Contact Reporting Guidelines The Australian Government Contact Reporting Scheme



Similar documents
Protective security governance guidelines

SWIMMING AUSTRALIA LIMITED GAMBLING, BETTING AND MATCH FIXING POLICY. Swimming Australia Limited - Gambling, Betting and Match Fixing Policy Page 1

Protective security governance guidelines

Protective security governance guidelines

Physical security management guidelines

AUSTRALIAN SECURITY INTELLIGENCE ORGANISATION

Protective Security Governance Policy. Outlines ANAO protective security arrangements

Fraud and the Government Internal Auditor

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

GLOBAL PORTS INVESTMENTS PLC

Records Authority. Australian Security Intelligence Organisation

How To Protect Decd Information From Harm

BANKING. Sector Specific AML/CFT Guidance Notes. May 2015

IRAP Policy and Procedures up to date as of 16 September 2014.

Acceptable Usage Policy

Review of an SMSF audit engagement questionnaire

Privacy Charter. Protecting Your Privacy

Specific recommendations

INFRAGARD.ORG. Portland FBI. Unclassified 1

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Statutory Disclosure Guidance. Second edition August 2015

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

2010THE LEGISLATIVE ASSEMBLY FOR THEAUSTRALIAN CAPITAL TERRITORY. WORKPLACE PRIVACY BILL 2010EXPLANATORY STATEMENT Circulated by Amanda Bresnan MLA

Risk & Compliance Committee Charter. HCF Life Insurance Company Pty Ltd (ACN ) (the Company )

Queensland State Emergency Service Operations Doctrine

BBC. Anti-Bribery Policy. June 2011

National Surface Transport Security Strategy. September Transport and Infrastructure Senior Officials Committee. Transport Security Committee

Protective security governance guidelines

IT Security Handbook. Incident Response and Management: Targeted Collection of Electronic Data

Anti-Bribery and Corruption Policy

CONTROL DOCUMENTATION for CAT II/IIA

Document 12. Open Awards Malpractice and Maladministration Policy and Procedures

Act of 20 March 1998 No. 10 relating to Protective Security Services (the Security Act)

Who s next after TalkTalk?

Crampton Credit Reporting Policy

PRIVACY POLICY Personal information and sensitive information Information we request from you

DRAFT. Anti-Bribery and Anti-Corruption Policy. Introduction. Scope. 1. Definitions

Information Privacy Policy

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

South Australia Police POSITION INFORMATION DOCUMENT

CRIME PROFILE SERIES ORGANISED CRIME IN PROFESSIONAL SPORT

Example of a Child Protection Policy

RFU REGULATION 17 - ANTI-CORRUPTION AND BETTING

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Belmont 16 Foot Sailing Club. Privacy Policy

Town of Cobleskill Workplace Violence Policy & Procedures

University of Liverpool

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Public Sector Internal Audit Standards

Whistleblower Protection Policy

The faculty of BGSU reaffirms that the following are an accepted part of their responsibilities as teacher-scholars:

UNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public

Internal Audit Standards

ANTI-CORRUPTION (SPORTS BETTING) POLICY. Scottish Target Shooting Federation

All photographers and staff at Success Photography must ensure that:

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Australian Government Information Security Manual CONTROLS

Volunteer Policy & Procedures POLICY AND PROCEDURES MANUAL FOR VOLUNTEERS

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

NATO SECURITY BRIEFING NATO/ATOMAL SECURITY BRIEFING

POLICE CHECKS GUIDANCE NOTE

PRSTS301A Identify technical security requirements

Spear phishing campaign targeting staff to perform wire transfers

Surveillance and Security Systems

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

SUMMARY OF KEY SECTIONS OF THE USA PATRIOT ACT OF 2001 By Richard Horowitz, Esq.

Code of Business Conduct

CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015

Sample Workplace Alcohol and Drugs Policy

SCOTTISH CHILDREN S REPORTER ADMINISTRATION

National Accreditation Scheme

The Sector Skills Council for the Financial Services Industry. National Occupational Standards for the Financial Services Sector.

