XXX000YY Certificate IV in Government Security

Transcription

1 XXX000YY Certificate IV in Government Security XXX000YY Certificate IV in Government Security Description This qualification allows for the attainment of generalist competencies in Security and also specialist stream competencies in Personnel Vetting and Fraud Control. It qualifies individuals who need to apply a broad range of specialised knowledge and skills in specific contexts within the security environment. The generalist qualification covers a broad range of competencies required for working without supervision in a government security area of the public sector. The Personnel Vetting specialist stream covers the competencies required for working without supervision in a personnel security area of the public sector. The Fraud Control specialist stream covers the competencies required to prevent and detect fraud. No licensing, legislative or certification requirements apply to this qualification at the time of publication. Electives may be drawn from this and other training packages to reflect the work context and career plans of the individual. Electives should reflect the responsibilities of the individual and the job skills required for effective performance. Additional qualification advice Where a defined specialist stream is completed as listed below, the resultant testamur can be titled: Certificate IV in Government Security (field of study) e.g. Certificate IV in Government Security (Personnel Vetting). Packaging rules A total of 14 units of competency are required for each qualification. Generalist and specialised qualifications can be attained by packaging units of competence as specified below: Generalist stream 3 core units 11 electives 1 unit from Group A at least 7 elective units from Groups B, C and/or D remaining units from any group below or from elsewhere within this training package, or from another endorsed training package, or from an accredited course. Specialist stream 3 core units 11 electives 1 unit from Group A at least 6 elective units from one of the specialist stream Groups B or C. remaining units from any group below or from elsewhere within this training package, or from another endorsed training package, or from an accredited course. All elective units selected from outside this qualification must reflect current job role requirements and the learning outcomes of this AQF qualification level. Seek further advice on selecting imported units of competency in the PSP Implementation Guide [insert hyperlink]. XXX Training Package page 1

2 XXX000YY Certificate IV in Government Security Elective units selected must not duplicate content already covered by other units in this qualification. Core units PSPETH001 PSPLEG002 PSPSEC009 Yet to be streamlined Uphold and support the values and principles of public service Encourage compliance with legislation in the public sector Handle sensitive information Elective units Group A: WHS BSBWHS401A BSBWHS301A Implement and monitor WHS policies, procedures and programs to meet legislative requirements Maintain workplace safety Group B: Personnel Vetting PSPGOV032 PSPGOV033 PSPGOV038 PSPGOV043 PSPREG015 PSPREG019 PSPSEC008 Deal with conflict Use advanced workplace communication strategies Identify and treat risks Apply government processes Gather information through interviews Conduct data analysis Conduct personnel security assessments Group C: Fraud Control PSPCRT007 PSPFRAU401B PSPFRAU407B PSPGOV034 PSPPOL404A PSPREG008 Compile and use official notes Monitor data for indicators of fraud Conduct fraud control awareness sessions Compose complex workplace documents Support policy implementation Assess compliance Group D: General Electives PSPGOV023 PSPGOV026 PSPGOV027 PSPGOV033 Deliver and monitor service to clients Provide input to change processes Gather and analyse information Use advanced workplace communication strategies XXX Training Package page 2

3 XXX000YY Certificate IV in Government Security PSPPCY004 PSPREG002 PSPREG011 PSPREG016 PSPREG018 PSPSEC005 PSPSEC006 PSPSEC007 PSPSEC010 Support policy implementation Conduct an Investigation Produce formal record of interview Undertake inspections and monitoring Receive and validate data Undertake government security risk analysis Implement security risk treatments Develop and advise on government security procedures Provide Government security briefings Qualification mapping Supersedes and equivalent to PSP41612 Certificate IV in Government (Security), PSP41712 Certificate IV in Government (Personnel Security) and PSP40612 Certificate IV in Government (Fraud Control) Insert hyperlink to Companion Volume/s. XXX Training Package page 3

4 PSP51812 Diploma of Government Security PSP51812 Diploma of Government Security Description This qualification covers the competencies required for independent and self-directed work in the public sector as a practitioner in government security management. It qualifies individuals who apply integrated technical and theoretical concepts in a broad range of contexts to undertake advanced skilled duties in a government security environment. No licensing, legislative or certification requirements apply to this qualification at the time of publication. Packaging rules 11 units of competency are required for this qualification: 6 core units 5 elective units - at least 3 electives units from Groups A and/or B - remaining electives from any group below or from elsewhere within this training package, or from another endorsed training package, or from an accredited course. All elective units selected from outside this qualification must reflect the occupational and learning outcomes of this AQF qualification level. Seek further advice on selecting imported units of competency in the PSP Implementation Guide [insert hyperlink]. Elective units selected must not duplicate content already covered by other units in this qualification. Core units PSPETH003 PSPLEG003 PSPSEC011 PSPSEC012 PSPSEC013 PSPSEC014 Yet to be streamlined Promote the values and ethos of public service Promote compliance with legislation in the public sector Assess security risks Develop security risk management plans Implement and monitor security risk management plans Coordinate protective security Group A BSBWHS401A BSBWHS501A Implement and monitor WHS policies, procedures and programs to meet legislative requirements Ensure a safe workplace General elective units PSPGOV504B PSPGOV505A PSPGOV508A Undertake research and analysis Promote diversity Manage conflict XXX Training Package page 1

5 PSP51812 Diploma of Government Security PSPGOV512A PSPGOV517A Use complex workplace communication strategies Coordinate risk management Qualification mapping Summary Mapping of Qualifications PSP12 Version 1.0 to PSP15 Version 1 NE = Not Equivalent E = Equivalent PSP12 V1.0 Code PSP12 V1.0 Title NE PSP15 V1.0 Code PSP15 V1.0 Title PSP51812 Diploma of Government (Security) E PSP51815 Diploma of Government Security Insert hyperlink to Companion Volume/s. XXX Training Package page 2

6 PSPSEC001 Secure government assets PSPSEC001 Secure government assets Application This unit describes the skills required to protect assets and minimise security risks, by implementing asset restrictions and advising third parties of security requirements. This unit applies to those working in a role where security of human and physical assets is a requirement. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to. Those undertaking this unit would generally work independently and as part of a team using support resources as required. They would perform routine tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Protect assets from security threats 2. Implement access restrictions 3. Advise third parties of security requirements 4. Minimise security risk PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Secure assets, control access and regularly check to ensure security. 1.2 Investigate suspicious activity and seek expert advice as required. 2.1 Restrict access to authorised personnel and identify potential threats. 2.2 Identify breaches, take action to deal with the breach and report to appropriate personnel. 3.1 Confirm needs, expectations, attitudes, and current level of knowledge of third parties and advise of organisation's security requirements. 3.2 Identify and manage risks related to possible confrontations. 3.3 Provide current and prompt advice that meets the needs of the parties. 3.4 Obtain feedback to determine the party's level of understanding and provide further information or explanation to clarify requirements if needed. 4.1 Identify changes in circumstance, report to appropriate personnel and complete documentation. 4.2 Take actions to reduce the likelihood of breaches reoccurring XXX Training Package page 1

