Government & Defence
Security

Government and defence facilities operate under the Protective Security Policy Framework and SCEC requirements. Security advisory needs to navigate these frameworks, produce audit-ready documentation, and deliver outcomes that satisfy both the regulator and the project team.

Where security meets government requirements

Government and defence security operates within prescriptive frameworks where the margin for interpretation is narrow and the consequences of non-compliance are significant.

  • The PSPF establishes mandatory requirements for Australian Government entities across governance, information, personnel, and physical security. Security advisory needs to produce outputs structured to these requirements, not generic risk reports that require translation.
  • SCEC security zone requirements prescribe specific construction standards, access control, and emanation security for facilities handling classified information. The advisory must translate these specifications into design documentation architects and builders can implement without ambiguity.
  • Clearance and compartmentalisation constraints affect how security advisory is conducted: project teams at different clearance levels, compartmented information, and design details that cannot be shared across the full team. Advisory must operate within these constraints while delivering coherent design outcomes.
  • Overly restrictive security creates friction that degrades both productivity and compliance. Personnel find workarounds that introduce greater risk than the original threat. Proportionate design accounts for how people actually use facilities, not just how they should in theory.
  • Procurement documentation must enable capability acquisition, not just describe requirements. Specifications need to support accurate pricing by tenderers, objective evaluation by assessors, and verification of delivered outcomes against documented criteria.

How we work on government and defence projects

  • PSPF-aligned threat and risk assessment

    Threat assessment structured to address the physical security requirements of the PSPF, with risk positions that map directly to the framework's mandatory and discretionary requirements. Outputs formatted for assurance review, with each risk finding linked to a specific PSPF requirement, with treatment options assessed for proportionality and documented for audit. Security risk & threat analysis →

  • SCEC security zone design

    Security zone design compliant with ASIO Technical Notes, delivered by a SCEC Endorsed security consultant. Construction specifications for zone boundaries, access control configurations, emanation security measures, and inspection requirements, all translated into design documentation that the construction team can implement. Security design management →

  • Security systems design

    CCTV, electronic access control, duress, and intruder detection systems designed to meet both PSPF requirements and operational needs. Specifications that address camera placement, field of view, lighting conditions, integration with access control, and alarm monitoring. Written so that systems integrators can deliver without interpretation and the outcome can be verified against documented performance criteria. Security design management →

  • Requirements assurance and safety cases

    Security requirements traced from threat assessment through to design verification, with documented evidence at each stage. For projects requiring safety cases, security inputs structured to integrate with the broader safety assurance framework, demonstrating how security risks are managed alongside safety risks within a unified governance structure. Systems & assurance →

Frequently asked questions

What is the PSPF and who needs to comply?

The PSPF is the Australian Government's protective security policy, establishing mandatory requirements across security governance, information security, personnel security, and physical security. All non-corporate Commonwealth entities must comply; corporate entities are encouraged to adopt it. Compliance requires documented evidence of implementation, not just policy statements. For physical security, entities must assess facility threats, implement proportionate measures, and maintain regularly reviewed security plans.

What does a SCEC Endorsed consultant do?

A SCEC Endorsed consultant is authorised to provide security zone advice for facilities handling classified information, including zone boundary design, construction specifications per ASIO Technical Notes, access control configurations, emanation security, and zone inspection and certification. Core42 holds SCEC Endorsed status, enabling security zone consulting for government and defence facilities handling information at the required classification levels.

How does Core42 handle classified projects?

Core42 operates with appropriate security clearances and maintains secure work practices for classified engagements: compartmentalised information environments, documentation at appropriate classification levels, and project communications per PSPF and agency-specific requirements. Where projects involve personnel at different clearance levels, deliverables are structured so each team member receives only information relevant to their clearance and role.

Need security advisory for a government or defence project?

Whether you need PSPF compliance, SCEC security zone design, or threat assessment for a sensitive facility, start with a 30-minute conversation to scope the advisory you need.

Speak to a Principal SCEC Endorsed Services