring all

information provided to the agency is truthful and complete.
54. Agencies should advise applicants where additional screening is required as

part of a condition of engagement or an ongoing condition of employment.
Agencies should identify this requirement when advertising a vacancy or
before ofering employment.
55. While a prospective employee may meet the minimum requirements for an
Australian Government security clearance, he or she may not meet the
agencys screening requirements and vice-versa.
56. If agency-specific checks identify issues relevant to a clearance subjects
suitability for a security clearance the agency is to share this information with
the vetting agency.
57. If agency specific checks identify issues relevant to national security, the
agency is to share this information with ASIO.
58. The vetting agency/ASIO may instigate supplementary security clearance
assessments as a result of this information.
59. Agencies are responsible for reviews of their agency specific checks.
Recording results of employment and

additional agency specific screening
60. Agencies are to record the results of the employment screening for successful
applicants and any additional agency specific screening relating to each
person.
61. Agencies should, based on their operating requirements, determine whether
to create a separate Personal Security File for each employee or add the results
to their personnel file.
13
Additional information
62. Additional information on employment screening is available from:
AS4811-2006: Employment Screening
HB 323-2007: Employment Screening Handbook
AS 8001-2008: Fraud and Corruption Control
Preventing, Detecting and Dealing with Fraud- Rule
APS Conditions of engagement.
14
5. Ongoing suitability for employment

Mandatory Requirements
PERSEC 2: Agencies must have policies and procedures to assess and manage the
ongoing suitability for employment of their personnel.
GOV 1: Agencies must provide all staf, including contractors, with sufficient information
and security awareness training to ensure they are aware of, and meet the requirements
of the PSPF.
63. An agencys policies and procedures to assess and manage the ongoing
suitability for employment of their personnel will be determined by the
agencys security risk assessment; see Section 3 -identifying personnel
security risks.
Security awareness, training and education

64. Security awareness, training and education provide personnel with information
on their responsibilities under the PSPF and their agency specific
responsibilities. Training may include induction sessions, attaining formal
qualifications and professional development.
65. Agencies are to determine specific security training or briefings required by
their personnel. This may include but is not limited to:
personal safety and security measures in agency facilities and in the field
confidentiality requirements for information, including intellectual property
self-managing risk
information control measures (need-to-know)
overseas travel safety and security
contact reporting
incident reporting
unusual and suspicious behaviour, and
handling and security requirements for valuable assets.
66. For further advice see the Protective security governance guidelines Security
awareness training.
Performance management
67. Agencies should include personnel security compliance as part of their
personnel performance management.
Conflict of interest
68. Public confidence in the integrity of personnel is vital to the proper operation of
government. Confidence may be jeopardised if the community perceives a
15
conflict of interest. Personnel need to be aware that their private interests,

both financial and personal, could conflict with their official duties.
69. Ultimately it is the agency head's responsibility to determine what actions are
taken where there is a conflict. While it is best to avoid a conflict, it is not
always practical. Agencies are to establish processes that deliver efective
personnel security outcomes and that withstand scrutiny.
Incident investigation
70. Agencies are to investigate reports of a security incident in accordance with
their agency specific policies and procedures.
71. Agencies are to consult with the AFP, jurisdictional police, ASIO and/or ASD
where the security incident may have criminal or National Security
implications.
72. For further details on undertaking an investigation see Protective security
governance guidelinesReporting incidents and conducting security
investigations and the Australian Government Investigation Standard s .These
guidelines also provide advice on referring matters to the appropriate law
enforcement agencies, ASIO and the Australian Signals Directorate, depending
on the nature of the incident.
Monitoring, evaluating and recording of

ongoing personnel suitability
73. Employment screening and subsequent employment checks provide only a
snapshot of the employees suitability at a point in time.
74. Based on their personnel security risk assessments, agencies are to have
policies and procedures in place to monitor ongoing suitability of staf. These
may include:
requiring managers to monitor all personnels continuing suitability to

access Australian Government resources
advising personnel what personal behaviours or concerns that they are

required to reporte.g. criminal arrests or convictions, change of
circumstances, contacts that are suspicious, on-going, unusual or
persistent and other significant incidents. For more information see
Section 8 - Agency responsibilities for active monitoring of clearance
holders
providing guidance to personnel on reporting suspect conduct by other

personnel, and
undertaking periodic employment re-screening.
75. Agencies should determine the period between original screening and any
subsequent re-screening. The period will depend on the agencys risk profile
and any specific risks associated with the position.
16
76. Agencies should record the outcomes of their monitoring and evaluations on
the same file as any employment screening results.
17
6. Agency security clearance requirements

77. Agency heads may require a security clearance as a condition of employment.
A security clearance is a determination by a vetting agency that an individual
is suitable to access security classified resources.
Cooperation in the clearance process

78. Agencies are to advise clearance subjects of their responsibilities to comply
with the vetting process. Where possible, agencies should assist clearance
subjects to provide accurate and complete information that is timely.
79. Clearance subjects are to cooperate with the vetting agency throughout the
clearance process, including by providing within the timeframes advised:
a completed clearance pack
copies of any requested supporting documents, and
complete and truthful responses.
80. Vetting agencies are to cancel the clearance process for any failure to
cooperate in the clearance process. Agencies are to remove any access to
Australian Government security classified resources from clearance subjects, if
advised by the vetting agency that the clearance has been revoked or the
process cancelled.
81. Agencies are to apply this control to all personnel, irrespective of their position
or duties.
82. Agencies are not to use temporary access provisions to provide access to
Australian Government security classified resources to personnel that are not
actively cooperating with the vetting process.
Identifying and recording positions that

require a security clearance
PERSEC 3: Agencies must identify, record and review positions that require a security
clearance, including the level of clearance required.
PERSEC 4: Agencies must ensure their personnel with ongoing access to Australian
Government security classified resources hold a security clearance at the appropriate
level, sponsored by an Australian Government agency.
83. Anyone requiring ongoing access to Australian Government security classified
resources is to hold a security clearance at the appropriate level.
84. An agency head or their delegate is to decide if a role or position requires a
security clearance.
18
85. An agency head may require that all agency staf in a particular category be
cleared to a specified level. Factors that may influence this decision include:
the nature of the agencys business
an agencies risk assessment
the need to access the agencys security classified information or

resources or ICT systems, or
the need for increased levels of assurance of employees suitability to

perform particular roles.
86. Agencies may use security clearances as an assurance measure in addition to

their employment screening and agency specific controls for positions where
the agency risk assessment deems the security clearance process is to apply.
87. Positions that have a business impact level of high or above may include those:
whose occupants have access to aggregations of information or assets, or
where the nature of the position requires greater assurance about a

persons integrity; for example, a higher level of clearance with greater
background checking to support fraud mitigation or as an anti-corruption
measure.
88. Agencies should assess whether the checks undertaken for a security
clearance provide the required level of assurance or whether agency-specific
checks will better meet their needs.
89. Agencies are to maintain a register of positions that require a clearance.
Before advertising a position, agencies are to identify:
if the position requires a security clearance
the level of clearance required
whether the clearance is for access to Australian Government security

classified information or to give a level of assurance, and
when the requirement for a security clearance will be reassessed.
90. Agencies should periodically reassess the security clearance requirement for
positions, at least each time the position becomes vacant and before it is
advertised.
Security clearance levels