7 PSPSEC001 Secure government assets in accordance with the organisation s security plan. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning Reading Writing Performance variables Oral communication Numeracy NA Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

8 Assessment Requirements for PSPSEC001 Secure government assets Assessment Requirements for PSPSEC001 Secure government assets Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least 2 occasions: applying legislation, regulations and policies relating to government security management applying analysis and problem solving tailoring communication to the needs of a diverse range of people inside and outside the organisation completing documentation and writing reports Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, regulations, policies, procedures and guidelines relating to government security management standards for management of classified information and assets available sources of expert advice international protocols and treaties impacting on government security management Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when securing government assets. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 3

9 PSPSEC002 Respond to government security incidents PSPSEC002 Respond to government security incidents Application This unit describes the skills required to access and advise on security incidents and plan an incident response within the limits of role and responsibility. This unit applies to those working in a security role where they are expected to identify, manage, finalise and recommend actions if required. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to. Those undertaking this unit would generally work independently and as part of a team using support resources as required. They would perform specified tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Assess and advise on security incidents 2. Plan incident response PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Identify security incident and respond, according to seriousness of the incident according to organisational policy and procedures and incident management plan. 1.2 Conduct preliminary assessment that considers the nature of the breach, level of risk and likely consequences. 1.3 Determine limitations of own expertise and refer to more specialised personnel as required 1.4 Maintain expedited, complete and accurate records relating to the incident. 2.1 Identify, collect and assess evidence to determine risk factor. 2.2 Recommend action appropriate to the level of seriousness of the incident. 2.3 Identify and document changes required in security policy as a result of the incident. 2.4 Advise relevant agencies of the incident in accordance with legislation, government security policies and procedures. 2.5 Prepare a final report incorporating background to the incident, action taken, interview statements, outcomes, summary of findings and recommended action. XXX Training Package page 1

10 Assessment Requirements for PSPSEC002 Respond to government security incidents FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. Assessment Requirements for PSPSEC002 Respond to government security incidents Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least two occasions: applying legislation, regulations and policies relating to government security management undertaking research, analysis, including trend analysis, and problem solving using communication techniques including interviewing, tailored to diverse stakeholder groups planning, carrying out and guiding an investigation recording evidence writing reports and recommendations XXX Training Package page 2

11 Assessment Requirements for PSPSEC002 Respond to government security incidents Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, regulations, policies, procedures and guidelines relating to government security management organisation s security plan Crimes Act 1914 and Criminal Code 1985 powers inferred to investigate security incidents, including limitations referral procedures and appropriate agencies intelligence and analytical processes conduct of administrative, security or criminal investigations Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when responding to security incidents. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. Where there are suggested units for holistic assessment insert the following text: This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 3

12 PSPSEC003 Conduct security awareness sessions PSPSEC003 Conduct security awareness sessions Application This unit describes the skills required to present information/ awareness sessions on government security management. It includes preparation and delivery of presentations and reviewing outcomes. This unit applies to those working in a security environment or other generalist or specialist public sector workplaces in which they are required to conduct presentations on security awareness. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to the conducting of presentations, including WHS. Those undertaking this unit would generally work independently and as part of a team using support resources as required and with occasional supervisory responsibilities. They would perform specified tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Prepare for security awareness presentation 2. Deliver session on security awareness PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Determine intended achievable outcomes of the presentation reflecting the identified needs of participants 1.2 Select and document presentation methods to suit identified outcomes, participants needs, equipment and resources. 1.3 Make provision for participant contribution to the session, based on their experience. 1.4 Validate the content of materials prior to use. 1.5 Include examples of instances and results of non-compliance in presentation materials. 1.6 Prepare information and resources to suit specified objectives, needs of the participants, group size and venue. 1.7 Link the presentation to other elements of the organisations security awareness campaign. 2.1 Facilitate opportunities for discussion of broad conceptual, ethical and legal issues surrounding government security management. 2.2 Explain information, activities and other aspects to participants according to their level of understanding and experience XXX Training Package page 1

13 PSPSEC003 Conduct security awareness sessions 2.3 Use effective and interesting materials and techniques adapted to the participants. 2.4 Generate a positive perspective of the organisation's security management and elicit feedback. 2.5 Use case studies where possible to address urgency and levels of risk in security management. 2.6 Highlight models of excellence in government security management. 3. Review security awareness session outcomes 3.1 Encourage participant feedback on all aspects of the security awareness sessions. 3.2 Review suitability of approach, content and outcomes as a guide for further activities. 3.3 Review own performance against objectives and in response to participants feedback and comments. 3.4 Give advice on possible future activities or amendments to security awareness strategy and programs, including high risk areas for security management. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning Reading Writing Performance variables Oral communication Numeracy NA Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

14 PSPSEC003 Conduct security awareness sessions XXX Training Package page 3

15 Assessment Requirements for PSPSEC003 Conduct security awareness sessions Assessment Requirements for PSPSEC003 Conduct security awareness sessions Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least one occasion: delivering presentations to provide security awareness information to improve security management skills and raise the level of security alertness of less experienced members of staff tailoring sessions to the needs of adult learners explaining complex concepts and formal documents such as legislation, standards and codes of conduct using a range of communication styles to suit different audiences and purposes mentoring culturally and linguistically diverse staff to maximise security awareness designing and having input into awareness sessions delivered by specialists incorporating feedback from attendees into future session design and delivery applying occupational health and safety and environmental procedures in the context of delivering security awareness sessions Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, policies, guidelines and processes relating to government security management international treaties and protocols cross-jurisdictional protocols organisational structure and core business organisational strategic objectives related to security management national strategic objectives relating to government security management adult learning principles and audience requirements security constraints public sector values and codes of conduct anti-discrimination and diversity legislation legislation, policies and procedures relating to presentations including WHS and environment Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when conducting security awareness sessions. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. XXX Training Package page 4

16 Assessment Requirements for PSPSEC003 Conduct security awareness sessions Where there are suggested units for holistic assessment insert the following text: This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 5

17 PSPSEC004 Undertake information technology security audits PSPSEC004 Undertake information technology security audits Application This unit describes the skills required to plan and conduct an information technology security audit and report on security findings. This unit applies to those working in a role where they have responsibilities under the organisation's security plan. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to. Those undertaking this unit would generally work independently and as part of a team using support resources as required. They would perform specified tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Plan security audit 2. Conduct security audit 3. Report on security findings PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Identify the scope and objectives of the audit and prepare an audit plan to meet the objectives. 1.2 Identify the organisation s information systems to be included in the audit plan. 1.3 Advise appropriate personnel of the audit plan and its requirements. 1.4 Identify and prioritise possible sources of security risk and prepare an audit checklist. 2.1 Identify and analyse systems, procedures, records and documents. 2.2 Conduct audit in accordance with the audit plan. 2.3 Record audit activities in accordance with the checklist and organisational requirements. 2.4 Identify and refer situations requiring specialist input or referral to other areas 3.1 Maintain audit records and prepare audit reports. 3.2 Produce report with background and scope of the audit, outcomes and recommendations Use language and style to suit the audience and in line with XXX Training Package page 1

18 PSPSEC004 Undertake information technology security audits organisational requirements for accuracy and timeliness. 3.4 Support recommendations with evidence and highlight actions identifying person/s responsible for implementation. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning Reading Writing Performance variables Oral communication Numeracy NA Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

19 Assessment Requirements for PSPSEC004 Undertake information technology security audits Assessment Requirements for PSPSEC004 Undertake information technology security audits Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least two occasions: applying legislation, regulations and policies relating to information technology security audits and government security management gathering, analysing and recording data using computer applications to undertake security audits managing risk in the context of government security management engaging in discussion involving exchanges of complex information responding to diversity using written communication for ongoing and final reporting reading complex and formal documents such as legislation and other documents using information technology for preparing written documents and reports requiring formality of language and style applying procedures relating to WHS and environment in the context of information technology security audits Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, regulations, policies, procedures and guidelines relating to information technology security audits operational knowledge of policies and procedures in regard to use of information technology systems organisation s security plan information technology systems and architecture use and maintenance of hardware and software systems Australian Audit Standards aspects of criminal law and administrative law relating to the outcomes of compliance audits protocols for reporting fraud, corruption, maladministration and security breaches fundamental ethical principles in the handling of documents and information, natural justice, procedural fairness, respect for persons and responsible care Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when undertaking IT security audits. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. XXX Training Package page 3

20 Assessment Requirements for PSPSEC004 Undertake information technology security audits This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 4

21 PSPSEC005 Undertake government security risk analysis PSPSEC005 Undertake government security risk analysis Application This unit describes the skills required to analyse risk against an organisation's operational environment. It includes establishing the security risk context and compiling a security risk register by identifying, analysing and evaluating risk against a security plan. This unit applies to those working at an operational level, in specialist or generalist roles across all areas within an organisation. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to the security plan. Those undertaking this unit would generally work independently and as part of a team using support resources as required. They would perform complex tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Establish security risk context 2. Identify security risk 3. Analyse security risk PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Confirm strategic and organisational contexts and identify stakeholders and their expectations. 1.2 Identify current and relevant security risk criteria from the security plan. 1.3 Obtain information and resources to conduct the risk analysis. 2.1 Identify and record potential sources of security risk from the perspective of all stakeholders. 2.2 Use specified methodology and tools to identify risks in accordance with the security plan. 2.3 Consult stakeholders during the risk identification process to finalise a list of risks. 3.1 Identify threat assessments, current exposure and current security arrangements in accordance with the security plan to estimate the likelihood of each risk event occurring. 3.2 Determine potential consequences of each risk in accordance with the security plan, including critical lead time for recovery. 3.3 Determine, document and communicate risk ratings and include a rationale for each. XXX Training Package page 1

22 PSPSEC005 Undertake government security risk analysis 4. Evaluate security risk 5. Compile security risk register 4.1 Assess risks against the organisation s security risk criteria. 4.2 Prioritise risks for treatment in accordance with the security plan. 4.3 Monitor risks in accordance with the security plan until treatment measures have been implemented. 5.1 Develop a security risk register that records identified risks, their nature and source. 5.2 Identify the consequences and likelihood of risks, and the adequacy of existing controls in the register. 5.3 Record risk ratings for identified risks in register. 5.4 Compile and maintain the security risk register to reflect changes in circumstances. 5.5 Refer risk register to management for decisions on action and treatment of risks. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

23 Assessment Requirements for PSPSEC005 Undertake government security risk analysis Assessment Requirements for PSPSEC005 Undertake government security risk analysis Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least two occasions: applying legislation, regulations and policies relating to government security management analysing the organisation s security plan researching and critically analysing the operational environment and drawing conclusions using effective communication with diverse stakeholders involving listening, questioning, paraphrasing, clarifying, summarising writing formal and highly complex reports using computer technology representing mathematical information in a range of formats applying procedures relating to occupational health and safety and environment in the context of government security management Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, regulations, policies, procedures and guidelines relating to government security management including WHS Crimes Act 1914 and Criminal Code 1985 Freedom of Information Act 1982 Privacy Act 1988 fraud control and protective security policies Australian Government Information Security Manual (ISM) Protective Security Policy Framework risk analysis terminology and techniques the organisation s security plan the organisation s assets and security environment risk management: principles and guidelines AS/NZS ISO 31000:2009 Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when undertaking security risk analysis. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. XXX Training Package page 3

24 Assessment Requirements for PSPSEC005 Undertake government security risk analysis Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 4

25 PSPSEC006 Implement security risk treatments PSPSEC006 Implement security risk treatments Application This unit describes the skills required to confirm risk decisions, identify risk treatments, implement countermeasures and monitor and review the security risk management process. This unit applies to those working in a security role where they will be required to confirm, identify, implement and review risk. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to the security plan. Those undertaking this unit would generally work independently and as part of a team using support resources as required. They would perform complex tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Confirm risk decisions 2. Identify risk treatments 3. Implement countermeasure PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Confirm management decisions determining acceptable and unacceptable levels of risks. 1.2 Note and monitor low level risks accepted by the organisation, to detect changed circumstances. 1.3 Refer unacceptable high-level risks for development of formal management plans. 1.4 Note for treatment all major or significant risks determined as unacceptable. 2.1 treatments are consistent with the security plan, are cost effective and address levels and types of risk and the importance of the function or resource at risk. 2.2 Select treatments to reduce the likelihood and/or consequences of the risk. 2.3 Include continuity plans in treatments where appropriate, in accordance with the security plan. 2.4 Document treatments and submit for approval. 3.1 Develop and implement a treatment plan. 3.2 Apply countermeasures in accordance with the implementation XXX Training Package page 1

26 PSPSEC006 Implement security risk treatments s 4. Monitor and review security risk management process strategy detailed in the security plan. 3.3 Implement countermeasures in accordance with timeframe, budgetary requirements and legal requirements. 4.1 Implement strategies to monitor risk environment with monitoring conducted on an ongoing basis. 4.2 Evaluate risk treatments against the objectives of the security plan to ensure these remain effective and necessary. 4.3 Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work/area. 4.4 Convey recommendations for re-examination of security risk or improved risk treatments to the appropriate personnel. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

27 Assessment Requirements for PSPSEC006 Implement security risk treatments Assessment Requirements for PSPSEC006 Implement security risk treatments Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least two occasions: applying legislation, regulations and policies relating to government security management reading and analysing the organisation s security plan observing and critically analysing the application of security risk treatments in an operational environment communicating with diverse stakeholders using computer technology to gather and analyse information, and prepare formal reports representing mathematical information in a range of formats to suit the purpose applying procedures relating to occupational health and safety and environment in the context of government security management Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, regulations, policies, procedures and guidelines relating to government security management including WHS Crimes Act 1914 and Criminal Code 1985 Freedom of Information Act 1982 Privacy Act 1988 fraud control and protective security policies Australian Government Information Security Manual (ISM) Protective Security Policy Framework risk analysis terminology and techniques the organisation s security plan the organisation s assets and security environment risk management: principles and guidelines AS/NZS ISO 31000:2009 Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when implementing security risk treatments. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. XXX Training Package page 3

28 Assessment Requirements for PSPSEC006 Implement security risk treatments Place hyperlinks to Companion Volume/s. XXX Training Package page 4

29 PSPSEC007 Develop and advise on government security procedures PSPSEC007 Develop and advise on government security procedures Application This unit describes the skills required to interpret security policy and legislation, analyse security related data, develop procedures and provide advice on government security matters. This unit applies to those working in the policy development division of the organisation. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to policy development and implementation. Those undertaking this unit would generally work independently and as part of a team using support resources as required. They would perform complex tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Interpret security policy and legislation 2. Analyse security related data 3. Develop procedures PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Identify and analyse legislation impacting on security policy and procedures. 1.2 Analyse the organisation s security policy in relation to risk identification, security management and security incidents. 1.3 Confirm policy intent and identify and review for consistency existing procedures impacted by the policy. 2.1 Collect and analyse data and confirm its integrity 2.2 Identify outcomes and trends that need to be addressed through security procedures. 2.3 Determine any changes in organisational circumstances and identify related security procedures. 3.1 Identify intended audience/s for procedures and determine language style, structure and format accordingly. 3.2 Develop security procedures to reflect changes in circumstances. 3.3 Develop procedures in consultation with security plan developer/s, end users and approval personnel. 3.5 Submit and gain approval for procedures. 4. Provide advice 4.1 Provide information and advice on security procedures and XXX Training Package page 1

30 PSPSEC007 Develop and advise on government security procedures on government security matters related legislation, regulations, standards and guidelines. 4.2 Consider intended use and consequences of advice and communicate in a manner that addresses the requirements of stakeholders. 4.4 Check documentation provided to ensure it supports the information and advice given. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

31 Assessment Requirements for PSPSEC007 Develop and advise on government security procedures Assessment Requirements for PSPSEC007 Develop and advise on government security procedures Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least two occasions: applying legislation, regulations and policies relating to government security management undertaking research and analysis communicating with a diverse range of stakeholders using computer technology and applications writing security procedures applying procedures relating to WHS and environment in the context of government security management Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, regulations, policies, procedures and guidelines relating to government security management organisational policy, procedures and guidelines legislation relating to government operations, privacy, occupational health and safety Crimes Act 1914 and Criminal Code 1985 the organisation s security plan Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when developing security procedures. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 3

32 PSPSEC008 Conduct personnel security assessments PSPSEC008 Conduct personnel security assessments Application This unit describes the skills required to collect, analyse and evaluate personal information, make recommendations on security assessment outcomes and record and report on personnel security assessments. This unit applies to those working in the security sector who are required to make assessments as part of their duties. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to. Those undertaking this unit would generally work independently and as part of a team using support resources as required. They would perform complex tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Collect, analyse and evaluate personal information 2. Make recommendation s on security assessment outcomes PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Collect information from the subject to be assessed in accordance with the purpose of the security assessment. 1.2 Obtain additional information where gaps, anomalies, deficiencies or discrepancies exist in the information provided. 1.3 Corroborate information in accordance with organisational policy and procedures and assess validity and reliability. 1.4 Conduct analysis in accordance with general suitability indicators and security standards. 1.5 Extract and interpret data and record outcomes. 1.6 Conduct assessment process with care and sensitivity to assist subjects to deal with its invasive nature. 2.1 Formulate recommendations that are consistent with the information obtained. 2.2 Convey recommendations according to organisational guidelines and security standards. 2.3 Confirm with the requester of the security assessment and the subject, and where appropriate, the right to seek a review if recommendations are negative. 2.3 Recommend improvements to procedures as part of continuous XXX Training Package page 1

33 PSPSEC008 Conduct personnel security assessments improvement. 3. Record and report on personnel security assessments 3.1 Maintain complete, up to date records 3.2 Prepare reports that are clear, fair and objective and use language suited to the purpose. 3.3 Address urgency and levels of risk in reports. 3.5 Adhere to procedures for storing and managing confidential and sensitive information. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

34 Assessment Requirements for PSPSEC008 Conduct personnel security assessments Assessment Requirements for PSPSEC008 Conduct personnel security assessments Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least two occasions: applying legislation, regulations and policies relating to personnel security assessments undertaking critical analysis, evaluation and deductive reasoning applying problem solving and decision making corroborating information writing reports and recommendations using computer technology managing files responding to diversity Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. public service Acts Crimes Act 1914 and Criminal Code 1985 Freedom of Information Act 1982 Privacy Act 1988 fraud control policy protective security policy Protective Security Policy Framework general suitability indicators international treaties and protocols formats for different types of reports risk assessment management of secure information WHS and environment in the context of personnel security assessments Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when conducting personnel security assessments. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. XXX Training Package page 3

35 Assessment Requirements for PSPSEC008 Conduct personnel security assessments Place hyperlinks to Companion Volume/s. XXX Training Package page 4

36 PSPSEC009 Handle sensitive information PSPSEC009 Handle sensitive information Application This unit describes the skills required to receive, deal with, maintain and dispose of sensitive information. This unit applies to those working in a security role where they would receive, deal with and maintain sensitive information. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to. Those undertaking this unit would generally work independently, as part of a team and with occasional supervisory responsibilities. They would perform complex tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Receive sensitive information 2. Deal with sensitive information 3. Maintain sensitive information PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Receive and check sensitive information to ensure transmission protocols have been exercised. 1.2 Take action if protocols have not been adhered to. 1.3 Record sensitive information 2.1 Review sensitive information to ensure classification meets the security policy for protection of information. 2.2 Review aggregated sensitive information to ensure that it is classified in accordance with any additional security requirements. 2.3 Check classification requirement to ensure it is warranted, and the level of protection is assigned in accordance with the consequences that might result from any compromise of the information s confidentiality, integrity and availability. 2.4 Contact originators of information responsible for classifying the documents to discuss reclassification or declassification where necessary. 2.5 Transmit sensitive information. 2.6 Obtain expert advice as required. 3.1 Secure and account for sensitive information. 3.2 Dispose of sensitive information in accordance with XXX Training Package page 1

37 PSPSEC009 Handle sensitive information organisational record keeping policies and procedures. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy NA Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

38 Assessment Requirements for PSPSEC009 Handle sensitive information Assessment Requirements for PSPSEC009 Handle sensitive information Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least two occasions: applying legislation, regulations and policies relating to government security management applying security classification systems using analysis and problem solving tailoring communication to the needs of a diverse range of people inside and outside the organisation who classify, transmit or advise on sensitive information responding to diversity undertaking recordkeeping requiring attention to detail, and adherence to standards Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, regulations, policies, procedures and guidelines relating to government security management standards for management of sensitive information classification system for national security and non-national security information procedures for confirming initial security classifications international protocols and treaties impacting on government security management available sources of expert advice procedures relating to WHS and environment in the context of government security management equity and diversity principles Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when handling sensitive information. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 3

