Elements and Performance Criteria
- Interpret security policy and legislation
- Legislation impacting on security policy and procedures is identified and analysed.
- The organisation's security policy is analysed in relation to risk identification, security management and security incidents.
- Policy intent is confirmed and existing procedures impacted by the policy are identified and reviewed for consistency with the policy.
- Analyse security-related data
- Data is collected in a timely fashion in accordance with organisational policy and procedures.
- Data is analysed and its integrity confirmed.
- Outcomes and trends are identified that need to be addressed through security procedures.
- Any changes in organisational circumstances are determined and related security procedures are identified.
- Develop procedures
- Intended audience/s for procedures are identified and structure, language style and format are determined in accordance with organisational requirements.
- Security procedures are developed to reflect changes in circumstances.
- Procedures are developed in consultation with security plan developer/s, end users and organisational approval personnel.
- Procedures are structured to take account of workplace diversity and meet organisational requirements.
- Procedures are submitted and approved in accordance with organisational policy and procedures.
- Provide advice on government security matters
- Information and advice on security procedures and related legislation, regulations, standards and guidelines are provided in accordance with organisational procedures.
- Current organisational policies and directions are reflected in advice provided.
- Intended use and consequences of advice are considered, and advice is communicated in a manner that addresses the requirements of stakeholders.
- Any documentation provided is checked to ensure it supports the information and advice given.