91. There are four security clearance levels:
i.
Baseline provides ongoing access to information or resources up to and

including PROTECTED.
ii.
Negative Vetting Level 1 provides ongoing access to information or

resources up to and including SECRET.
iii.
Negative Vetting Level 2 provides ongoing access to information or

resources up to and including TOP SECRET.
19
iv.
Positive Vetting provides access to certain types of sensitive,

caveated, compartmented and codeword information. PV is an additional
process that is designed to ensure, beyond reasonable doubt, that a
candidate is suitable to access the highest classification of security
classified and caveated information. PV builds upon the requirements for
the granting and maintenance of Negative Vetting Level 2. PV
requirements are managed by the Inter-Agency Security Forum on behalf
of the Australian Intelligence Community and are detailed in the Sensitive
Material Security Management Protocol (SM SMP) which is only available
to Agency Security Advisers.
SECRET
CONFIDENTIAL
PROTECTED
UNCLASSIFIED with a
DISSEMINATION LIMITING MARKER
UNCLASSIFIED
Positive vetting
Negative vetting level 2
Negative vetting level 1
Baseline
1
Compartmented Information
Certain
Sensitive and
TOP SECRET
Table 2 Information access requirements
Notes:
1. Access to Sensitive and Compartmented Information is detailed in the Sensitive
Material Security Management Protocol (SMSMP) which is only available to those with
a need to know.
2. In certain limited circumstances Compartmented information is available at the NV2
level. For further information see the SMSMP.
Caveat and codeword access

92. Agencies are to liaise with the agency responsible for administering a caveat
or codeword to determine the personnel security measures required in addition
to a security clearance. This could include but is not limited to:
specific compartment briefings, and
reporting or restrictions on overseas travel.
93. For further information on access to caveats and codewords, refer to the
Australian Government Information Core Policy and supporting Protocol and
guidelines; and the SMSMP.
20
Contractors requiring security clearances

94. Agencies are to identify contractors requiring security clearances for access to
security classified information and resources or those requiring a security
clearance as a level of assurance, as part of the procurement process.
95. Agencies engaging contractors who will require security clearances are to
sponsor the contractors clearance. See Governance arrangements
Contracting.
96. Contractors may work concurrently for a number of agencies. The agency that
is to sponsor a contractor is the agency:
first engaging the contractor where a security clearance is required, or
requiring the highest level of security clearance.
97. The lead agency for a contract is to sponsor all contractor clearances where a
single contract covers a number of agenciese.g. as the result of a panel
arrangement.
98. The lead agency is to ensure that they have arrangements (policies and
procedures) in place to ensure the ongoing suitability of contractors in
accordance with this protocol. For further information see Section 8.8
clearance maintenance for contractors.
99. Lead agencies are to ensure that ongoing suitability assessments of
contractors are included in the contract.
100. If an interested party becomes aware of a contractors change in
circumstances, the interested party is to inform the vetting agency. The
vetting agency is to inform all other interested parties. For further information
on sharing see Section 1.6 - Sharing Personal Information.
Persons employed under the Members of Parliament (Staf)

Act 1984 (Cth) (MoPS Act)
101.
Special Minister of State Determination 2012/1 directs that Ministerial
staf employed under Part III of the Members of Parliament (Staff) Act 1984
(Cth) need to obtain and maintain a Negative Vetting Level 2 security
clearance. This direction allows for variation in certain circumstances for
electorate officers. For further information see Annex A: Request for variation
of Special Minister of States Determination 2012/1 for a Ministers Electorate
Officer.
Australian office holders

102. The following Australian office holders are not required to hold a security
clearance to access Australian Government security classified information
while exercising the duties of the office:
Members and Senators of the Commonwealth, State and Territory

Parliaments
21
Judges of The High Court of Australia, The Supreme Court, Family Court of
Australia, The Federal Circuit Court of Australia and Magistrates
Royal Commissioners, and
the Governor-General, State Governors, Northern Territory Administrator,

and
members of the Executive Council.
103. Other appointed office holders may have enabling legislation which gives the
same privileges as the people identified in the preceding paragraphe.g.
Members of the Administrative Appeals Tribunal and Members of the Social
Security Appeals Tribunal.
104. Personnel of the office holders in paragraphs 100 and 101 are not exempt from
the requirements for a security clearance and are to be security cleared to the
appropriate level if they require ongoing access to security classified
information.
105. An Australian officer holders exemption from the requirements of the PSPF is
limited to the requirement for a security clearance. Agencies responsible for
managing protective security for Australian office holders are to ensure that
classified material in their possession is appropriately safeguarded at all times
in accordance with the PSPF.
Other access arrangements

Foreign Nationals with non-Australian Government
security clearances
GOV 10: Agencies must adhere to any provisions concerning the security of people,
information and assets contained in multilateral or bilateral agreements and
arrangements to which Australia is a party .
106. Foreign nationals routinely contribute to Australias National Interest through
exchange, long-term posting and/or attachment to the Australian Government.
107. Foreign nationals can only access Australian Government security classified
information and resources under an Agreement or Arrangement 3 if they:
access the information in accordance with that Agreement or

Arrangement, and
hold a security clearance granted by their national government which is

recognised by the Australian Government in accordance with the
Agreement or Arrangement.
An agreement or an arrangement includes treaties, security of information agreements

and memorandums of understanding.
3
22
108. Agencies are not to permit non-Australian citizens access to information

caveated Australian Eyes Only (AUSTEO). Non-Australian citizens can only
access other Eyes Only information if they are a citizen of a country included
in the Eyes Only caveat.
109. Agencies cannot make policy exceptions to AUSTEO and Eyes Only access
requirements. For further details see Information security management core
policy
110. In limited circumstances foreign nationals may access information caveated
Australian Government Access Only (AGAO). AGAO is used by the Department
of Defence, ASIS and ASIO. These agencies may pass information marked with
the AGAO caveat to appropriately cleared representatives of foreign
governments.
111. AGAO material received in other agencies is to be handled as if it were marked
AUSTEO.
112. For further details see Information security management guidelines
Australian Government security classification system.
Eligibility waivers (citizenship and checkable

background)
PERSEC 5: Before issuing an eligibility waiver (citizenship or checkable background)
and prior to requesting an Australian Government security clearance an agency
must:
justify an exceptional business requirement
conduct and document a risk assessment
define the period covered by the waiver (which cannot be open-ended)
gain agreement from the clearance applicant to meet the conditions of the
waiver, and
consult with the vetting agency

113. Agencies are to include details in their annual PSPF compliance report stating
numbers and levels of security clearances granted subject to:
citizenship waivers, and
uncheckable background waivers.
114. Only Australian citizens with a checkable background are eligible for an
Australian Government security clearance, unless these eligibility requirements
have been waived by the sponsoring agency head. Agency Heads need to be
aware that granting an eligibility waiver, does not guarantee that a clearance
will be granted by the vetting agency.
23
115. Sponsoring agencies are to confirm all clearance subjects are eligible, by
confirming citizenship and checkable background requirements, prior to
requesting a security clearance.
Eligibility waivers
116. An agency head may, under certain conditions waive the citizenship or
checkable background requirements for a person to be eligible for a security
clearance.
117. An agency heads decision to waive an eligibility requirement is to be based on
a thorough analysis of the risks to the Australian Government and the possible
impact on the National Interest. For further information see Personnel security
guidelinesAgency personnel security responsibilities.
118. Agency heads need to be aware of the inherent risks posed from a malicious
trusted insider when granting eligibility waivers. Any decision to grant a waiver
needs to be assessed against and linked to the agencys risks. Agency heads
need to be aware that by granting a waiver, they are taking on a risk that may
be detrimental to the Australian Government. If the documents supporting the
waiver do not fully detail the risks to the National Interest, mitigations and any
residual risks, the vetting agency may reject the request for security clearance.
119. The vetting agency is to record, or place, the waiver on the clearance subjects
Personal Security File.
120. An eligibility waiver is role-specific, non-transferable, finite and subject to
review. In other words, the waiver is to apply only while the clearance holder
remains in the position for which the clearance was granted.
121. The waiver is not to follow the clearance holder to any other position without
review. An eligibility waiver is not open-ended and is to be subject to regular
review to confirm that there is a continuing requirement for the waiver.
122. Agencies are to reassess eligibility waivers yearly.
Non-Australian citizens
123. An agency is to only grant an eligibility (citizenship) waiver where:
it has been identified that there is no Australian citizen who could fill the
position, and
the agency understands and agrees to manage the risk.
124. Permanent residence status is not an acceptable alternative to the citizenship

