Enterprise Protective Security Services

We advise on and implement the procedures and tools necessary to protect your people, information, and assets.

Contemporary actionable protective security advice enabling decision-makers and security practitioners in government, industry and academia to protect critical assets from human-based sources of harm.

Our trusted advisers are expert at providing security risk assessments, evidenced-based security and risk advice, protective security education and developing security risk management frameworks to manage enterprise protective security in line with the Commonwealth’s Protective Security Policy Framework and the Security of Critical Infrastructure (SOCI) Act 2018.

There is no one-size-fits-all approach to protective security – every organisation is unique and requires solutions tailored to its specific needs, operating context and resources.

Four core elements of protective security:

  • personnel
  • governance
  • information and cyber
  • physical

Enterprise Protective Security Services

Enterprise Security Management Systems

Enterprise Security Management Systems

Click here

Security Risk Assessments

Security Risk Assessments

Click here

Security Risk Governance

Security Risk Governance

Click here

Personnel Security Management Systems

Personnel Security Management Systems

Click here

Insider Threat Program

Insider Threat Program

Click here

Supply Chain Security

Supply Chain Security

Click here

Compliance with regulatory requirements

Compliance with regulatory requirements

Click here

Education and training

Education and training

Click here

Enterprise Security Management Systems

Security management is linked to many aspects of business management.

A formal approach to security management can contribute directly to business capability, reputation and operational/commercial viability of the organisation.

We will support your enterprise to:

  • Assess the operating security environment.
  • Determine if adequate security mitigation is in place to effectively manage security-related risks.
  • Manage performance against statutory, regulatory and voluntary obligations.
  • Align security governance, processes and controls to meet the organisation’s objectives.

Security Risk Assessments

Providence has deep knowledge and expertise in security risk assessments, management and protective security mitigation.

EPS Security Risk Assessments

 

What makes your business unique?

We will support your enterprise to:

  • Integrate security risk management into security management systems.
  • Identify critical assets and critical workers.
  • Identify threats and vulnerabilities.
  • Assess enterprise protective security risks.
  • Develop tailored protective security risk management strategies and frameworks.
  • Enhance security culture.
  • Establish supply chain assurance.

Security Risk Governance

Multi-disciplinary governance can serve as a change agent and promote meaningful security culture uplift.

We will support your enterprise to:

  • Evaluate the existing governance structure.
  • Assess whether it can effectively mitigate security risks.
  • Identify a single, accountable board-level owner of security risk.
  • Review security maturity monitoring.
  • Assess effectiveness of reporting processes or systems.

Personnel Security Management Systems

We believe people are your biggest critical asset … but may also pose your greatest security risk.

Personnel security lies at the very heart of security risk management and hence the protection of critical infrastructure assets.
Our Workforce Security Risk Methodology™ can enable critical infrastructure owners and operators to introduce in-house vetting capability and mitigate insider threat.

WSRM

The Methodology will equip your organisation to:

  • Match applicant pre-employment checks and suitability assessments to the risk profile of an organisation.
  • Conduct tailored individual suitability and personality assessments for critical workers.
  • Manage ongoing suitability of critical workers.
  • Establishing a holistic and risk-based insider threat program.
  • Introduce early detection capability to minimise impact.
  • Bolster wellbeing, employee performance, staff retention and workforce diversity.
  • Design appropriate organisational responses to incidents minimising the threat.
  • Understand how loyalty and an organisation’s security culture can influence insider risk.

Insider Threat Program

Providence can help you to establish an in-house insider threat capability to provide ongoing assurance for your people.

“Insider Threat—the potential for an individual who has or had authorized access to an organization’s critical assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.” (Carnegie Mellon University, 2022).

Providence teams with highly credentialed partners to offer insider threat detection capability and options for continuous assessment of entity workforces.

Insider Threat Program:

Applying Providence’s assurance model to your workforce enables your organisation to:

  • Achieve a nuanced and adaptive security culture, leading to improved employee performance, staff diversity and retention.
  • Mitigate the insider threat as part of managing personnel security lifecycle.
  • Establish an adequate organisational response in the event a threat does materialise.

Supply Chain Security

Your supply chain is only as strong as its weakest link. Take a holistic and coordinated action to mitigate the security risks and overcome future challenges to your supply chain.