Consultant Annual DoD Security Refresher

University of Sunderland Business Assurance Information Security Policy

12 FAM 260 COUNTERINTELLIGENCE

Information Governance Strategy & Policy

Board Charter. HCF Life Insurance Company Pty Ltd (ACN ) (the Company )

National Policy on Match-Fixing in Sport

Audit summary of Security of Infrastructure Control Systems for Water and Transport

THE HUMAN COMPONENT OF CYBER SECURITY

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK

Hazard/Incident Recording, Reporting and Investigation

Access Control Policy

NATIONAL STRATEGIC INTELLIGENCE ACT 39 OF 1994

COLLINS FOODS LIMITED (the COMPANY) CODE OF CONDUCT

Physical security management guidelines

Cuban Intelligence Targeting of Academia a

SPEAR PHISHING UNDERSTANDING THE THREAT

Transcription:

Contact Reporting Guidelines The Australian Government Contact Reporting Scheme Version 1.0 Approved September 2010

Contents Introduction... 1 The role of ASIO... 1 Australian Government Contact Reporting Scheme... 2 Threat sources... 2 Reporting Criteria... 3 Reporting procedures... 3 Implementation... 4 Implementation outside Australia... 4 Required contact report information... 5 Contact Report Form... 6 i

Introduction This guide should be read in conjunction with the: Protective Security Policy Framework, and PSPF - Australian Government Personnel Security Protocol. Information provided in these guidelines was provided by the Australian Security Intelligence Organisation (ASIO). The Australian Government has developed a number of mechanisms designed to protect official information from potential compromise because of accidental or deliberate disclosure. A key element in protecting official information is informing Australian Government employees of the risk posed by foreign intelligence services in Australia and overseas. Human intelligence collection is low-risk and a very common form of intelligence gathering. Intelligence services can develop an aggregate picture through low-level collection from a number of sources including government employees. Throughout this document, employees are defined as: people employed by, or representing, the Australian, State or Territory Governments government contractors and their employees, and all others who hold Australian Government security clearances. Small pieces of information they may provide others could form part of an intelligence collection process. Accordingly, employees need to recognise that an innocent conversation or contact (eg. e-mail) with a foreign official can be part of human intelligence gathering. The role of ASIO ASIO is Australia s security intelligence service. Its roles and responsibilities are mandated by the Australian Security Intelligence Organisation Act 1979 (ASIO Act). The ASIO Act specifies ASIO s role as security. This is defined as the protection of Australia, its people and its interests from: espionage sabotage politically motivated violence acts of foreign interference promotion of communal violence attacks on Australia s defence systems, and Australia s territorial and border integrity from serious threats. ASIO s responsibility for security extends geographically beyond Australia. In fulfilling its obligations to protect Australia, ASIO collects, assesses, investigates and disseminates intelligence relevant to security. 1

Australian Government Contact Reporting Scheme ASIO manages the Australian Government Contact Reporting Scheme. Specifically, the Scheme assists ASIO in identifying intelligence or hostile activity directed against Australia and its interests, government employees and contractors, and people who hold an Australian Government security clearance. It also helps identify trends, including: what information is of interest to foreign intelligence services who is interested in it, and the methods the foreign intelligence services are prepared to use to collect the information. ASIO uses this intelligence to assist in the formulation of threat assessment and security intelligence advice. Threat assessments help agencies to understand existing threats to their resources and formulate appropriate counter measures for risk mitigation. Threat sources Foreign intelligence services, foreign officials and politically, commercially or issuemotivated groups and individuals can devote considerable energy and resources into obtaining access to political, economic, scientific, technological, military and other information. This is not limited to classified information. The access sought often includes privileged information, ie. information that is not normally available to the general public. Any compromise may be prejudicial to Australia s national interest. Relationships or contacts often happen when an employee's job requires communication with foreign representatives. Contacts can also occur, but are not limited to, scenarios such as: invitations to attend functions written correspondence sport and recreation activities overseas travel visits to embassies, consulates or involvement with trade missions or other international events membership of international clubs, institutes, professional associations or friendship societies incidental social interaction unsolicited e-mail phone calls including unsolicited phone calls where the caller has obtained the employee s details from a department/company website training or study (eg. language classes) on-line social networking sites, and/or introductions via a third party. The initial overture might be subtle, carefully planned and occur over an extended period of time. It is designed so that the person being cultivated is not aware it is occurring. However there could be indicators that arouse suspicion including: a seemingly innocuous interest in an employee s official, social or personal activities 2