requirement.
125. The vetting agency may decline the request for clearance if, notwithstanding
the citizenship waiver, other minimum checks are unable to be made, or
standards met. It may not be possible for the vetting agency to conduct the
24
required checks overseas or, if checks can be conducted, to have confidence in

the level of assurance provided by the checks.
126. Non-Australian citizens are not to access information caveated Australian
Eyes Only (AUSTEO). Foreign nationals can only access other Eyes Only
information if they are a citizen of a country included in the Eyes Only caveat
and have a need to know. Agencies cannot make policy exceptions to AUSTEO
and Eyes Only access requirements.
Uncheckable backgrounds
127. A checkable background is established when a vetting agency has validated
information provided by a clearance subject with respect to their background
from independent and reliable sources.
128. A clearance subject has an uncheckable background when the vetting agency
cannot complete the minimum checks and inquiries for the relevant checking
period, or the checks and inquiries, where able to be made, do not provide
adequate assurance about the clearance subjects life or background. In these
circumstances, the vetting agency may decline the request for a clearance.
129. Any clearance subject that has spent greater than 12 months (cumulative) out
of Australia within the requisite background checking period is to be
considered to have an uncheckable background (if their periods of time out of
Australia cannot be verified from independent and reliable sources). If the
clearance subjects periods of time out of Australia cannot be verified from
independent and reliable sources, the subject is to be assessed by the vetting
agency as ineligible to be considered for an Australian Government security
clearance.
130. Vetting agencies are to consider the security risk to the Australian
Government as the primary factor when assessing whether a person is
considered to have a checkable background, and therefore whether they are
eligible to be considered for an Australian Government security clearance.
131. For an individual to be eligible for an Australian Government security
clearance, background checks should generally be able to be undertaken in
Australia. It is expected that individuals sponsored by agencies for an
Australian Government security clearance will have strong, established ties to
Australia.
Conditions for clearances subject to an eligibility waiver

132. Clearances granted with eligibility waivers are to be subject to strict
conditions. These may include conditions such as but not limited to:
the continuation of the eligibility waiver being conditional on the applicant

taking Australian citizenship as soon as they are eligible where the subject
has indicated they are actively seeking citizenship or do not have a valid
reason not to seek citizenship
25
the agency not allowing non-Australian citizens granted a waiver access to

Eyes Only information unless it includes the persons country of
citizenship and they have a need to know
the agency not granting access to security classified information from a

foreign government without the written agreement of that foreign
government or as outlined in the provisions of any information sharing
agreements, and
the agency limiting access to security classified information to that

required to perform the specific duty identified.
133. Sponsoring agencies are to ensure a person subject to a waiver follow any
conditions placed on the clearance. Sponsoring agencies are to advise vetting
agencies of any non-compliance with conditions of the waiver.
134. The vetting agency is to cease a clearance where the clearance subject does
not adhere to the conditions of the waiver.
135. The sponsoring agency is to reassess the waiver and advise the vetting
agency if the clearance subject changes duties.
Locally engaged staf

136. Locally engaged staf who are not Australian citizens, may be granted a
diplomatic mission clearance. Diplomatic mission clearances are recognised
as clearances within the mission they are granted, they are role specific and
are not portable. For information about locally engaged staf (LES) in diplomatic
missions contact DFAT.
137. The Australian Trade Commission (AUSTRADE) is a managing agency under the
Guidelines for Management of the Australian Government Presence Overseas
(February 2007). Accordingly, AUSTRADE conducts security screening for its
LES, and for those of attached agencies where applicable.
138. An agency may grant an eligibility (citizenship) waiver for LES where:
the preferred person for a position requiring a security clearance is not an

Australian citizen, and
the agency understands and agrees to manage the risk.
State or Territory government security

clearances
139. The Australian Government recognises security clearances up to Negative
Vetting 2 issued by the States and Territories if the clearance is undertaken for
their own personnel and has been processed in accordance with the Australian
Government Personnel Security Protocol and supporting guidelines. State and
Territory clearances may be transferred between other State and Territory
agencies and the Commonwealth. This is in accordance with the Memorandum
of Understanding on the Protection of National Security Information between
the Commonwealth and States and Territories (2007).
26
Note: The Australian Security Intelligence Organisation Act 1979 (Cth)

restricts ASIO from passing Security Assessments directly to the States and
Territories. Requests by the States and Territories for ASIO Security
Assessments are facilitated through the Attorney Generals Department or the
sponsoring Commonwealth agency.
27
7. Temporary access to classified

information arrangements
PERSEC 4: Agencies must ensure their personnel with ongoing access to Australian
Government security classified resources hold a security clearance at the appropriate
level, sponsored by an Australian Government agency.
GOV 6: Agencies must adopt a risk management approach to cover all areas of
protective security activity across their organisation, in accordance with the Australian
Standard for Risk Management AS/NZS ISO 31000:2009 and the Australian Standards
HB 167:2006 Security risk management.
140. Temporary access allows limited, supervised access to security classified
resources.
141. Temporary access is not a security clearance.
142. Temporary access provisions are not to apply to positions where security
clearances are used only as a measure of assurance, where there is no access
to classified information.
Temporary access conditions

143. Agencies are not to use temporary access provisions for routine business
needs or as a substitute for sound personnel management (for temporary
access provisions for MOPS personnel see section 7.2).
144. Agencies are to base any decision to approve temporary access on a
documented risk assessment. Agencies should consider any existing
mitigating factors as part of the risk assessmente.g. holding a security
clearance at a lower level, employment screening or any agency specific
checks undertaken. For further details on undertaking a temporary access risk
assessment, see the Personnel security guidelinesAgency personnel security
responsibilities.
145. Agency head written approval is to be sought and granted for any temporary
access arrangements.
146. Prior to granting temporary access the sponsoring agency is to confirm with
the vetting agency that there are no known concerns about the person who
may be given temporary access.
147. The vetting agency is to advise the sponsoring agency of any existing or prior
limitations on the person requiring access.
148. If advised of any concerns by the vetting agency, the sponsoring agency is to
base any decision to remove the clearance subjects temporary access to
security classified information and resources on a documented risk
assessment.
28
149. The sponsoring agency is to withdraw temporary access to security classified

resources if concerns cannot be mitigated.
150. Agencies are not to use temporary access arrangements for access to:
TOP SECRET classified resources unless the person requiring access holds
a Negative Vetting Level 1 clearance.
caveat, compartmented or codeword information.
151. Temporary access to TOP SECRET resources (where the person does not hold a
Negative Vetting Level 1 clearance), or caveat, compartmented or codeword
material may only be given after a policy exception is approved by the agency
head. Agencies should seek agreement from the information owners and
compartment controllers, prior to granting temporary access to TOP SECRET
resources.
152. Sponsoring agencies are to advise the vetting agency of any temporary
access approved. The vetting agency is to record the access on the clearance
subjects PSF and/or security records database.
Types of temporary access

