Security Assurance

Organisational assurance around security and threat is essential to maintaining ongoing business. This includes attention to threat vector management, ensuring workforce integrity and undergirding supplier and contractor resilience.

Providence helps organisations uplift and assure their security management through:

Enabling supply chain security

Assurance also involves consideration of our suppliers and contracted workforce. Your supply chain is only as strong as its weakest link. We take a holistic and coordinated action to mitigate the security risks and overcome future challenges to your supply chain. Supply chain security centers on the identification, assessment, and management of risk from human sources that create security risks to the supply chain including:

  • opportunistic criminals
  • unintentional and malicious insiders
  • organised criminal entities
  • transnational criminal groups
  • issue-motivated groups.
  • The risks generated from such sources can occur anywhere in an entity’s supply chain including:

  • exporters operations
  • customs brokerage
  • freight forwarding operations
  • shipping agents
  • third party logistics
  • local warehousing
  • onforwarding agents.
  • Managing supply chain security risk requires a security risk assessment to assess the intentions and capabilities of human-based threats as they relate to an organisation’s supply chain.

    Each organisation and each supply chain are different, therefore, the relevance of threats to those organisations and supply chains will differ.

    We can help you to address the requirements of the SOCI Risk Management Program Rules that firmly fall in the domain of security risk management.

    Workforce assurance including insider threat management

    Providence can help you to establish an in-house insider threat capability to provide ongoing assurance for your people.

    “Insider Threat—the potential for an individual who has or had authorised access to an organisation’s critical assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organisation.” (Carnegie Mellon University, 2022).

    Providence teams with highly credentialed partners to offer insider threat detection capability and options for continuous assessment of entity workforces.

    Applying Providence’s assurance model to your workforce enables your organisation to:

  • Achieve a nuanced and adaptive security culture, leading to improved employee performance, staff diversity and retention.
  • Mitigate the insider threat as part of managing personnel security lifecycle.
  • Establish an adequate organisational response in the event a threat does materialise.
  • People are your biggest critical asset … but may also pose your greatest security risk. Personnel security lies at the very heart of security risk management.

    Providence’s Workforce Security Risk Methodology™ can enable organisations to introduce in-house vetting capability and mitigate insider threat.

    The methodology will equip your organisation to:

  • Match applicant pre-employment checks and suitability                       assessments to the risk profile of an organisation.
  • Conduct tailored individual suitability and personality                             assessments for critical workers.
  • Manage ongoing suitability of critical workers.
  • Establishing a holistic and risk-based insider threat program.
  • Introduce early detection capability to minimise impact.
  • Bolster wellbeing, employee performance, staff retention and             workforce diversity.
  • Design appropriate organisational responses to incidents                     minimising the threat.
  • Understand how loyalty and an organisation’s security culture             can influence insider risk.
  • Regulatory compliance and assurance

    We can help you to achieve and maintain compliance with various statutory, regulatory and voluntary requirements.

    We will support your enterprise in:

  • Identifying your current statutory, regulatory and voluntary obligations and their specific requirements.
  • Conducting an initial internal audit and gap analysis.
  • Assessing your performance against these obligations.
  • Developing strategies and compliance roadmaps.
  • Establishing and documenting compliance policies and procedures.
  • Developing tools for ongoing monitoring, review and improvement of your compliance obligations.
  • Our enterprise protective security advice is also consistent with:

    • Security of Critical Infrastructure Act 2018
    • Security of Critical Infrastructure (Critical infrastructure risk management program) Rules 2023
    • Aviation Transport Security Act 2004
    • Maritime Transport and Offshore Facilities Security Act 2003
    • Aviation Transport Security Regulations 2005
    • Maritime Transport and Offshore Facilities Security Regulations 2003
    • Commonwealth Protective Security Policy Framework 2018
    • AS ISO 31000:2018 Risk management — Guidelines
    • ISO 22316:2017 Security and resilience — Organizational resilience — Principles and attributes
    • AS 4811:2022 Workforce screening
    • AS 8001 Fraud and corruption control
    • AS ISO 15489.1 Information and documentation
    • ISO 28000:2022 Security and resilience — Security management systems — Requirements
    • ISO 28001:2007 Security management systems for the supply chain — Best practices for implementing supply chain security, assessments and plans — Requirements and guidance
    • ISO 28002:2011 Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use
    • ISO/IEC 27036-1:2021 Cybersecurity — Supplier relationships — Part 1: Overview and concepts
    • ISO/IEC 27036-2:2022 Cybersecurity — Supplier relationships — Part 2: Requirements.
    • HB 167:2006 Security Risk Management
    • ISO 22430 [to be released].

    Security Assurance

    Royal Australian Mint (RAMINT)

    Adash Janiszewski

    Chief Executive Officer

    Adash is Providence’s CEO and is responsible to the Providence Board and Providence’s clients for ensuring the timely delivery of outcomes through advice, guidance and mentoring to Providence’s staff.