39 PSPSEC010 Provide government security briefings PSPSEC010 Provide government security briefings Application This unit describes the skills required to organise and conduct security briefings which may be delivered face to face, via telecommunication means or briefing papers This unit applies to those working in the security sector with some responsibility for determining the need for, and the provision of security briefings. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to. Those undertaking this unit will be working as part of a team or independently where support is available for more complex situations. They will perform complex tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Organise security briefing 2. Conduct security briefing PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Determine the need for a security briefing and select relevant methodology. 1.2 Determine briefing purpose, level, structure and content. 1.3 Prepare a plan for the briefing including participants to be involved and materials required. 2.1 Outline the purpose and structure of the briefing to participants according to the briefing plan. 2.2 Encourage active oral or written participation from participants. 2.3 Convey organisational and legislated government security requirements using language and examples adapted to levels of understanding and diverse needs. 2.4 Check understanding of security requirements and the consequences of non-compliance and provide further information as required. 2.5 Conduct briefing 2.6 Record outcomes and complete a report of the briefing where required. FOUNDATION SKILLS XXX Training Package page 1

40 PSPSEC010 Provide government security briefings The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

41 Assessment Requirements for PSPSEC010 Provide government security briefings Assessment Requirements for PSPSEC010 Provide government security briefings Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. The candidate must demonstrate evidence of performance of the following on at least two occasions: applying legislation, regulations and policies relating to government security management preparing briefing plans communicating one-on-one and in a group with a diverse range of participants tailoring communication to suit the medium, purpose and formality of the briefing and the diversity of experience and needs of the audience providing feedback and encouraging contributions/active participation from participants responding to diversity and applying procedures relating to WHS and environment in the context of government security management Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. legislation, regulations, policies, procedures and guidelines relating to government security management organisational guidelines and procedures for briefings and debriefings requirements of incident-related briefings/debriefings Assessment conditions Assessment of this unit requires a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when providing security briefings. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 3

42 PSPSEC011 Assess security risks PSPSEC011 Assess security risks Application This unit describes the skills required to assess government security risks. It includes establishing the risk context, gathering and analysing information and identifying, analysing, assessing and prioritising risks. This unit applies to those working to develop a security plan, or implementing or following an existing plan. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to assessing security risks. Those undertaking this unit would work independently, initiating support from a range of established and new resources while performing complex tasks in a range of unfamiliar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Establish security risk context 2. Gather and analyse information 3. Identify security risks PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Identify the scope and strategic and organisational contexts of the risk assessment. 1.2 Identify and comply with legislation, policies, procedures and guidelines related to security risk management. 1.3 Identify stakeholders and their expectations and obtain their input. 1.4 Identify security risk criteria in accordance with the organisation s security policy, jurisdictional policies and legislation. 1.5 Develop and obtain endorsement for a risk assessment plan according to organisational priorities. 2.1 Identify sources and gather information 2.2 Review relevant internal and historical information. 2.3 Aggregate and contextualise new information from internal and external sources. 2.4 Identify and address information gaps. 3.1 Determine sources of threat to the organisation s resources and functions. XXX Training Package page 1

43 PSPSEC011 Assess security risks 3.2 Conduct threat assessment against organisational policies, procedures and guidelines and determine risk exposure. 3.3 Use risk assessment techniques which suit the type and level of risk. 3.4 Determine and document risk potential. 4. Analyse security risks 5. Assess and prioritise security risks 4.1 Analyse potential consequences of risks or threats in light of potential damage to agency, including critical lead time for recovery. 4.2 Assess intent, capability and opportunity for each risk or threat to occur, using all available information. 4.3 Analyse current security countermeasures and treatment options to determine areas of vulnerability. 4.4 Determine and document risk ratings in agreed format. 5.1 Consult stakeholders regarding acceptable and unacceptable risk levels. 5.2 Document acceptable and unacceptable levels of risk. 5.3 Compare identified risks with security risk criteria to determine whether they are acceptable or unacceptable. 5.4 Prioritise and document identified risks in accordance with security criteria. 5.5 Document determined residual risks. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 XXX Training Package page 2

44 PSPSEC011 Assess security risks Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 3

45 Assessment Requirements for PSPSEC011 Assess security risks Assessment Requirements for PSPSEC011 Assess security risks Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least 3 occasions: applying legislation, regulations and policies relating to security risk management undertaking risk assessment reading and analysing the complex information in standards and security plans researching and analysing the operational environment and drawing accurate conclusions applying critical analysis, evaluation and deductive reasoning using problem solving and creative thinking in decision making communicating with diverse stakeholders: interviewing, listening, questioning, paraphrasing, clarifying, summarising writing reports requiring formal language and structure using computer technology and modelling to gather and analyse information and prepare reports representing numerical, graphical and statistical information in a range of formats Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. Requires functional knowledge of: public service Acts Crimes Act 1914 and Criminal Code 1985 Freedom of Information Act 1982 Privacy Act 1988 fraud control policy protective security policy Australian Government Information Security Manual (ISM) Protective Security Policy Framework Australian standards, quality assurance and certification requirements Requires comprehensive knowledge of: risk assessment techniques/processes information handling qualitative and quantitative analysis techniques incident reports and statistics asset holdings and recording mechanismsinternational treaties and protocols cross-jurisdictional protocols organisation s strategic objectives national strategic objectives requirements of user groups XXX Training Package page 4

46 Assessment Requirements for PSPSEC011 Assess security risks Assessment conditions Assessment of this unit requires evidence gathered over time in a range of contexts, in a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when assessing security risks. Delete if not applicable and replace with suitable text: This unit contains no specific industrymandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. Where there are suggested units for holistic assessment insert the following text: This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Place hyperlinks to Companion Volume/s. XXX Training Package page 5

47 PSPSEC012 Develop security risk management plans PSPSEC012 Develop security risk management plans Application This unit describes the skills required to treat security risks through the development of a security risk management plan. It includes identifying security countermeasures and developing a plan with schedule for implementing, monitoring and evaluating security strategies. This unit applies to those working in a security role with some responsibility for addressing organisational risk. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to developing risk management plans. Those undertaking this unit would work autonomously occasionally accessing and evaluating support from a broad range of sources. They would perform complex tasks in a range of familiar and unfamiliar contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Identify countermeasures 2. Develop security plan PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Review documented risks and threats and validate management decisions on acceptable and unacceptable risks. 1.2 Determine treatment options and countermeasures consistent with organisational guidelines, to reduce the likelihood of occurrence or consequences of the risk. 1.3 Propose treatments which include continuity plans where appropriate. 1.4 Propose treatments which match the level and type of risk and importance of the function or resource. 1.5 Conduct a cost-benefit analysis to determine cost effective countermeasures. 1.6 Consult stakeholders on the cost-benefit analysis and determine and submit countermeasures for prioritising. 2.1 Prepare a security plan containing explanatory information on the importance of security and the organisation s security objectives in achieving corporate and business objectives. 2.2 Summarise the threat assessments undertaken, current exposure and current protective security arrangements in the XXX Training Package page 1

48 PSPSEC012 Develop security risk management plans plan. 2.3 Outline security strategies for implementing, monitoring and evaluating countermeasures. 2.4 Include timeframes and security budget for implementing countermeasures including assigned responsibilities and methodologies to be used. 2.5 Submit security plan for approval and communicate to stakeholders. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

