Home / Services / PSPF Compliance
PSPF

Protective Security Policy Framework compliance

Technology domain assessments, PSPF reporting support, and governance advisory for Commonwealth entities and organisations delivering services to government.

Talk to an Adviser See All Services
AGSVA Cleared Team
Canberra-Based
Commonwealth-Experienced

PSPF Maturity

Maturity Assessment

Governance Managed
Information Security Managed
!
Personnel Security Ad Hoc
Physical Security Developing

4 Core Policies

Aligned

Annual Report

Ready

For submission

The challenge

Why PSPF compliance matters

Reporting obligations

PSPF reporting requirements are demanding. Preparing your annual security report and demonstrating maturity improvement across all domains requires structured effort.

Multiple security domains

The PSPF spans governance, information security, personnel security, and physical security. Understanding what's required across each — and your maturity level — is complex.

Maturity improvement pressure

You're expected to demonstrate year-on-year improvement in your PSPF maturity. Without a structured plan, it's difficult to show measurable progress.

What you get

What's included in PSPF Compliance support

PSPF maturity assessment

Assessment of your current maturity against PSPF core and supporting requirements across all applicable domains.

Technology domain assessment

Focused assessment of your information security posture against PSPF technology requirements.

Annual reporting support

Preparation of your annual PSPF security report with clear maturity ratings and improvement plans.

Gap analysis and improvement plan

Identification of maturity gaps with a prioritised roadmap for year-on-year improvement.

Policy and governance advisory

Support for developing and maintaining security policies that align with PSPF requirements.

Case study to be inserted here

Right for you

Who should consider PSPF compliance support

Commonwealth entities

You have direct PSPF reporting obligations and need structured support to assess, improve, and report on your security maturity.

Government service providers

Your Commonwealth clients expect PSPF-aligned security practices. We help you demonstrate alignment and meet contractual security requirements.

Organisations with ISM obligations

PSPF and ISM work together. If you're already managing ISM compliance, we help you extend that effort to cover PSPF governance and reporting.

Complementary services

Related services you might need

Cyber Risk Advisory

Security risk assessments, governance, and board-level reporting.

Learn more

ISM Compliance

Information Security Manual alignment and control assessment.

Learn more

Essential Eight Assessment

The cyber baseline that supports your PSPF information security domain.

Learn more
Common questions

Frequently asked questions

What's the difference between PSPF and ISM?

The PSPF is the overarching protective security framework for Commonwealth entities, covering governance, personnel, physical, and information security. The ISM provides the detailed technical controls for information security. They work together — PSPF sets the policy, ISM provides the implementation detail.

Do we need to comply with all PSPF requirements?

It depends on your entity type and risk profile. Commonwealth entities have direct obligations. Service providers may need to demonstrate alignment with specific domains depending on their contracts. We help you determine exactly what applies.

Can you help with our annual PSPF report?

Yes. We support the full annual reporting process — from maturity assessment through to report preparation. We help you present an accurate picture of your posture and a credible improvement plan.

Get started

Need support with PSPF compliance?

Talk to our team about your PSPF maturity and reporting obligations.

Talk to an Adviser Call (02) 6152 8342

Canberra-based • AGSVA cleared • Commonwealth-experienced