Supply chain security centres on the identification, assessment, and management of risk from human sources whose exploitation of the supply chain result from malicious intent.

Human sources that create security risks to the supply chain can include:

  • opportunistic criminals
  • unintentional and malicious insiders
  • organised criminal entities
  • transnational criminal groups
  • issue-motivated groups.

 

The risks generated from such sources can occur anywhere in an entity’s supply chain
including:

  • exporters operations
  • customs brokerage
  • freight forwarding operations
  • shipping agents
  • third party logistics
  • local warehousing
  • onforwarding agents.

 

Managing supply chain security risk requires a security risk assessment to assess the intentions and capabilities of human-based threats as they relate to an organisation’s supply chain.

Each organisation and each supply chain are different, therefore, the relevance of threats to those organisations and supply chains will differ.

We can help you to address the requirements of the SOCI Risk Management Program Rules that firmly fall in the domain of security risk management.

Compliance with regulatory requirements

We can help you to achieve and maintain compliance with various statutory, regulatory and voluntary requirements.

We will support your enterprise in:

  • Identifying your current statutory, regulatory and voluntary obligations and their specific requirements.
  • Conducting an initial internal audit and gap analysis.
  • Assessing your performance against these obligations.
  • Developing strategies and compliance roadmaps.
  • Establishing and documenting compliance policies and procedures.
  • Developing tools for an ongoing monitoring, review and improvement of your compliance obligations.

Education and training

We are passionate about educating protective security practitioners, and the decision-makers who rely on their advice, about risk-based protective security.

Practitioners require the skills and confidence to understand the risk environment, appreciate how threats might interact with assets, analysis of information, and create and communicate intelligence to decision makers.

Industries

We provide services to the following sectors:

Commonwealth and state/territory governments

Critical infrastructure

AUKUS

Transport, Aviation and Maritime

Defence

Academia

Space

Legislation, Policy and Standards

Our enterprise protective security advice is consistent with:

  • Security of Critical Infrastructure Act 2018
  • Security of Critical Infrastructure (Critical infrastructure risk management program) Rules 2023
  • Aviation Transport Security Act 2004
  • Maritime Transport and Offshore Facilities Security Act 2003
  • Aviation Transport Security Regulations 2005
  • Maritime Transport and Offshore Facilities Security Regulations 2003
  • Commonwealth Protective Security Policy Framework 2018
  • AS ISO 31000:2018 Risk management — Guidelines
  • ISO 22316:2017 Security and resilience — Organizational resilience — Principles and attributes
  • AS 4811:2022 Workforce screening
  • AS 8001 Fraud and corruption control
  • AS ISO 15489.1 Information and documentation
  • ISO 28000:2022 Security and resilience — Security management systems — Requirements
  • ISO 28001:2007 Security management systems for the supply chain — Best practices for implementing supply chain security, assessments and plans — Requirements and guidance
  • ISO 28002:2011 Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use
  • ISO/IEC 27036-1:2021 Cybersecurity — Supplier relationships — Part 1: Overview and concepts
  • ISO/IEC 27036-2:2022 Cybersecurity — Supplier relationships — Part 2: Requirements.
  • HB 167:2006 Security Risk Management
  • ISO 22430 [to be released].

Meet the Enterprise Protective Security Team:

Vern Amey

Protective Security Practice Lead

Rick Owens

Senior Consultant

Monique Seaniger

Senior Consultant

Dennis Grubb

Senior Consultant

Case Studies

Department of Home Affairs: Enterprise Security Risk Governance

Department of Agriculture, Water and the Environment: Protective Security Enhancement

Australian Border Force (ABF) – Australian Trusted Trader Programme

Murray-Darling Basin Authority: Revision of Security Risk Events and Risk Register Review

Department of Home Affairs: Security Risk Assessments

The University of Melbourne: Hostile Vehicle Assessment

Security of Critical Infrastructure: Two Metro Hospital Sites

The Australia Electoral Commission: Core Business Risk Security Assessment

Yorke and Northern Local Health Network: Safety and Security

Submarine Systems and Technology Partnerships: Collaboration Framework

Adash Janiszewski

Chief Executive Officer

Adash is Providence’s CEO and is responsible to the Providence Board and Providence’s clients for ensuring the timely delivery of outcomes through advice, guidance and mentoring to Providence’s staff.