49 Assessment Requirements for PSPSEC012 Develop security risk management plans Assessment Requirements for PSPSEC012 Develop security risk management plans Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least 2 occasions: applying legislation, regulations and policies relating to security risk management plans using evaluation, deductive reasoning, problem solving and decision making communicating with diverse stakeholders involving presentation, listening, questioning, paraphrasing, clarifying, summarising reading and analysing complex information in standards and security plans writing reports requiring formal language and structure using computer technology to gather and analyse information and prepare reports representing numerical, graphical and statistical information in a range of formats Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. Requires functional knowledge of: Crimes Act 1914 and Criminal Code 1985 Freedom of Information Act 1982 Privacy Act 1988 fraud control policy protective security policy Australian Government Information Security Manual (ISM) Protective Security Policy Framework Australian standards, quality assurance and certification requirements international treaties and protocols Requires comprehensive knowledge of:cross-jurisdictional protocols organisation s strategic objectives national strategic objectives formats for different types of reports cost-benefit analysis techniques equal employment opportunity, equity and diversity principles public sector legislation such as WHS and environment in the context of security risk assessment Assessment conditions Assessment of this unit requires evidence gathered over time in a range of contexts, in a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when developing risk management plans. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. XXX Training Package page 3

50 Assessment Requirements for PSPSEC012 Develop security risk management plans This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 4

51 PSPSEC013 Implement and monitor security risk management plans PSPSEC013 Implement and monitor security risk management plans Application This unit describes the skills required to implement and monitor a security risk management plan. It includes implementing the plan, monitoring the risk environment and evaluating the plan. This unit applies to those working in a security role with some responsibility for addressing organisational risk. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to implementing risk management plans. Those undertaking this unit would work autonomously, occasionally accessing and evaluating support from a broad range of sources, while performing complex tasks in a range of contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Implement security plan 2. Monitor the risk environment 3. Evaluate security plan PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Implement countermeasures and treat security risks in accordance with the security plan. 1.2 Follow and meet timeframes and budgetary requirements. 1.3 Comply with legal, government and organisational policy requirements. 1.4 Document and monitor residual risks. 2.1 Determine and document strategies to monitor the risk environment. 2.2 Monitor security risks, types and sources of threats to detect changing circumstances that may alter risk management priorities. 2.3 Conduct monitoring on a regular basis. 2.4 Monitor organisational changes to identify circumstances where re-examination of the security environment becomes necessary. 2.5 Document and act upon results of monitoring. 3.1 Monitor risk treatments to gauge extent and effectiveness of implementation. 3.2 Evaluate treatments against the objectives of the security plan XXX Training Package page 1

52 PSPSEC013 Implement and monitor security risk management plans to ensure they remain effective and necessary. 3.3 Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work area. 3.4 Identify and address weaknesses in the security plan 3.5 Review the plan on an ongoing basis, to detect exceptional incidents, breaches, and changes in circumstances. 3.6 Update the plan to reflect current circumstances. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

53 Assessment Requirements for PSPSEC013 Implement and monitor security risk management plans Assessment Requirements for PSPSEC013 Implement and monitor security risk management plans Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least 2 occasions: applying legislation, regulations and policies relating to security risk management auditing in the context of security risk management communicating with diverse stakeholders involving presentation, listening, questioning, paraphrasing, clarifying, summarising reading and analysing complex information in standards and security plans writing reports requiring formal language and structure using computer technology to gather and analyse information and prepare reports representing numerical, graphical and statistical information in a range of formats Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. Requires functional knowledge of: public service Acts Crimes Act 1914 and Criminal Code 1985 Freedom of Information Act 1982 Privacy Act 1988 fraud control policy protective security policy Requires comprehensive knowledge of: Australian Government Information Security Manual (ISM) Protective Security Policy Framework Australian standards, quality assurance and certification requirements organisation s strategic objectives and security plan national strategic objectives security constraints equal employment opportunity, equity and diversity principles public sector legislation such as WHS and environment in the context of implementation and monitoring of security risk management plans Assessment conditions Assessment of this unit requires evidence gathered over time in a range of contexts, in a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when implementing risk management plans. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. XXX Training Package page 3

54 Assessment Requirements for PSPSEC013 Implement and monitor security risk management plans This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 4

55 PSPSEC014 Coordinate protective security PSPSEC014 Coordinate protective security Application This unit describes the skills required to perform an organisation s ongoing protective security function through implementing security procedures and systems. It includes providing advice and support to others, monitoring and coordinating security, and liaising with specialist security services. This unit applies to those with day-to-day responsibility for an organisation s protective security function. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to security and privacy legislation and security standards when coordinating protective security. Those undertaking this unit would work autonomously, occasionally accessing support from a range of sources, while performing complex tasks in a range of contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Provide security advice and support 2. Coordinate and monitor security PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Assist management to analyse the security environment and plan to counter potential threats. 1.2 Advise management on physical and procedural security measures in accordance with organisational circumstances. 1.3 Assist in development of the organisation s security policy and procedures in consultation with management and staff. 1.4 Promote self as the first point of contact for security concerns and queries within the organisation, in accordance with organisational requirements for communications. 1.5 Advise on security matters in accordance with legislation and security standards. 2.1 Develop and implement protective security arrangements in conjunction with senior management to create and maintain a secure environment for official information and resources. 2.2 Coordinate devolved security measures to ensure organisational standards are maintained consistently and costeffectively. 2.3 Monitor organisational security procedures and systems and XXX Training Package page 1

56 PSPSEC014 Coordinate protective security audit as required by the organisation s security policy and plan. 2.4 Monitor the awareness of employees and contractors in terms of their security responsibilities and obligations, take action or make recommendation to address any gaps. 2.5 Review incident reports and assess implications for security risk, procedures and awareness training. 3. Access security specialists 3.1 Coordinate contact between the organisation and external security authorities/organisations 3.2 Seek advice, technical assistance, learning and development from specialist security organisations to ensure compliance with jurisdictional and organisational security policies, procedures and standards. 3.3 Report or refer incidents and other security issues to government security authorities FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

57 Assessment Requirements for PSPSEC014 Coordinate protective security Assessment Requirements for PSPSEC014 Coordinate protective security Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least 3 occasions: applying legislation, regulations and policies relating to the coordination of protective security reading and analysing complex documents such as legislation, regulations and standards in the context of protective security researching and critically analysing the operational environment and drawing conclusions using communication with diverse stakeholders involving listening, questioning, paraphrasing, clarifying and summarising, to provide advice and support writing reports and recommendations requiring formal language and structure using computer technology to gather and analyse information and prepare reports Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. Requires functional knowledge of: public service Acts Crimes Act 1914 and Criminal Code 1985 Freedom of Information Act 1982 Privacy Act 1988 fraud control policy protective security policy the organisation s functions, assets and security environment Australian standards, quality assurance and certification requirements AS/NZS ISO 31000:2009 risk management principles and guidelines equal employment opportunity, equity and diversity principles public sector legislation such as WHS and environment in the context of coordinating protective security Assessment conditions Assessment of this unit requires evidence gathered over time in a range of contexts, in a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when coordinating protective security. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. XXX Training Package page 3