153. There are two types of temporary access arrangements:
i.
short term access allows an employee access to Australian Government

classified resources where they do not hold a clearance at the appropriate
level and are not being assessed for a clearance or are yet to submit a
completed clearance pack, and
ii.
provisional access access to Australian Government classified

resources while a clearance subject is undergoing a clearance after they
have submitted a completed clearance pack.
29
Table 3 Summary of temporary access requirements

Short term access
Provisional access
Period of access
Maximum of 3 months in one

calendar year 2
Until clearance granted or

denied, or suitability concerns
are identified by the vetting
agency
Classified Resources
allowed
TS
SCI
TS1
S2, C2
TS
SCI
TS 1
S2, C2
Requirements:
documented risk assessment
Agency head written approval
The person and their manager have signed an undertaking

to protect official resources
Security briefing by home agency
Approval of information owner required
N/A
Risk mitigations may

include:
Agency specific checks
Clearance at a lower level
Complete pack with

vetting agency
Vetting agency advised

there are no obvious
suitability concerns
Knowledge of personal history

(TS TOP SECRET; S SECRET; C CONFIDENTIAL; P PROTECTED)
Notes:
1. Only allowed in exceptional circumstances with an existing NV1 clearance and agency
head approval (for temporary access provisions for MOPS personnel see section 7.2).
2. Only allowed in exceptional circumstances
Short term access

154. Short term access to Australian Government security classified resources may
be allowed where there is an unforeseen requirement for access. Short term
access is for a maximum of:
a continuous period of three months, or
an aggregation of shorter periods of no more than three months in one

calendar year.
155. Short term access to PROTECTED can be based on a business need.

156. Agencies are to only approve short term access to CONFIDENTIAL or SECRET
classified resources in exceptional circumstances where:
the exception is critical to the agency meeting its outcomes, and
the risks to the agency can be mitigated or managed.
157. Agencies are to only approve short term access to TOP SECRET classified
resources in exceptional circumstances where:
the person requiring access holds a Negative Vetting Level 1 clearance

30
the risks to any afected agency can be mitigated or managed.
Provisional access
158. Sponsoring agencies may approve provisional access for up to SECRET security
classified resources where there is a sound business case to support access
during the clearance process.
159. Agencies are to only approve provisional access to TOP SECRET classified
resources in exceptional circumstances where:
the person requiring access holds a Negative Vetting Level 1 clearance
160. Before granting provisional access, sponsoring agencies are to confirm with
the vetting agency that:
the clearance applicant has submitted a completed clearance pack and

required documents, and
there are no readily identifiable suitability concerns.
161. Agencies may approve provisional access until the clearance process is
complete. Agencies may change the type of temporary access from short term
to provisional once the vetting agency has confirmed it has received the
completed pack and advises there are no concerns.
Temporary access for MOPS Act staf

162. It is reasonable to expect that some staf employed by an Australian
Government Minister under the MOPS Act will require temporary access. This is
particularly relevant following any change of Government.
163. MOPS Act Staf may be given temporary access to TOP SECRET information,
where there is a need to know, without the requirement to hold a Negative
Vetting Level 1 clearance, subject to:
a detailed risk assessment
consultation with the information originators, and
164. MOPs Staf are not to be given temporary access to sensitive compartmented,
codeword or caveat information
165. A Ministers Portfolio Department should approve short term access for new
MOPS Act staf for the Departments Minister until their security clearances are
granted unless advised to withdraw the access due to concerns including noncompliance with the clearance process.
31
166. The vetting agency is to notify the Portfolio Department and the Department
of Finance of any concerns or non-compliance with the security clearance
process.
167. The Department of Finance is to advise Portfolio Departments of any
Ministerial staf whose clearance process has been cancelled for noncompliance with the security clearance process.
168. The Portfolio Department is to withdraw any temporary access to security
classified information for MOPS staf whose clearance process has been
cancelled. For more information see Section 6.1 - Cooperation in the clearance
process
32
8. Vetting agency responsibilities

PERSEC 6: Agencies other than authorised vetting agencies must use the Australian
Government Security Vetting Agency to conduct initial vetting and reviews.
PERSEC 8: Sponsoring and vetting agencies must share information that may impact on
an individuals ongoing suitability to hold a security clearance.
Authority to make clearance decisions

169. Only vetting agencies are authorised to make clearance decisions.
Confirming eligibility for a security clearance

170. Vetting agencies are to confirm citizenship and checkable background
eligibility for all clearance subjects.
171. If citizenship cannot be confirmed or there is an uncheckable background, the
vetting agency is to advise the sponsoring agency that the eligibility criteria
have not been met and the clearance request is cancelled.
172. Vetting agencies may impose an exclusion period that precludes the clearance
subject from re-applying until the eligibility criteria is satisfied.
173. Sponsoring agencies may choose to consult with the vetting agency to initiate
an eligibility waiver.
Assessing Suitability
174. Vetting agencies are to:
conduct all minimum mandatory checks, as detailed in Table 4, and any

appropriate supplementary checks, and collect all relevant, reliable and
independently verified information before assessing a clearance subjects
suitability to hold a security clearance
take into account the result of all checks and inquiries as the basis for
determining suitability
assess clearance subjects against common factor areas in accordance with

the Adjudicative Guidelines, as detailed in Section 5 of the Personnel
security guidelines - Vetting practices
resolve any doubts about suitability for access to security classified

resources in favour of the National Interest, and
identify any risk management or specific clearance maintenance

conditions relating to the clearance.
33
175. Vetting agencies should consider any information they become aware of, that
is relevant to suitability, even if the matters falls outside of the minimum
checking period.
176. The vetting agency is to deny a security clearance where any reasonable
doubts about the clearance subjects suitability that cannot be resolved.
Reasonable doubt exists when concerns regarding the suitability of a clearance
subject remain after all minimum and any supplementary checks are
completed.
Supplementary checks and inquiries

177. Vetting agencies are to conduct appropriate supplementary checks and
inquiries if the minimum checks are insufficient to clearly establish the
clearance subjects suitability or unsuitability. For further details on
supplementary checks see Personnel security guidelinesVetting practices.
Mitigation
178. Where the background assessment, including supplementary checks, identifies
a personal vulnerability, the vetting agency is to determine if there are any
mitigating factors. Mitigating factors are detailed in section 5 of the Personnel
security guidelines - Vetting practices
Vetting agency consultation with sponsoring agencies

179. Vetting agencies are to advise sponsoring agencies of any information
provided as part of the vetting process or ongoing clearance maintenance that
may impact on a persons suitability to access Australian Government
resources or where risk mitigation measures are required.
180. Vetting agencies are to consult with sponsoring agencies before granting a
security clearance that imposes additional clearance maintenance conditions.
181. If mitigation is not satisfied by agreement to additional clearance maintenance
conditions by either the clearance subject or sponsoring agency, the vetting
agency is to deny the clearance.
Vetting decisions
182. Vetting agencies are to base all vetting on an assessment of the whole person
See the Adjudicative Guidelines.
183. The vetting agency is to advise the clearance subject and sponsoring agency
in writing of the decision to grant including any risk mitigations, deny, deem
ineligible or cancel a security clearance and any conditions imposed.
34
Failure to comply with the clearance

process
184. The vetting agency is to cancel a clearance process and notify the sponsoring
agency where a clearance holder does not comply with the clearance process
requirements.
35
Personnel security checks for initial clearances

