Defence supply chain security
End-to-end security guidance for organisations operating within — or entering — the Australian defence supply chain. Navigate DISP requirements, prime contractor obligations, and multi-framework compliance with confidence.
Supply Chain Layers
Compliance Framework
The supply chain security challenges you're facing
Prime contractor requirements cascading down
Your major customer — or potential customer — is demanding Essential Eight ML2, DISP compliance, or security certifications. You're not sure what you need to achieve or what timeline is realistic.
Multiple frameworks, overlapping obligations
You're dealing with DISP requirements, Essential Eight ML2, ISM controls, PSPF guidance, and DSPF principles — all at once. It's unclear how they relate, which apply to you, and where to focus first.
Lack of clarity on what "compliant" means
Your IT provider says you're compliant, but you can't map their reporting to DISP requirements or understand what your actual maturity level is. You need independent verification.
Time pressure from contract deadlines
You have weeks or months before a contract deadline or DISP application is due. You need a realistic assessment fast, and a pragmatic roadmap to get compliant on your timeline.
What's included in Defence Supply Chain Security assessment
Supply Chain Risk Assessment
Identify security risks across your supply chain tiers — prime contractors, subcontractors, and vendors — with a roadmap to manage them.
DISP Requirements Mapping
Clear mapping of Defence Industry Security Program requirements to your current controls. Understand what's needed and what's still missing.
Framework Compliance Gap Analysis
Assess your position against E8 ML2, ISM, PSPF, and DSPF. Identify which frameworks apply and where the critical gaps are.
Remediation Roadmap
Prioritised action plan with effort estimates and sequencing. Know what to do first, second, and third to achieve compliance.
Prime Contractor Reporting Package
Compliance evidence and documentation structured for prime contractor reporting — ready to share with your customer.
Executive Summary for Leadership
Board-ready summary of your security posture, compliance readiness, and investment requirements in business language.
Case study to be inserted here
Who this service is for
Pre-DISP SMEs
Manufacturing and defence suppliers considering DISP application but unsure of requirements, timeline, and readiness. You need clarity and a realistic roadmap.
Prime-Pressured Suppliers
Organisations with contracts from defence primes requiring Essential Eight ML2, DISP compliance, or specific security credentials. You need urgent, focused assessment and fast remediation.
Frequently asked questions
What does DISP compliance actually mean?
DISP compliance spans four security domains: personnel security (vetting), physical security (facility control), cyber security (Essential Eight ML2 + governance), and information security (ISM). It's not just a checkbox — it's a holistic security posture. Our assessment helps you understand what's needed in each domain and how your current controls map to DISP requirements.
How long does a supply chain assessment take?
Typically 4-6 weeks depending on your environment size and how quickly you can provide documentation. We work in parallel where possible — documentation review while you're gathering access credentials, etc. If you have a urgent deadline (12 weeks to contract), we can accelerate to a focused 2-3 week assessment focused on critical gaps.
Do I need Essential Eight ML2 to get into DISP?
E8 ML2 is a core DISP requirement for cyber security. Most organisations also need ISM alignment, PSPF governance, and DSPF principles across all four security domains. Our assessment includes E8 ML2 evaluation as part of the broader DISP readiness picture, and we can scope uplift to close gaps if needed.
What if I'm already DISP-registered — is this still relevant?
Yes. DISP-registered organisations still need to manage compliance across their supply chain tiers — primes, subcontractors, and vendors all have their own obligations. If you're contracting with lower-tier suppliers, this assessment helps you understand what to expect from them and what security requirements to impose.
Can you help implement what you recommend?
Yes — many clients engage us for uplift and implementation support after the initial assessment. We can help close gaps, build documentation, prepare DISP applications, and support CSQ completion. Talk to us about your timeline and budget to scope an implementation plan.