58 Assessment Requirements for PSPSEC014 Coordinate protective security Place hyperlinks to Companion Volume/s. XXX Training Package page 4

59 PSPSEC015 Protect security classified information PSPSEC015 Protect security classified information Application This unit describes the skills required to provide guidance and advice on classifying information and improving security measures to ensure the protection of official information. This unit applies to those whose roles involve advice and guidance to senior managers and staff on security matters and to determine clearances. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to protecting security classified information. Those undertaking this unit would work autonomously, occasionally accessing support from a broad range of sources, while performing complex tasks in a range of contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Advise on security classified information 2. Improve information security PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Convey the need to know principle to staff and contractors and explain its relationship to security clearance levels to protect official information. 1.2 Provide guidance on types of information requiring security classification and the range of classification levels available in accordance with security standards. 1.3 Advise on determining the necessity for security clearances and the level of access required in different situations. 1.4 Advise on the eligibility and suitability of applicants for security clearances. 1.5 Provide guidance on other security measures to protect security classified information. 2.1 Encourage recipients of security classified information to challenge any security classification they believe to be unnecessary or inaccurate. 2.2 Contact originators of security classified information to discuss reclassification or declassification of information. 2.3 Advise senior management on the organisation's performance against government standards for the protection of security classified information. XXX Training Package page 1

60 PSPSEC015 Protect security classified information 2.4 Recommend improvements to information security measures. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy NA Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

61 Assessment Requirements for PSPSEC015 Protect security classified information Assessment Requirements for PSPSEC015 Protect security classified information Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least 3 occasions: applying legislation, regulations and policies relating to protection of security classified information reading and analysing complex documents such as legislation, regulations and standards in the context of information security researching and critically analysing the operational environment and drawing conclusions using communication with diverse stakeholders involving listening, questioning, paraphrasing, clarifying and summarising providing advice and support Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. Requires functional knowledge of: public service Acts Crimes Act 1914 and Criminal Code 1985 Freedom of Information Act 1982 Privacy Act 1988 Requires comprehensive knowledge of: fraud control policy protective security policy Australian Government Information Security Manual (ISM) Protective Security Policy Framework standards for the management of security classified information government information classification system international protocols and treaties the organisation s security environment Australian standards, quality assurance and certification requirements AS/NZS ISO 31000:2009 risk management principles and guidelines equal employment opportunity, equity and diversity principles public sector legislation such as WHS and environment in the context of protecting security classified information Assessment conditions Assessment of this unit requires evidence gathered over time in a range of contexts, in a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when protecting security classified information. XXX Training Package page 3

62 Assessment Requirements for PSPSEC015 Protect security classified information This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 4

63 PSPSEC016 Communicate security awareness PSPSEC016 Communicate security awareness Application This unit describes the skills required to promote security issues to improve government security management. It includes planning and designing awareness-raising activities, promoting security management and developing and nurturing cooperative client relationships. This unit applies to those whose roles include promoting and conducting security awareness activities and evaluating their success. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to ethical and security management standards, guidelines and codes of conduct when communicating security awareness. Those undertaking this unit would normally work independently, initiating support from a range of established resources, while performing complex tasks in a range of contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Plan security awareness activities 2. Design security awareness activities PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Determine need for activities and consult clients and staff to establish priorities in the organisation s security plan 1.2 Initiate, gather and assess ideas for new or improved activities, taking into account the human, financial and physical resources required. 1.3 Obtain approval for security awareness activities in accordance with organisational guidelines. 2.1 Establish formal and informal networks of targeted individuals and groups and regularly use these as communication channels. 2.2 Incorporate precedents in security management into awareness activities. 2.3 Design and produce information presentations and support materials as required. 2.4 Create awareness activities based on the organisation s corporate objectives, core business, culture and an understanding of its client base. XXX Training Package page 1

64 PSPSEC016 Communicate security awareness 3. Promote government security management 4. Develop and nurture cooperative client relationships 5. Conduct security management activities 6. Evaluate success of awareness raising activities 3.1 Prepare and disseminate information relating to incidents and effects of non-compliance according to requirements. 3.2 Develop and present information to promote government security management and meet the needs of a diverse audience. 4.1 Establish and document expectations of clients and contractors. 4.2 Anticipate opportunities, in consultation with work colleagues and managers, for establishing contacts and networks with external and internal clients. 4.3 Monitor and inform clients of changes in organisational focus which may affect organisation client relationships. 4.4 Obtain feedback on organisational activities and report outcomes. 4.5 Facilitate stakeholder understanding of organisation s security management philosophy, policy and procedures. 4.6 Advise clients when and how to modify their practices to meet organisational standards as required. 5.1 Implement security management activities using adult learning methodologies and within existing resource and time constraints. 5.2 Identify intended outcomes based on expectations of the target audience. 5.3 Adapt and refine activities as indicated by audience engagement and responses. 6.1 Evaluate security awareness activities against predetermined objectives. 6.2 Document results of evaluation and use as basis for planning future activities. 6.3 Identify and act upon opportunities for new security awareness activities as required. 6.4 Obtain evidence of status or changes in the type and level of security breaches as a result of activities. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Oral communication Numeracy XXX Training Package page 2

65 PSPSEC016 Communicate security awareness Performance variables Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 3

66 Assessment Requirements for PSPSEC016 Communicate security awareness Assessment Requirements for PSPSEC016 Communicate security awareness Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least 3 occasions: designing security management activities developing and maintaining client relationships tailoring activity sessions to the needs of adult learners and a variety of audiences managing time effectively to plan and facilitate security management activities within existing resource and time constraints delivering oral presentations explaining complex concepts and formal documents such as legislation, standards and codes of conduct using a range of communication styles to suit different audiences and purposes Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. Requires functional knowledge of: agency structure and core business activities security and how it relates to the specific functions and activities of the organisation, together with an understanding of ethical standards required by the organisation of its staff and contractors and suppliers national strategic objectives relating to government security management jurisdictional security requirements and strategic objectives cross-jurisdictional protocols international treaties and protocols the organisation s security risk management methodology security risk factors in the organisation identified instances of security breaches adult learning principles audience requirements anti-discrimination and diversity legislation legislation, policies and procedures relating to conduct of security management activities including WHS and environment Assessment conditions Assessment of this unit requires evidence gathered over time in a range of contexts, in a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when communicating security awareness. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. XXX Training Package page 4

67 Assessment Requirements for PSPSEC016 Communicate security awareness Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 5