Table 4 Minimum personnel security checks and requirements for initial clearances 1
Postive Vetting
1.
Psychological assessment
2.
Negative Vetting 2
Financial probity check
Negative Vetting 1
Security interview
Security interview
Digital footprint checks
3.
4.
5.
Financial statement
6.
Financial statement
Suitability screening
questionnaire
7.
Baseline Vetting
Qualification verification
Police Records Check (No

Exclusion) 5
Financial history check8
questionnaire
ASIO assessment
Professional referee check
Financial statement 3 and

supporting documents
questionnaire
ASIO assessment
2
ASIO assessment
Qualification and document

verification
Referee checks (including 1

professional) 4

professional and 1 unnominated) 4

professional and 1 unnominated) 4
Police Records Check (Full

Exclusion) 5

Exclusion) 5

Exclusion)
Financial history check
10 year background check
Official secrets declaration
Statutory Declaration
Identity verification
Whole of life background check
Notes:
1.
2.
3.
4.
Suitability is assessed against the criteria contained in the Annex J of the Personnel security guidelines - Vetting practices
Qualifications checks should be part of an agency employment screening process where qualifications are claimed and/or mandatory.
Financial statement provides a detailed summary of a clearance subjects assets, income, liabilities and expenditure. see section 4.6.2 of the Personnel security guidelinesVetting
practices
Referees are to collectively cover the whole checking period. Professional checks are to cover at least the preceding 3 months. Additional referees may be required.
36
5.
6.
7.
8.
The application of spent convictions legislation will vary dependent on the jurisdiction in which the ofence occurred.
Identity checked in accordance with the Australian Identity Proofing Guidelines (level 3 for baseline and NV1 and level 4 for NV2 and PV). In addition to documentation to confirm
residential addresses, employment, supporting documentation is also required to confirm citizenship status, and if relevant overseas travel see Personnel security guidelinesVetting
practices.
For further details see the Sensitive Material Security Management Protocol
Financial history check - provides an overview of a clearance subjects financial history. See section 4.6.2 of the Personnel security guidelinesVetting practices further details on
financial history checks,
37
185. Table 4 shows the hierarchy of checks and processes that reflects the level of
assurance required for each level of security clearance.
Statutory declaration
186. Clearance subjects are to sign a Statutory Declaration made under the
Statutory Declarations Act 1959 (Cth) that confirms:
they have provided complete and truthful information to the vetting

agency
they have not altered the original documents or the copies provided to the
vetting agency, and
the original documents relate specifically to them.
187. For further information on the requirements see Statutory Declarations.
ASIO Security Assessment

188. Either the Commonwealth vetting agency, or the Commonwealth facilitating
agency for State and Territory assessments, is to obtain an ASIO Security
Assessment for all NV and PV clearance subjects. The only exception is where
the vetting agency has already assessed that the person would be unsuitable
for a security clearance regardless of any assessment ASIO might make. For
further information see Personnel security guidelinesVetting practices.
189. Vetting agencies are to provide ASIO with the details of any security concerns
about the clearance subject.
Reviews of security clearances

190. Vetting agencies are to undertake:
periodic revalidations of security clearances, and
reviews for cause for all clearances where concerns about a clearance
holders suitability to hold a clearance are identified. For further
information see Section 10.6.2 - Reviews for cause .
191. The vetting agency is to advise the clearance subjects sponsoring agency of
any review/investigation being undertaken by the vetting agency, to allow the
sponsoring agency to assess whether to deny access pending the outcome of
the review.
Periodic Revalidations
192. Vetting agencies are to periodically initiate revalidations of all Baseline,
Negative and Positive Vetting security clearances.
193. The requirements for the revalidation of security clearances are listed in Table
5. The table shows the hierarchy of checks and processes that reflect the level
38
of assurance required for each level of security clearance. Vetting agencies are
to undertake additional checks to resolve concerns on a case-by-case basis.
Table 5: Summary of minimum revalidation requirements

Baseline
Negative vetting
level 1
Negative vetting
level 2
Positive vetting
To be undertaken by
vetting agencies at
least every 15
years.
To be undertaken by
vetting agencies at
least every 10 years.
To be undertaken by
vetting agencies at
To be undertaken by
vetting agencies at
Updated personal
particulars covering
period since
previous vetting
Updated personal
period since previous
vetting
Updated personal
period since previous
vetting
Updated personal
period since
previous vetting
Police records check

(No exclusion)

(Full exclusion)

(Full exclusion)

(Full exclusion)
Financial history
check
Financial history
check
Financial history
check
Financial history
check
1 professional
referee check
1 professional referee
check
2 referee checks
(including 1
professional and 1
un-nominated)
3 Referee checks
(including 1
professional and 1
un-nominated)
ASIO check
ASIO check
ASIO check
Financial statement
Financial statement
Financial statement
and supporting
documents
Interview
Interview
194.
195.
196.
197.
Psychological
assessment
Reviews for cause

198. A review for cause may be initiated whenever a security concern regarding a
clearance subject arises.
199. Upon receipt of information raising concerns about the suitability of a
clearances holder, vetting agencies are to assess if a review for cause is
warranted.
200. Prior to initiating a review for cause the vetting agency is to advise the
sponsoring agency and interested parties (for contractors). If the sponsoring
agency or interested parties (for contractors) advises of any ongoing
investigation that might be compromised by the review for cause the vetting
agency should not commence the review until the investigation is complete.
201. Vetting agencies should advise the clearance subject prior to starting any
reviews for cause, and the reasons for the review.
202. Sponsoring agencies should advise the clearance subject of their responsibility
to comply with the review for cause process.
39
203. Vetting agencies are to undertake any checks required to resolve the
concern(s) that led to the initiation of the review for cause. This may include:
targeted checks to resolve an issue, or
a full revalidation if the concerns are wide ranging.
204. Vetting agencies are to advise both the clearance subject and the sponsoring
agency including interested parties (for contractors) of the review for cause
outcome.
Adverse findings
205. Decisions and actions taken during a security clearance could be subject to
judicial review. Vetting agencies will need to demonstrate that they have met
the requirements of procedural fairness. For further information see section 6.2
of the Personnel security guidelines Vetting practices.
206. Where a decision is made to deny a clearance, the vetting agency is to inform
the clearance subject of the procedures for seeking a review of the decision.
207. The vetting agency is to also advise the sponsoring agency of the decision to
deny the clearance.
208. Vetting agencies are to report any denial of NV and PV security clearances,
including any exclusion periods, to ASIO.
ASIO-initiated review of ASIO Security

Assessment
209. ASIO may provide preliminary advice to a Commonwealth agency regarding the
subject of an ASIO security assessment pending the issuing of a new ASIO
security assessment.
210. Section 39 of the ASIO Act permits Commonwealth agencies to take
appropriate action (such as suspending a persons security clearance and
preventing ongoing access to classified information) if the Commonwealth
agency is satisfied, on the preliminary advice from ASIO, that it is necessary to
take that action as a matter of urgency due to the requirements of security.
Any action taken is to be temporary pending receipt of a new ASIO Security
Assessment. Section 39(1) prevents Commonwealth agencies from taking
other prescribed kinds of action on the basis of preliminary advice from ASIO.
211. ASIO will normally liaise with the Commonwealth agency and the relevant
vetting agency in these circumstances.
Reviews of security clearance processes

and outcomes
212. Vetting agencies are to have procedures to resolve any grievances and are to
advise the clearance subject of these procedures as part of the clearance
process.
40
213. Vetting agencies are to resolve any grievances raised by the clearance subject
regarding:
the security clearance process, and
the manner in which the vetting agency conducted the clearance, or the
decision made.
214. Vetting agencies are to advise the clearance subject of these procedures as
part of the clearance process.
Review of clearance decisions

