Enterprise Protective Security Services

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Enterprise Security Management Systems

Security management is linked to many aspects of business management.

A formal approach to security management can contribute directly to business capability, reputation and operational/commercial viability of the organisation.

We will support your enterprise to:

  • Assess the operating security environment.
  • Determine if adequate security mitigation is in place to effectively manage security-related risks.
  • Manage performance against statutory, regulatory and voluntary obligations.
  • Align security governance, processes and controls to meet the organisation’s objectives.

Security Risk Assessments

Providence has deep knowledge and expertise in security risk assessments, management and protective security mitigation.

EPS Security Risk Assessments


What makes your business unique?

We will support your enterprise to:

  • Integrate security risk management into security management systems.
  • Identify critical assets and critical workers.
  • Identify threats and vulnerabilities.
  • Assess enterprise protective security risks.
  • Develop tailored protective security risk management strategies and frameworks.
  • Enhance security culture.
  • Establish supply chain assurance.

Security Risk Governance

Multi-disciplinary governance can serve as a change agent and promote meaningful security culture uplift.

We will support your enterprise to:

  • Evaluate the existing governance structure.
  • Assess whether it can effectively mitigate security risks.
  • Identify a single, accountable board-level owner of security risk.
  • Review security maturity monitoring.
  • Assess effectiveness of reporting processes or systems.

Critical Infrastructure Risk Management Programs

We can help you to establish a holistic and principles-based SOCI-mandated Risk Management Program tailored to your operating context and resources.

Providence appreciates the context of the SOCI entity’s operations, enables a tailored maturity approach, capitalises on the systems and assets an enterprise has and upskills the entity’s employees.

We will support your enterprise to:

  • Bridge the theoretical-practical gap in program operationalisation.
  • Meet obligations of Security of Critical Infrastructure (SOCI) Act 2018 and the Security of Critical Infrastructure (Critical infrastructure risk management program) Rules.
  • Generate additional benefits to maximise the value of investment in your Risk Management Program.

Personnel Security Management Systems

We believe people are your biggest critical asset … but may also pose your greatest security risk.

Personnel security lies at the very heart of security risk management and hence the protection of critical infrastructure assets.
Our Workforce Security Risk Methodology™ can enable critical infrastructure owners and operators to introduce in-house vetting capability and mitigate insider threat.


The Methodology will equip your organisation to:

  • Match applicant pre-employment checks and suitability assessments to the risk profile of an organisation.
  • Conduct tailored individual suitability and personality assessments for critical workers.
  • Manage ongoing suitability of critical workers.
  • Establishing a holistic and risk-based insider threat program.
  • Introduce early detection capability to minimise impact.
  • Bolster wellbeing, employee performance, staff retention and workforce diversity.
  • Design appropriate organisational responses to incidents minimising the threat.
  • Understand how loyalty and an organisation’s security culture can influence insider risk.

Insider Threat Program

Providence can help you to establish an in-house insider threat capability to provide ongoing assurance for your people.

“Insider Threat—the potential for an individual who has or had authorized access to an organization’s critical assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.” (Carnegie Mellon University, 2022).

Providence teams with highly credentialed partners to offer insider threat detection capability and options for continuous assessment of entity workforces.

Insider Threat Program:

Applying Providence’s assurance model to your workforce enables your organisation to:

  • Achieve a nuanced and adaptive security culture, leading to improved employee performance, staff diversity and retention.
  • Mitigate the insider threat as part of managing personnel security lifecycle.
  • Establish an adequate organisational response in the event a threat does materialise.

Supply Chain Security

Your supply chain is only as strong as its weakest link. Take a holistic and coordinated action to mitigate the security risks and overcome future challenges to your supply chain.

Supply chain security centres on the identification, assessment, and management of risk from human sources whose exploitation of the supply chain result from malicious intent.

Human sources that create security risks to the supply chain can include:

  • opportunistic criminals
  • unintentional and malicious insiders
  • organised criminal entities
  • transnational criminal groups
  • issue-motivated groups.

The risks generated from such sources can occur anywhere in an entity’s supply chain including:

  • exporters operations
  • customs brokerage
  • freight forwarding operations
  • shipping agents
  • third party logistics
  • local warehousing
  • onforwarding agents.

Managing supply chain security risk requires a security risk assessment to assess the intentions and capabilities of human-based threats as they relate to an organisation’s supply chain.

Each organisation and each supply chain are different, therefore, the relevance of threats to those organisations and supply chains will differ.

We can help you to address the requirements of the SOCI Risk Management Program Rules that firmly fall in the domain of security risk management.

Education and training

We are passionate about educating protective security practitioners, and the decision-makers who rely on their advice, about risk-based protective security.

Practitioners require the skills and confidence to understand the risk environment, appreciate how threats might interact with assets, analyse of information, and create and communicate intelligence to decision makers.

Compliance with regulatory requirements

We can help you to achieve and maintain compliance with various statutory, regulatory and voluntary requirements.

We will support your enterprise in:

  • Identifying your current statutory, regulatory and voluntary obligations and their specific requirements.
  • Conducting an initial internal audit and gap analysis.
  • Assessing your performance against these obligations.
  • Developing strategies and compliance roadmaps.
  • Establishing and documenting compliance policies and procedures.
  • Developing tools for an ongoing monitoring, review and improvement of your compliance obligations.

Legislation, Policy and Standards

Our enterprise protective security advice is consistent with:

  • Security of Critical Infrastructure Act 2018
  • Security of Critical Infrastructure (Critical infrastructure risk management program) Rules 2023
  • Aviation Transport Security Act 2004
  • Maritime Transport and Offshore Facilities Security Act 2003
  • Aviation Transport Security Regulations 2005
  • Maritime Transport and Offshore Facilities Security Regulations 2003
  • Commonwealth Protective Security Policy Framework 2018
  • AS ISO 31000:2018 Risk management — Guidelines
  • ISO 22316:2017 Security and resilience — Organizational resilience — Principles and attributes
  • AS 4811:2022 Workforce screening
  • AS 8001 Fraud and corruption control
  • AS ISO 15489.1 Information and documentation
  • ISO 28000:2022 Security and resilience — Security management systems — Requirements
  • ISO 28001:2007 Security management systems for the supply chain — Best practices for implementing supply chain security, assessments and plans — Requirements and guidance
  • ISO 28002:2011 Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use
  • ISO/IEC 27036-1:2021 Cybersecurity — Supplier relationships — Part 1: Overview and concepts
  • ISO/IEC 27036-2:2022 Cybersecurity — Supplier relationships — Part 2: Requirements.
  • HB 167:2006 Security Risk Management
  • ISO 22430 [to be released].


We provide services to the following sectors:

Commonwealth and state/territory governments

Critical infrastructure


Transport, Aviation and Maritime




Adash Janiszewski

Chief Executive Officer

Adash is Providence’s CEO and is responsible to the Providence Board and Providence’s clients for ensuring the timely delivery of outcomes through advice, guidance and mentoring to Providence’s staff.