68 PSPSEC017 Establish information system security framework PSPSEC017 Establish information system security framework Application This unit describes the skills required to identify and establish the information system security framework for an organisation or a business unit at functional level. It includes determining the organisational context, determining principal areas of risk, determining system requirements and establishing the security framework. This unit applies to those with organisation-wide responsibility for defining systems and procedures which impact on organisational security. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to defining information systems for security. Those undertaking this unit would work autonomously while frequently accessing and evaluating support from a broad range of sources. They would perform highly sophisticated tasks in a broad range of contexts with frequent specialisation in one or more contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Establish the organisational context 2. Determine the principal areas of risk requiring information strategy PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Identify and document legislative and regulatory requirements for the organisation. 1.2 Analyse legislation for any information management security implications and document outcomes. 1.3 Review organisational purpose and function for compliance requirements. 1.4 Analyse broad social context in which the organisation operates to determine community expectations. 2.1 Review and update existing risk analyses. 2.2 Review and document regulatory requirements and legal liabilities for their impact on the information systems framework. 2.3 Determine and document risks and liabilities to be managed by information systems, informing the development of the framework. 3. Determine the 3.1 Analyse risks, liabilities and regulatory requirements against XXX Training Package page 1

69 PSPSEC017 Establish information system security framework information system requirements for each business function 4. Establish information systems framework for organisation 5. Obtain approval for framework each business function. 3.2 Document and communicate identified requirements for each business function as evidence to be captured as records. 3.3 Formulate information system specifications from the evidence requirements. 3.4 Determine information security requirements for each business function. 3.5 Determine specifications for information systems security measures consistent with government guidelines and standards. 4.1 Develop and communicate an overview of responsibilities for information management within the organisation. 4.2 Define responsibilities and authorities in relation to regulatory requirements in accordance with jurisdictional and organisational standards. 4.3 Define information management responsibilities and rights for each business function. 4.4 Integrate identified risks and liabilities managed by information systems with the definition of responsibilities for each function. 4.5 Define, assign and document levels of accountability and responsibility within the framework for each function. 4.6 Formulate and document security procedures for information systems. 5.1 Communicate completed and documented framework for review and endorsement 5.2 Establish review process and assign appropriate persons with maintaining the currency of the organisation s information systems framework. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. XXX Training Package page 2

70 PSPSEC017 Establish information system security framework RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 3

71 Assessment Requirements for PSPSEC017 Define information systems framework Assessment Requirements for PSPSEC017 Define information systems framework Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least 3 occasions: applying legislation, regulations and policies relating to government information systems security analysing process functions and problems preparing, compiling and writing complex documents and reports communicating complex relationships and processes effectively to users and management documenting complex relationships and processes identifying and viewing component parts as integral elements of the whole system using tools and techniques to solve problems reading and interpreting mathematical concepts and values embedded in specifications and complex technical documentation analysing and interpreting legal, regulatory and security requirements and organisation policies and procedures analysing and synthesising documentation, verbally delivered information, and observed behaviours consulting with diverse stakeholders to elicit relevant information for analysis Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. Requires functional knowledge of: legislation, regulations, policies, procedures and guidelines relating to government information system security equal employment opportunity, equity and diversity principles public sector legislation such as WHS and environment in the context of government information systems security sources of information about jurisdictional requirements for information systems equal employment opportunity, equity and diversity principles public sector legislation such as WHS and environment in the context of government information systems security Requires comprehensive knowledge of:functions and structures in the organisation policies and strategies that apply across the jurisdiction information management principles and processes information security requirements Assessment conditions Assessment of this unit requires evidence gathered over time in a range of contexts, in a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when defining information systems. XXX Training Package page 4

72 Assessment Requirements for PSPSEC017 Define information systems framework This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 5

73 PSPSEC018 Manage security awareness PSPSEC018 Manage security awareness Application This unit describes the skills required to promote and disseminate the organisation s approach to security management to internal and external clients and the broader community. This unit applies to those whose roles include disseminating strategy and championing security awareness both inside and outside the organisation. The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to managing security awareness. Those undertaking this unit would work autonomously, frequently accessing and evaluating support from a broad range of sources. They would perform highly sophisticated tasks in a broad range of contexts with frequent specialisation in one or more contexts. No licensing, legislative or certification requirements apply to unit at the time of publication. Prerequisites Competency field Unit sector ELEMENTS Elements describe the essential outcomes 1. Disseminate security policy 2. Champion security awareness PERFORMANCE CRITERIA Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. 1.1 Raise the profile of security management to indicate its fundamental importance within the organisation. 1.2 Articulate security standards for the organisation in a manner suited to the level and experience of staff. 1.3 Explain ways in which the security policy and plan contribute to the achievement of organisational corporate goals. 1.4 Communicate roles and responsibilities of key people in the organisation regarding implementation of security measures. 1.5 Present and disseminate information to meet the needs of diverse audiences. 2.1 Lead and motivate others in promoting the role of security processes as integral to effective management practices. 2.2 Use methods to champion security awareness based on an indepth understanding of the organisation s culture and structure and the nature of both internal and external clients. 2.3 Establish a positive tone within the organisation regarding security, by engendering trust and confidence in security measures. 2.4 Establish guidelines for the creation of formal and informal XXX Training Package page 1

74 PSPSEC018 Manage security awareness networks and to nurture cooperative and ethical client relationships. 3. Market security management inside and outside the organisation 3.1 Identify and assess potential activities to promote security and its importance to the overall objectives of the organisation in relation to the current security policy and plan. 3.2 Coordinate implementation of activities with management and key stakeholders. 3.3 Encourage shared ownership of security processes through ongoing consultation and information sharing. 3.4 Organise promotional activities to raise stakeholder awareness of both the ethical and financial aspects of security and to endorse the concept and practice of security management. 3.5 Monitor trends in order to ensure currency of the organisation s security measures. FOUNDATION SKILLS The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit. ACSF levels indicative of performance : Learning NA Reading Writing Performance variables Oral communication Numeracy Support Context Text complexity Task complexity Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website. RANGE OF CONDITIONS (optional) Examples may include: example list 1: example list 2 example list 3 Unit mapping Specify code and title of any equivalent unit/s. If none, insert the following sentence: No equivalent unit. Insert hyperlinks to Companion Volume/s if applicable. XXX Training Package page 2

75 Assessment Requirements for PSPSEC018 Manage security awareness Assessment Requirements for PSPSEC018 Manage security awareness Performance evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least 3 occasions: applying leadership synthesising and articulating broader policy issues using a range of communication, negotiation and presentation styles to suit different audiences and purposes reading and interpreting mathematical concepts and values embedded in complex information monitoring trends and providing solutions Knowledge evidence Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate and/or the AQF level of the qualification being undertaken. Requires functional knowledge of: organisational change practices public sector legislation, policies and procedures including anti-discrimination and diversity legislation, WHS and environment in the context of security management Requires comprehensive knowledge of: corporate plan and strategic directions of the organisation structure and core business activities of the organisation organisation s security policy and plans external expectations placed on the organisation by external stakeholders such as government the incorporation of constraints imposed by the culture of the organisation and operational factors into security management issues and practices Assessment conditions Assessment of this unit requires evidence gathered over time in a range of contexts, in a workplace environment or one that closely resembles normal work practice and replicates the range of conditions likely to be encountered when managing security awareness. This unit contains no specific industry-mandated assessment conditions. Guidance on suggested and recommended conditions and methods can be found in the Implementation Guide. This unit has been identified by industry as suitable for holistic assessment. Refer to advice in the PSP Companion Volume. Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors. Place hyperlinks to Companion Volume/s. XXX Training Package page 3