215. Clearance subjects or sponsoring agencies may seek a review of any security
clearance decision. The initial review is to be carried out by the vetting agency
responsible for denying or varying a clearance.
216. An application by a clearance subject for a review does not change the original
decision. A review may determine that the process was flawed and a new
process should be undertaken.
217. Clearance subjects may also seek external review. The avenue for review will
vary. Some examples are:
APS employees may seek review through the Australian Public Service
Commissioner or the Commonwealth Ombudsman, and
contractors may seek review through the Office of the Commonwealth

Ombudsman.
218. Any person may seek review through the Federal Court.
219. The delegate for the purposes of the review should be independent from the
original decision maker.
220. The Public Service Regulations 1999 (Cth) provides guidance on review
processes for APS employees.
221. The vetting agency and the clearance subject seeking the review are to cooperate fully with the review process.
Transfer of Personal Security Files

222. Vetting agencies are to transfer PSFsto the extent that their enabling
legislation allowsto the new vetting agency when a clearance holder
transfers to another agency covered by a diferent vetting agency. For further
information see Personnel security guidelinesVetting practices.
223. The receiving vetting agency is to address any anomalies within the incoming
clearance subjects PSF at the time of transfer.
224. Vetting agencies are to advise sponsoring agencies of any concerns with the
transferring clearance holder's PSF. The sponsoring agency can then make a
risk based decision on continuing access by the clearance subject to security
41
classified resources. For further information see Personnel security guidelines Vetting practices.
Recognition of clearances
225. Vetting agencies are to recognise the security clearances granted by another
vetting agency, unless:
the clearance has exceeded its revalidation period
the clearance was granted with an eligibility waiver, or
the vetting agency has concerns that the incoming clearance subject is no
longer suitable to access Australian Government security classified
resources at that clearance level.
Active and inactive clearances

226. An active clearance is a security clearance that is sponsored by an Australian
Government agency, and being maintained by a clearance holder and
sponsoring agency.
227. An inactive clearance is a security clearance that is within the revalidation
period, however the clearance:
is not sponsored by an Australian Government Agency
is not being maintained by the clearance holder for a period greater than
six months due to long term absence from their role, and
for the Positive Vetting level is unsponsored; however, an annual security

check was completed within the last two years.
228. Security clearances without sponsorship, but still within the revalidation period,
are considered inactivei.e. the clearance is not in use but has not been
cancelled as a result of a review for cause.
229. Upon notification of change of sponsorship for a clearance within the
revalidation period, the vetting agency is to identify the security clearances as
active, only once the vetting agency has assessed any changes of
circumstances.
230. Vetting agencies are to identify security clearances as active upon notification
of sponsorship by a new agency, where the clearance is within the revalidation
period subject to the vetting agencys assessment of any changes of
circumstances. For further information see the Personnel security guidelines Vetting practices.
Vetting staf training and qualifications

231. Vetting agencies are to use qualified personnel in the vetting process.
42
232. Vetting agencies are to:
provide appropriate initial and supplementary training to assessing

officers, and
assess, and periodically reassess, the competency of assessing officers.
233. See the Personnel security guidelines - Vetting practices for details of
qualifications, competencies and training requirements for vetting staf.
Vetting agencies management of

outsourced vetting providers
234. Vetting agencies are to ensure contractors engaged in vetting meet the
requirements of the PSPF and any agency specific polices or procedures. For
further information see Personnel security guidelines - Vetting practices.
43
9. Agency responsibilities for active

monitoring of clearance holders
PERSEC 7: Agencies must establish, implement and maintain security clearance policies
and procedures for clearance maintenance in their agencies.
PERSEC 8: Agencies and vetting agencies must share information that may impact on an
individuals ongoing suitability to hold an Australian Government security clearance.
GOV 1: Agencies must provide all staf, including contractors, with sufficient information
and security awareness training to ensure they are aware of, and meet the requirements
of the PSPF.
235. Clearance maintenance is a joint responsibility of vetting agencies, sponsoring
agencies and the individual clearance holder. The purpose of clearance
maintenance is to provide continuing mitigation to the risk from the malicious
trusted insider. It is an ongoing process throughout the life of a security
clearance.
236. Vetting agencies are responsible for the periodic review of clearance holders
suitability (revalidations) and conducting any reviews for cause when specific
issues or concerns arise that may afect a clearance holder's suitability. For
more information see Sections 10.6 - Reviews of Security Clearance and10.6.2
- Reviews for Cause.
237. Sponsoring agencies are responsible for their security clearance holders
(including Contractors). Sponsoring agencies are to:
providing security awareness training and security clearance specific

briefings
advise and remind clearance holders of their ongoing obligation to report

changes of circumstances and contacts that are suspicious, on-going,
unusual or persistent. For further information see the Personnel security
guidelines Agency personnel security responsibilities.
provide ongoing supervision and management of clearance subjects

including their suitability to access official resources
notify the vetting agency of other issues of security concern relating to the
ongoing suitability of clearance holders, including security incidents and
any concerns relating to integrity
manage any additional specific clearance maintenance requirements

agreed by the vetting agency and the sponsoring agency as a condition of
the security clearance, and
additional agency responsibilities for the ongoing clearance maintenance

of their contractors are detailed in Section 9.8 - Clearance maintenance
for contractors.
238. These responsibilities are in addition to the controls identified for all personnel
contained in Section 5 Ongoing suitability for employment.
44
Security awareness training for clearance

holders
239. Agencies are to ensure that people who have access to Australian
Government security classified resources, understand and accept their day-today security responsibilities.
240. In addition to a program of security briefings and training that directly
responds to the agencys security risk assessment, agencies are to:
advise clearance holders and their managers of their day-to-day security

responsibilities
advise clearance holders and their managers of their reporting

requirementsfor example:
changes of circumstances, and
suspicious, on-going, unusual or persistent contacts.
provide the clearance holder with a briefing and/or training reminding

them of their clearance responsibilities, at least every five years or at
clearance revalidation, whichever is the sooner.
241. Agencies may also need to coordinate additional training/ briefings for
personnel with access to Sensitive Compartmented Information with the
compartment owners.
Managing specific clearance maintenance

requirements
242. Some concerns identified in the clearance process may be mitigated by
applying additional specific clearance maintenance requirements, e.g.
additional periodic drug screening for reformed drug users.
243. Agencies are to:
undertake any additional specific clearance maintenance requirements

agreed to by the sponsoring agency and vetting agency, and
are to report any results including any non-compliance with the additional
requirements, to the vetting agency.
244. Where compliance with additional requirements is not met by the clearance
subject, the vetting agency is to undertake a review for cause into the
clearance subjects ongoing suitability. The resultant action by the vetting
agency may be the variation or withdrawal of a security clearance.
Annual health check

