Enterprise Protective Security

ALL ORGANISATIONS NEED TOOLS TO ALIGN SECURITY SETTINGS WITH THREATS, PROTECTING PEOPLE, INFORMATION, AND ASSETS.

How we can help?

The Australian security landscape is dynamic and rapidly changing. Contemporary threats are posing risks to organisations in a climate where minor security failures can substantially impact their operations and reputation.

It has never been more important for organisations to ensure they have the structures, systems and mechanisms in place to calibrate their enterprise security settings to their risk tolerance and the evolving threat environment.

Our trusted advisers are experts at providing evidence-based security and risk advice, security education, conducting protective security assurance and compliance activities, and developing the systems to identify, assess and manage enterprise protective security risks.

There is no one-size-fits-all approach to protective security – every organisation is unique and requires solutions calibrated to their specific needs, operating context and resources.

Our experts operate with a deep understanding of all major security related legislation, regulations, policies, standards and guidelines including Commonwealth’s Protective Security Policy Framework, the Security of Critical Infrastructure (SOCI) Act, Critical infrastructure risk management program Rules, ISO 22316:2017 (Security and resilience), ISO 28001:2007 (Supply Chain Security) to name a few.

EPS Service Offerings

Enterprise Security Risk, Governance & Systems

Enterprise security risk assessment and evaluation

Systems for integrated organisational security management

Board and Executive level security governance and reporting

Security Assurance

Supply chain security and resilience

Regulatory compliance and assurance

Workforce assurance including insider threat management

Technical Assessment & Advisory

Site, event and asset security risk assessment

Threat and vulnerability assessment

Technical Physical Zone reviews

Security in-design for sites and facilities

Assessment of high security and nationally sensitive facilities

Training & Awareness

Skilling of security executives and managers

Developing the capability of organisational security practitoners

Onboarding and initial training of security staff

Our services are summarised and interconnected as illustrated in the following diagram:

Our enterprise protective security advice is consistent with:

Security of Critical Infrastructure Act 2018
Security of Critical Infrastructure (Critical infrastructure risk management program) Rules 2023
Aviation Transport Security Act 2004
Maritime Transport and Offshore Facilities Security Act 2003
Aviation Transport Security Regulations 2005
Maritime Transport and Offshore Facilities Security Regulations 2003
Commonwealth Protective Security Policy Framework 2018
AS ISO 31000:2018 Risk management — Guidelines
ISO 22316:2017 Security and resilience — Organizational resilience — Principles and attributes
AS 4811:2022 Workforce screening
AS 8001 Fraud and corruption control
AS ISO 15489.1 Information and documentation
ISO 28000:2022 Security and resilience — Security management systems — Requirements
ISO 28001:2007 Security management systems for the supply chain — Best practices for implementing supply chain security, assessments and plans — Requirements and guidance
ISO 28002:2011 Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use
ISO/IEC 27036 1:2021 Cybersecurity — Supplier relationships — Part 1: Overview and concepts
ISO/IEC 27036-2:2022 Cybersecurity — Supplier relationships — Part 2: Requirements.
HB 167:2006 Security Risk Management
ISO 22430 [to be released].