Personnel Security (PERSEC) still remains a challenge for DISP Members.
The Defence Industry Security Program normally requires a security clearance at some level to work on defence projects and get access to sensitive information – but not at Entry Level.
We have discussed some of the existing deficiencies relating to AS4811 here.
As it is so low level, there are a lot of other standards and requirements that you should also consider:
AS4811 Suitability Screening: The objective is to ensure the integrity, identity and credentials and to provide assurance that they are worthy of trust.
ISO/IEC 27001:2013 A.7.1 – To ensure that employees and contractors are suitable for the roles for which they are considered. “When an individual is hired for a specific information security role, organisations should make sure the candidate can be trusted to take on the role.”
ISM P10: “Only trusted and vetted personnel are granted access to systems, applications and data repositories” and Security Control 0434 “Personnel undergo appropriate employment screening, and where necessary hold an appropriate security clearance, before being granted access to a system and its resources.”
AGSVA Clearances: A security clearance is the official status given to someone that has been checked and vetted for the eligibility and suitability to access and work with security classified resources. It gives access to certain the know how & know why information, with the higher the clearance corresponding with higher national security sensitivity. Whether your candidate is eligible and suitable to hold a security clearance is only determined after certain levels of assessments and background checks. These assessments are done to ensure that people entrusted with access to security classified information or resources are trustworthy.
As a DISP Member or aspiring DISP Member, here is some guidance:
As a part of the new DISP overhaul, a DISP member can sponsor their own workforce’s AGSVA security clearances (and Level 1 & above).
Although this is a ground breaking step in the right direction, it also means for the very first time in history, personnel security responsibilities fall directly onto the 3,000 SMEs to be responsible for the ongoing suitability of the 50,000+ security clearances! For an industry that may never have done this before, this is profound shift which will require expertise and rapid maturity.
Here are the two most common questions we hear about security clearances:
1. How can our candidates can get a security clearance?
A security clearance can only be processed through www.agsva.gov.au via DOSD. An individual cannot sponsor a clearance personally. The DISP Member’s (Governance Level 1-3) Security Officer will be nominates people for clearances against a specific project and uses their own DSAP – designated security assessed position in their Security Register. Talk to us if you are aspiring for a higher level.
2. How long does it take to get a security clearance?
It varies. Depending on the type of clearance required and traceability of the individual’s history it may take 10 weeks or if complex, years. That is a lot of employment risk if you are going in blind. Officially, AGSVA states the below:
The far right column above only starts ticking when the CS e-pack submission has been accepted as correct (AGSVA note that 50% of packages are rejected and need to be returned to the clearance subject for re-submission).
So in reality give yourself: Baseline 2.5 months, NV1 4.5 months, NV2 6 months, PV 11 months.
Due to the risk and time delays and the process itself your legal team may want the employment contract condition to include the terms – “Subject to a security clearance being obtained and retained through ASGVA.”
THEN … fingers crossed that your candidate/applicant/recruit is non-complex. If they are, then this will blow out your timeframes five-fold.
The ANAO table above indicates that the higher the clearance type, the higher the risk of the clearance subject not getting a clearance. The stats are clear: Not everyone can get a national security clearance. So a DISP company is blind to the risks and may have to wait months and months before they get an outcome so that the employee to start work. Compound that with the new ANAO report that states that there is a 20%-25% probability that the candidate will never start employment with the DISP company.
What can the security team and/or HR do to make sure that the candidate they choose will be able to get through the national security vetting process smoothly and without delays?
Two things. #1. Many delays can be avoided by “pre-vetting” candidates in away that anticipates a national security clearance outcome before it begins. This cannot be accomplished with a police check or an ID check. It needs to be a suitability assessment, completed by official and qualified vetting officers – at the right level. We know of only one group offering this service in Australia. This pre-vetting suitability assessment can be done inside the recruitment process. #2. The second thing you can now do (which has never been offered in Australia before until now) is to add a facilitation service that sponsors/initiates the clearance on your behalf and then guides the applicant through the e-pack submission and the official vetting assessment – no matter now complex the person’s background is. It can be a very stressful time for everyone concerned and there can be murky waters navigating through a national security clearance process. Having a fellow DISP Member and vetting experts and a security-officer by your side and on your side will help. When granted, you have the option of re-assignment or for us to maintain it on your behalf.
By using a facilitation service, DISP companies have the peace of mind and confidence that it has reduced the risk of an adverse or unfavourable AGSVA decision and reduced the likelihood of an abandoned clearance application. This also stops the company from having to start the recruitment process from scratch.
“It is important that all organisations in the Defence sector adequately screen their personnel, regardless of DISP. The guidance in the protective security documentation and the Australia Standards should help companies with reviewing recruitments and mitigating against issues in seeking Commonwealth security clearances. Different companies have different levels of experience in security, and some indeed may benefit from a suitability assessment service as promoted by Cleard Life.”
Andrew Dowse AO
Director, Defence Research and Engagement (Edith Cowan University)
Former Head of ICT Operations and Strategic J6 (Department of Defence of Australia)
Former Director-General, Integrated Capability Development and Capability Plans (Department of Defence of Australia)
Former Director-General, Strategy and Planning (Royal Australian Air Force)
1. Ask about about our Cleard Plus facilitation program that ‘speeds up‘ and ‘smooths out‘ the official AGSVA security clearance process.
2. We can also assist you with a 4811 Bundle that certifies your workforce for DISP compliance:
Talk to us about your DISP-related personnel security issues. Contact us today for a confidential discussion on 02-6171-4171.
DISP Members should also review these:
Post Script considerations:
Clearance Subjects – we recommend that you:
- Disclose all relevant and required information.
- Cooperate in the collection of personal documentation and corroborating evidence.
- Answer questions fully and honestly and
- Provide accurate information and personal documentation.
Usually it is only Australian citizens with a verifiable background that are eligible for an Australian government security clearance. One will be asked to provide evidence of Australian Citizenship details. Additionally, people who have stayed more than 12 months outside of Australia must be verified from independent and reliable sources. These background checks are done inside the vetting process.
Some Clearance Subjects are expected to be assessed as suitable to obtain and maintain the highest-level clearance: a Positive Vetting (PV) security clearance. Minimum mandatory check list for a PV clearance to establish person’s suitability include:
- Verification of identity
- Background checks
- Financial probity checks
- Referee checks
- Digital footprint checks
- Psychological Assessment
- Security Interview
To consider whether the Clearance Subject is suitable to hold a security clearance, at any level, they need to possess and demonstrate an appropriate level of integrity and are not vulnerable to influence or coercion. The specific character traits are: