Becoming a member of the DISP program is a process that will help your company develop best practice security. To help progress your application in a timely manner we suggest following our key steps to apply.

Before submitting a DISP application:

On receipt of your application, a processing officer will be assigned to assess your application in line with the eligibility and suitability criteria. As part of this process, you will be asked to participate in two assurance activities - an entry assessment to ensure your business meets the requirements of the DISP membership levels for which you applied, and a cyber assessment to assess the cyber maturity of your ICT system.

Included in this will be a check to ensure you have the required governance documents in place:

  • Security Risk/Incidents Register
  • Annual Security Awareness Course (including Insider threat training)
  • Security Policies and Plans
  • Designated Security Assessed Positions (DSAP) list or equivalent
  • Employment Policy (AS-4811 required)
  • Classified Document Register (if required)
  • Cyber Security Questionnaire
  • ICT Action Plan.

If during the assessment phase we identify any further requirements or gaps (for example, your Security Officer requires training), your processing officer will work with you to help identify and implement solutions.

Timeframes for processing DISP membership vary based on the required level of membership, current level of security maturity and requirements and dependencies on internal Defence resources.

Defence will process DISP applications in the following order, your business:

  1. has a contract with Defence to support an ongoing Defence operation
  2. has a contract with Defence
  3. is planning to tender for a Defence opportunity, or in negotiations for a Defence opportunity
  4. is applying for DISP with no existing relationship with Defence and no immediate tender opportunities.

Expected timeframes are as follows:

Membership level

Member context

Timeframes

Entry Level

Your business has all the required clearances and certifications

2-3 months

Level 1, 2 and 3

Your business has all the required clearances, certifications and accreditations

4-6 months

All levels

Your business does not have all the required clearances, certifications and accreditations

Depends on your business’ level of security maturity

DISP processing is also dependent on internal Defence waiting times in the following areas (please note these timeframes are influenced by demand):

  • Personnel security is dependent on AGSVA processing timeframes.
  • Physical security may be dependent on the availability of Defence Security & Vetting Service (DS&VS) to conduct facilities inspections.
  • ICT and cyber security are dependent on the accreditation of networks by Chief Officer Information Group (CIOG).

There is no direct cost associated with DISP membership (ie. no membership fee), however, there will be costs associated with implementing and maintaining security measures to meet both initial and ongoing DISP membership requirements. These might include, for example, facility certification and accreditation, personnel security clearances, physical security measures.

Businesses should consider these costs in relation to the level of DISP membership required prior to lodging an application.

We will contact you about your membership application once a decision has been made.

You can also contact us, however we do request that before following up an application status you refer to the expected timeframes identified above.

DISP Membership Requirements Checklist - (PDF 187 KB)

Control 16.1 DISP of the Defence Security Principles Framework (PDF 331 KB)

The Security Officer Toolkit on our resources page has a number of templates to support the application process.

logo