Level 2 DISP Membership
Join established Industry leaders
Complying with Level 2 of the Defence Industry Security Program (DISP) allows companies to store and handle SECRET information, and take part in classified procurement. It shows the company has the required security measures in place to safeguard sensitive data and is dedicated to upholding top security standards.
Trusted by companies Australia wide
Evaluating Level 2 DISP Compliance
The Requirements
To achieve Level 2 DISP compliance, companies must undergo a thorough assessment by the DoD’s Defence Security Authority (DSA). The assessment evaluates the company’s policies, procedures, and systems against strict security requirements. Companies must have physical and IT systems certified by a third party to ensure they meet the strict security requirements for handling of secret information.
DISP Co offer consultancy to prepare companies for the DSA assessment by implementing all requirements and creating the governance, systems and processes required to maintain compliance with DISP Level 2.
Security Clearances for Level 2 DISP
Managing Security Clearances
Upon obtaining Level 2 DISP membership the company Security Officer (SO) will be granted the ability to self-sponsor and manage security clearances up to and including Negative Vetting 1 (NV-1). The Security Officer is required to hold a minimum of Negative Vetting 2 (NV-2) for companies with Level 2 DISP membership.
Companies must also implement a Security Awareness Training Program (SATP) to educate employees on their roles and responsibilities in maintaining security. This includes training on how to properly handle classified information, recognizing potential threats, reporting suspicious activity, and following protocol for accessing secure areas or equipment.
DISP Co offers a Learning Management System (LMS) to clients to assist with their ongoing SATP obligations. Additionally, we offer ongoing DISP maintenance support for the SO and CSO which helps complement internal teams and reduce the workload of senior executives.
Specialist Defence Industry Security Program Consultants
Why choose DISP Consulting Co
Integrity
Objective consultants undertaking our obligation to your interests and objectives at every stage.
Focused
Laser-focused and goal oriented. Our nimble team will keep you on track.
Accountable
Fixed-price, predictable fees with clearly defined deliverables and timelines.
Applicable Industries
Sectors That May Benefit
Level 2 DISP Membership FAQs
Common Questions
Is it helpful to have ISO 27001 for Level 2 DISP Cyber requirements?
Defence accepts a number of internationally recognized standards for DISP Level 2. One of the most broadly applied is ISO 27001/27002, however many managed services providers or internal IT teams may also be working with standards like the ASD Essential 8, NIST or others. DISP Co can advise further during the initial consult as the selection of cyber standard will have significant short and long term implications for your DISP application and organisation more broadly.
Is Defence accreditation of cyber security mandatory?
For Level 2 cyber, Defence requires accreditation of you IT network. Pathways including IRAP assessment are often costly, but depending on internal workflow requirements and commercial opportunities can be justified. Utilizing a standalone device or use of the DPN, DSN or DREAMS may not be practical for every company, but are more affordable solutions.
These decisions do have significant business impact, and are often difficult or costly to reverse once a pathway has been selected. It is important to retain consultants with a deep understanding of DISP to ensure your organisation takes the correct path.
Have another question? Book a free initial consult
Defence industry security program levels
DISP Levels Explained
Gain an understanding of different DISP Membership Levels to determine your organisation’s required compliance level.
Entry Level DISP
Suited to most businesses
We have developed a fixed-price package designed to bring companies into compliance with Entry Level DISP in a short time-frame.
Compliance with Entry Level will grant access to OFFICIAL: Sensitive information.
- Security Officer Selection
- Chief Security Officer Selection
- Gap Analysis: Governance, Personnel, Physical, Cyber
- Action Plan: Diminish capability gaps
- Custom Governance Documentation Provided
- Physical Security Audit
- Insider Threat Awareness Training
- Cyber Implementation Consultancy
- Weekly Progress Meeting: With SO & Stakeholders
- Application Lodgement: Prepare & Lodge of Application
- Interview Preparation: For the SO & CSO
- Response To DoD Recommendations
- Training: SO & CSO Fully Trained on Documentation
- Maintenance: Annual Maintenance Program Developed
- 3 Months Support Included
Level 1 DISP
Additional Inclusions
Compliance with Level 1 DISP requires an expanded scope to meet the department’s additional requirements. Generally the time, complexity and risk factors of implementation are increased. Compliance with Level 1 will grant access to PROTECTED information.
- Everything in Entry Level
- Adjust Deliverables To: Level 1 Requirements
- Additional Questioning in Gap Analysis
- Further Provisions in Governance Documentation
- Additional Cyber Security Policies
- E8 Maturity Level Increased (Cyber)
- Floor plan analysis, FOB & CCTV check
- Action Plan Expanded
Level 2 DISP
Custom Package
Compliance with Level 2 DISP requires considerable expansion of project scope. Compliance with level 2 will grant access to SECRET information. The department has set high standards for Level 2 compliance across all four DISP categories.
Level 2 is suited to organisations deeply embedded in the defence industry or working on highly classified projects.
- Everything in Entry Level, Level 1
- Adjust Deliverables To: Level 1 Requirements
- Mandatory Site Inspection
Level 3 DISP
Custom Package
Compliance with Level 3 DISP requires significant expansion of project scope. Compliance with level 3 will grant access to TOP SECRET information.The department has set the highest standards for Level 3 compliance across all four DISP categories.
Level 3 is suited to organisations involved in the most classified technologies, operations and defence works.
- Everything in Entry Level, Level 1, Level 2
- Adjust Deliverables To: Level 3 Requirements