245. Agencies are to annually require:
clearance holders to confirm that they have reported to their agency

security section:
45
all changes of circumstances, and
any suspicious, on-going, unusual or persistent contacts
clearance holders to complete any required security awareness training,

and
managers responsible for personnel to confirm they have reported any

concerns about the clearance holders.
246. Agencies are to report any security concerns they have as to the ongoing
suitability of their clearance subjects to their vetting agency.
247. The annual health check does not replace an agencys ongoing responsibility
for their performance management including code of conduct investigations.
For further information on the annual health check see section 14.1 of the
Personnel security guidelines Agency personnel security responsibilities.
Sharing of information
248. Agencies are to provide vetting agencies with any information about the
suitability of a person to hold a security clearance. This includes but is not
limited to:
negative results of agency specific checks
reportable changes of circumstances
suspicious, on-going, unusual or persistent contacts
incident and investigation results, and
where a breach of the code of conduct has been established or a security

violation proven or personnel management concerns that may call into
question the integrity of the person.
249. Agencies should not use the clearance review process to deal with personnel
management problems (e.g. underperformance). However, if it is likely that
such concerns could afect a persons suitability to hold a clearance, line
managers should notify their agency security section who in turn may notify
the vetting agency.
250. Vetting agencies are to advise sponsoring agencies of any suitability concerns
raised about clearance subjects and any pending or active reviews for cause. In
such cases and based on a risk assessment the sponsoring agency is to,
determine whether to limit or suspend the clearance subjects access to
security classified resources.
Reportable changes of personal circumstances

251. Agencies are to require their clearance holders to advise the agency security
section of any reportable changes in personal circumstances. For further
details on what is a reportable change of circumstance see Personnel security
guidelines Agency personnel security responsibilities.
46
252. Agencies are to also require agency personnel to advise the agency of
changes in personal circumstances of other clearance holders if they have
concerns that may be relevant to a clearance holders suitability.
253. The agency is to then advise the vetting agency of any notified reportable
changes in circumstances.
Contact reporting under the Australian Government

Contact Reporting Scheme
254. Agencies are to require their personnel to report suspicious, on-going, unusual
or persistent contacts with foreign officials and other foreign nationals to their
agency security section.
255. Agencies are to:
collect Contact Reports from their personnel
acknowledge receipt of all reports
assess the reports, and
forward any reports of suspicious, ongoing, unusual or persistent nature to

ASIO Contact Reporting.
256. For further information see Personnel security guidelines Agency personnel
security responsibilities.
Reporting security incidents to vetting agencies and other

appropriate agencies
257. Agencies are to advise the vetting agency of:
any security violations4 attributed to particular security clearance holders

as reasonably practicable, and
the results of any investigations into security breaches attributed to

particular security clearance holders and conduct or incidents that may
indicate a disregard for security by clearance holderse.g. multiple
infringements of agency security policies.
258. Agencies are to consult with the Australian Federal Police (AFP) and/or the
Australian Security Intelligence Organisation (ASIO) in respect of investigations
that may have potentially serious issues.
259. Agencies are to also advise security incidents to:
the Director, Australian Signals Directorate for matters relating to the

Australian Government Information Security Manual (ISM)
the Director-General, Australian Security Intelligence Organisation for

matters relating to national security, and
Security violation a deliberate action that leads, or could lead, to the compromise of official resources; or an
accidental failure that leads to the compromise of CONFIDENTIAL or above material.
47
the heads of any agencies whose people, information or assets may be

afected.
260. Agencies are to withdraw all access to security classified resources for any
person responsible for a security violation as soon as reasonably practicable
after the violation is identified.
261. Agencies should make a risk based decision on whether to remove or restrict
access for personnel directly responsible for security breaches 5 or conduct that
indicates a disregard for security.
262. Agencies should reassess any clearance holders access when an investigation
into a violation or breach is finalised.
263. Agencies are to notify the vetting agency when a breach of the code of
conduct or other disciplinary finding has been made against a clearance
holder, including any cases where a breach is established following the
clearance holders departure from the agency.
264. Agencies are to include security incidents as part of their compliance reporting
requirements detailed in mandatory requirement GOV7.
Change of sponsorship of security clearances

265. Where clearance holders are moving permanently from one agency to another
and require a security clearance for their new role, the gaining agency is to
request a transfer of the clearance sponsorship. Once transferred, the gaining
agency has ongoing responsibility for the clearance maintenance.
266. Gaining agencies are to only sponsor clearances at the level required for the
position the person will be occupyinge.g. the gaining agency will only
sponsor an NV1 clearance for an existing NV2 holder who moves to a position
requiring an NV1 clearance.
267. Agencies should advise the change of agency to the vetting agency.
Personnel on temporary transfer or

secondment
268. Agencies should, in consultation with the persons home agency, make a
determination of whether the clearance sponsorship should stay with the home
agency or be transferred for the duration of the transfer or secondment.
269. Where temporary personnel have been granted a security clearance by a State
or Territory in accordance with the PSPF, the clearance is to be recognised by
the gaining agency for the period of the transfer or secondment. Agencies
should request confirmation of the clearance from the vetting agency that
granted the clearance.
Security breaches an accidental or unintentional failure to observe the requirements for handling official
resources involving material classified up to including PROTECTED
48
Clearance maintenance for personnel on secondment or

temporary assignment
270. Agencies are to agree on the clearance maintenance arrangements before a
secondment or temporary assignment commences.
271. Irrespective of the agreed clearance maintenance arrangements, agencies are
to advise of any identified security concerns that arise during the secondment
or temporary assignment to the home agency. This includes concerns identified
after the secondment or temporary assignment concluded.
Personnel on extended leave

272. Agencies are to have procedures to notify their agency security staf of
personnel planning to go on extended leave. The period will depend on the
agencys risk profile and any specific risks associated with the position.
273. Agencies are to, where possible, resolve any security issues before the leave
is taken.
Clearance maintenance for contractors

274. There are additional risks for the ongoing maintenance and management of
security clearances for contractors.
275. In addition to provisions outlined in Section 9 - Agency responsibilities for
active monitoring of clearance holders, contracts are to contain clearance
maintenance provisions including:
arrangements for dealing with any reportable changes in circumstances

and the reporting and investigation of security incidents or breaches
the requirement for contract staf to protect the agencys information and
assets, and
ongoing security awareness training that includes the contracting

companys responsibility to require contracted staf to:
-
protect the agencys assets and information
report changes in personal circumstances, and
report suspicious, on-going, unusual or persistent contacts.
276. The agency should require the contracting company to inform the agency if an
individual employed by the company is/has:
employed on other concurrent contracts with other agencies or

governments, so that all afected agencies can be advised of any security
concerns and can identify any conflicts of interest
employed on any new contracts
been expelled from an accrediting body
been arrested or is undergoing disciplinary proceedings

49
subject to law enforcement action or criminal legal proceedings, or
been dismissed, has resigned or is on long term leave.
277. The agency should include in the contract:
any standards of behaviour which it also expects employees to observe

relating to code of conduct and the application of protective security
measures, and
provisions for revoking physical and ICT access upon a contracted staf
members exit from the company.
278. For further advice on protective security in contracting see Governance

arrangements Contracting and the Centre for Protection of National
Infrastructure (UK) publication The secure procurement of contracting staff - a
good practice guide for the oil and gas industry .
Clearance sponsorship of contractors that are no longer

actively engaged by an agency
279. Lead agencies are to advise vetting agencies that security clearance
sponsorship has been withdrawn for contractors when they are no longer
actively engaged by that agency.
280. Vetting agencies are to notify any interested parties (other agencies) that the
lead agency has withdrawn sponsorship for the contractor. If the interested
party requires the contractor to hold a security clearance, they will need to
take on sponsorship of that contractor. This includes the responsibilities for
clearance maintenance. For further information see Section 10.1.
50
10. Agency separation actions

PERSEC 9: Agencies must have separation policies and procedures for departing
clearance holders, which includes a requirement to:
inform vetting agencies when a clearance holder leaves agency employment or
contract engagement, and
advise vetting agencies of any security concerns.
Prior to separation
281. Prior to a clearance holders separation an agency is to:
debrief separating personnel who have access to:

-
Australian Government classified resources
codeword information (and advise the agency providing the

codeword information), and/or
caveat information.
remind the clearance holder of their continuing personal obligations under

the Crimes Act, Criminal Code and other relevant legislation, and
obtain formal acknowledgement of that continuing obligation.
282. Agencies are to report any security concerns (non-compliance with the
separation procedures) about departing clearance holders to the vetting
agency and ASIO (Security as defined in the Australian Security Intelligence
Organisation Act 1979(Cth) ), particularly where the clearance holder departs
without having a security debrief.
283. The vetting agency is to place this information on the PSF where it will be
reviewed prior to consideration of any new vetting action.
284. If departing clearance holders do not cooperate with these procedures or are
otherwise assessed to pose a risk to security, the agency is to undertake a risk
assessment and implement mitigations.
On separation
285. On separation of a clearance holder, an agency is to advise the vetting
agency:
that the clearance holder has left, and
of the details, if known, of any other agency or contracted service provider

the clearance holder is transferring to
51
286. Agencies are to forward a copy of a signed recognition of continuing obligation

to the vetting agency.
287. Where employees leave before these actions have been completed, the agency
security advisor is to review the circumstances to ascertain whether there are
any security related concerns.
288. The agency is to report any such concerns to the vetting agency and ASIO.
Separation of contractors
289. Sponsorship of a contractor clearance ceases when the contractor no longer
has a business relationship with the sponsoring agency.
290. An agency should include in their contracts an obligation on the contracting
company to advise the agency when the contractors staf or sub-contractors
with sponsored clearances have ceased to work on the agencys contract.
291. Agencies are to advise the vetting agency when a sponsored contractor no
longer requires a security clearance to access the agencys security classified
resources.
292. Vetting agencies are to advise any other known agencies using the contractor
that the contractors clearance is no longer sponsored by that agency, giving
interested parties the opportunity to assume sponsorship including the
responsibilities for clearance maintenance of the contractor.
52
Annex A: Request for variation of Special

Minister of States Determination 2012/1 for
a Ministers Electorate Officer
293. Under Determination 2012/1, a Ministers Chief of Staf may request a variation
of the security clearance requirement from the Secretary of the AttorneyGenerals Department where:
the person is an electorate officer
the electorate officer is not required to access, and will not come into
contact with, security classified information or resources:
-
above PROTECTED for electorate officers employed by a National

Security Committee of Cabinet (NSC) Minister, or
above SECRET for electorate officers employed by a non-NSC

Minister.
294. The Secretary, Attorney-Generals Department will approve the request to vary
the requirement for a Negative Vetting Level 2 security clearance following a
recommendation by the Portfolio Department that confirms the electorate
officer will not access security classified information or resources above
PROTECTED or SECRET as appropriate (see above).
295. The following security clearance levels are to apply:
Negative Vetting Level 2:

-
electorate officers for NSC Ministers who access security classified

information or resources above PROTECTED, and
electorate officers for Ministers who are not members of the NSC,
and who access security classified information or resources at TOP
SECRET.
Negative Vetting Level 1:

-
electorate officers for Ministers who are not members of the NSC,
and who access security classified information or resources at
CONFIDENTIAL and/or SECRET.
Baseline:
-
electorate officers who access official information and security

classified information or resources up to and including PROTECTED.
53
Request for variation of Special Minister of States Determination

2012/1
for a Ministers Electorate Officer
All staf employed by Ministers, including Parliamentary Secretaries, employed under Part III of the
Members of Parliament (Staff) Act 1984 are required to be security cleared to Negative Vetting
Level 2 unless:
the staf member:
- is an electorate officer, and
- does not require access to, and will not be exposed to, security classified material
the Ministers Chief of Staf requests an exemption, and certifies the electorate officer will not
access classified material
the Ministers Portfolio Department endorsed the request for variation, AND
the variation is approved by the Secretary of the Attorney-Generals Department
Ministers Chief of Staf request for variation
Name of electorate officer
I certify that
name
is an electorate officerMinisters
for
and is not required to access, and will not come into contact with, TOP SECRET security classified
material. I request a variation of the requirement for the above electorate officer to hold a Negative
Vetting
Level 2 security clearance.
Name of Chief of Staf
Date
Signature
/
Forward request to the Agency Security Adviser of the Portfolio Department

Portfolio Department endorsement of request
Name of Portfolio Department
I endorse the request to vary the requirement for a Negative Vetting Level 2 security clearance for
the above mentioned electorate officer. I confirm he/she will not have access to TOP SECRET
material, and may have access to or come in contact with security classified material:
At or below PROTECTED
AT CONFIDENTIAL OR SECRET
(Tick whichever is applicable)
Name and position of endorsing officer
Signature
Date
Send to: Protective Security Policy Branch, Attorney-Generals Department,3-5

National Circuit, BARTON ACT 2600
Approval of request
As the delegate for Secretary, Attorney-Generals Department, I vary the requirement for the
above mentioned electorate officer to be security cleared to Negative Vetting Level 2, subject to
them undergoing:
Baseline
Negative Vetting Level 1
Variation not approved - Negative Vetting Level 2 required

Date
Signature
Name and position of approving officer
Send to: Ministerial and Parliamentary Services, Department of Finance and

Deregulation, Parkes Place, PARKES ACT 2600
54

Personnel Security Management Protocol

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Personnel Security Management Protocol

Transféré par

Droits d'auteur :

Formats disponibles

Australian Government Personnel

Commonwealth of Australia 2013

Dissemination limiting marking

Date of next review

Protective Security Policy Section

Version 2.0 approved 1 September 2014

Status and applicability

Terms used in this Protocol

Agency responsibilities in personnel security 4

Sharing personal information

Components of personnel security

Identifying personnel security risk

Personnel security risk review

Recommended employment screening 10

Agency-specific employment screening checks

Recording results of employment and additional agency specific

Ongoing suitability for employment

Security awareness, training and education

Monitoring, evaluating and recording of ongoing personnel suitability

Agency security clearance requirements

Cooperation in the clearance process

Identifying and recording positions that require a security clearance

Security clearance levels 16

Caveat and codeword access

Contractors requiring security clearances

Australian office holders

Other access arrangements

Eligibility waivers (citizenship and checkable background) 20

Conditions for clearances subject to an eligibility waiver

Locally engaged staf

State or Territory government security clearances

Temporary access to classified information arrangements

Temporary access conditions

Types of temporary access

Short term access 26

Temporary access for MOPS Act staf

Vetting agency responsibilities

Authority to make clearance decisions 28

Confirming eligibility for a security clearance 28

Supplementary checks and inquiries

Vetting agency consultation with sponsoring agencies

Failure to comply with the clearance process 29

Personnel security checks for initial clearances

ASIO Security Assessment

Reviews of security clearances

Reviews for cause 32

ASIO-initiated review of ASIO Security Assessment

Reviews of security clearance processes and outcomes

8.10. Review of clearance decisions

8.11. Transfer of Personal Security Files

8.12. Recognition of clearances 34

8.14. Vetting staf training and qualifications 35

Agency responsibilities for active monitoring of clearance

Security awareness training for clearance holders

Managing specific clearance maintenance requirements

Annual health check

Reportable changes of personal circumstances

Change of sponsorship of security clearances 40

Personnel on temporary transfer or secondment

Personnel on extended leave

Clearance maintenance for contractors 41

Agency separation actions 43

10.1. Prior to separation 43

Annex A: Request for variation of Special Minister of States