a fascination with some particular aspect of an employee s work, social or personal activities requests for information about other employees who work in the agency a request to meet with the employee away from the work environment introduction to another person who takes a similar interest encouragement to participate in questionable or illegal activity, or offers of hospitality or gifts. Reporting Criteria Employees should complete a contact report when a contact, either official or social, with: embassy or foreign government officials within Australia, or foreign officials or nationals outside Australia seems suspicious, persistent or unusual in any respect, or becomes ongoing. Foreign officials could include trade or business representatives. Additionally, employees should complete a contact report for instances when an individual or group, regardless of nationality, seeks to obtain official information they do not have a need to access in order to fulfil their work function. Reporting procedures If an employee believes he/she has been the subject of contact by a foreign national that meets the reporting criteria, he/she should report the incident to the Agency Security Adviser (ASA). The ASA can provide employees with a Contact Report form. To assist with the accurate recall of events, the employee should complete a written report as soon as possible after the suspected contact has occurred. The ASA is responsible for receiving completed Contact Reports. The ASA should have the appropriate experience and expertise to: analyse reports make a sound judgement about the best course of action, and provide support and advice to the person who has been contacted. See PSPF Governance - Developing a Security Culture. ASAs are encouraged to seek advice from ASIO to assist in determining the best course of action. In certain exceptional circumstances, a contact report may lead to a security or criminal investigation. If the matter is clearly fraud-related, the agency should inform the AFP. Fraud may also involve loss of equipment or technology that may have application to a foreign country, including intellectual property. See PSPF Governance - Protective Security Investigations. Additionally agencies are to report promptly any potentially major security incidents to ASIO independent of the Contact Reporting Scheme. Examples of such incidents include the loss or compromise of security classified or privileged information in any format (eg. hard copy, electronic, verbal) or the loss of equipment or technology. 3

Implementation Agencies security awareness training programs are to ensure employees know about the Scheme and understand their obligations and the reporting arrangements. The Scheme is not intended to restrict legitimate contact between employees and foreign officials. It provides support and encourages information sharing, which benefits the Government employee who has been contacted, and the Australian Government. Agencies are to ensure employees are aware of: the existing threat and threat sources their personal and professional responsibilities the ways that people can be deceived, coerced or pressured into actions harmful to national security or interest the fact that targeting occurs across all levels or ranks of an organisation not just at senior level the fact that most attempts to collect intelligence will be subtle and often appear innocuous the effectiveness of security awareness training in restricting information collection by foreign representatives the need for high standards of personal conduct, and the procedures for contact reporting. Agencies are to identify whether or not they have people working in high risk areas and, if so, provide appropriate briefings. High risk employees include those who: are required to liaise with foreign officials because they have a good proficiency in the native language of the foreign officials are involved in sensitive or priority negotiations or policy work, or work in units which regularly share information with foreign officials. See PSPF Governance - Security awareness training guidelines. ASIO can provide a brief on the Contact Reporting Scheme to agencies. These briefings are arranged through the individual ASA. Implementation outside Australia The Contact Reporting Scheme does not aim to constrain official and social contact with representatives of other governments outside Australia. Rather, it aims to alert employees to the possibility that foreign officials contacting them could have ulterior motives obtaining classified or privileged information to which they have access. Employees performing official duties overseas should be aware that the intelligence and security services in certain countries conduct surveillance of foreign representatives. Employees should contact their ASA prior to travel to ascertain the possible threat from foreign intelligence services and seek appropriate briefings. ASIO can, where relevant, provide a briefing on security situations that individuals may encounter when they perform official duties overseas. This includes advice on document security, physical security, reporting procedures and other security issues. 4

Required contact report information The style and format of contact reports may vary from agency to agency, but the following information should be included: Time, Date indicating if details are approximate Location including address where contact or incident occurred Names, Designations and Nationalities the reporting person s details along with those of all other persons present during the contact Types of Contact may include a combination of social, informal, official business and/or other aspects. All aspects should be indicated Conversation any conversation or discussion may cover a number of subjects. The general topic areas should be described, including personal details disclosed by either party, and Other details such as the circumstances that led to the contact or incident and the factors that made it noteworthy or unusual, should be recorded. A generic Contact Report Form is attached. The person making the report should contact his/her ASA in the first instance for any enquiries regarding the Contact Reporting Scheme or Contact Reporting procedures. 5

Contact Report Form Details of Contact (If space is insufficient, please include an attachment) Time: Date: Location: Means of Contact: In Person Telephone Correspondence Other Contact Initiated By: If Other, please specify: Unit or Firm Rep Foreign Rep Other Topics of Conversation Significant to Security (Or details of incident): If Other, please specify: Names of Persons Present (Include Designations and Nationality): Further Contact (Outline any arrangements made): Reason or Occasion: Business Social Personal Official Incidental Other Other Information (eg Documents provided, undertakings given or received, etc): If Other, please specify: Details of Person Making the Report Signature: (Hard copy only) Printed Name: Designation/Position: Phone #: Date: The completed Contact Report Form should be provided to your Agency Security Adviser. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information