List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
Elements describe the essential outcomes
Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section.
1. Implement security plan
1.1 Implement countermeasures and treat security risks.
1.2 Follow and meet timeframes and budgetary requirements.
1.3 Comply with legal, government and organisational policy requirements.
1.4 Document and monitor residual risks.
2. Monitor the risk environment
2.1 Determine and document strategies to monitor the risk environment.
2.2 Monitor security risks, types and sources of threats to detect changing circumstances that may alter risk management priorities.
2.3 Conduct monitoring on a regular basis.
2.4 Monitor organisational changes to identify circumstances where re-examination of the security environment becomes necessary.
2.5 Document and act upon results of monitoring.
3. Evaluate security plan
3.1 Monitor risk treatments to gauge extent and effectiveness of implementation.
3.2 Evaluate treatments against the objectives of the security plan.
3.3 Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work area.
3.4 Identify and address weaknesses in the security plan.
3.5 Review the plan on an ongoing basis, to detect exceptional incidents, breaches, and changes in circumstances.
3.6 Update the plan to reflect current circumstances.
Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least two occasions.
applying legislation, regulations and policies relating to security risk management
auditing in the context of security risk management
communicating with diverse stakeholders involving presentation, listening, questioning, paraphrasing, clarifying, summarising
reading and analysing complex information in standards and security plans
writing reports requiring formal language and structure
representing numerical, graphical and statistical information in diverse formats
Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate.
Operational knowledge of:
public service Acts
Crimes Act 1914 and Criminal Code 1985
Freedom of Information Act 1982
Privacy Act 1988
fraud control policy
protective security policy
Complex knowledge of:
Australian Government Information Security Manual (ISM)
Protective Security Policy Framework
Australian standards, quality assurance and certification requirements
organisationâ€™s strategic objectives and security plan
national strategic objectives
equal employment opportunity, equity and diversity principles
public sector legislation, including WHS and environment, in the context of implementation and monitoring of security risk management plans
Assessment of this unit requires evidence gathered over time in a workplace environment or one that closely resembles normal work practice and replicates the diverse conditions likely to be encountered when implementing risk management plans.
Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors