The Australian National Audit Office (ANAO) has found major shortcomings in how the Australian Defence Force performs security vetting of the large number of firms with which it does business.
In a report released this week, the ANAO found that administration of the Defence Industry Security Program (DISP) does not enable Defence to gain assurance that the program is actually effective.
“Defence has not established effective arrangements to manage identified non-compliance with contracted DISP requirements,” the ANAO report says.
In particular Defence had not established an appropriate framework to manage non-compliance with contracted DISP requirements with a clear escalation pathway.
It adds, “Where Defence has identified non-compliance with DISP requirements, it has not adopted a risk-based approach to compliance or pursued any of the contractual or other remediation actions available to it under the Defence Security Principles Framework (DSPF).”
DISP is a long-running program which Defence describes as “essentially security vetting for Australian businesses.” DSPF sets out security requirements that businesses must meet to obtain and maintain DISP membership.
That involves a very large number of companies. As at March 2021, Defence reported 16,503 active contracts worth $202 billion for a wide range of goods and services including platforms and sustainment, estate management, IT systems and support, inventory, research and development, and consultancies.
In 2019, the Government announced that DISP membership was open to any company seeking to do business with Defence – not just those with contracts – with the consequence being that there is a substantial backlog in DISP membership applications.
Defence has acknowledged that DISP was only partly effective, but said it was working with industry to do better. In its response to the ANAO, it said it had received positive feedback from industry over its engagement and activities to expand advice and support to industry members applying for DISP membership.
Under the improvement program launched in December 2020, Defence was seeking to accelerate membership processing times. “Defence is confident that it will continue to build on the improvements gained through the first half of 2021, with improved systems, processes and engagement for the DISP,” it said. “Furthermore, the DISP Assurance Program Framework, which was implemented across 2020 and 2021, is helping to practically improve security practices for DISP members.”
Defence said the program periodically checked that DISP members were meeting Defence security standards, and a cooperative uplift component supported industry to improve security resilience when and where needed.