The PSPF's primary goal is to protect national interests by maintaining the confidentiality, integrity, and availability of government assets. We support PSPF maturity assessments, annual reporting, ICT system authorisation, and governance advisory for Commonwealth entities and organisations delivering services to government.
PSPF reporting requirements are demanding. Preparing your annual security report and demonstrating maturity improvement across all domains requires structured effort.
The PSPF spans six domains — Governance, Risk, Technology, Information, Physical, and Personnel. Understanding what's required across each — and your maturity level — is complex.
You're expected to demonstrate year-on-year improvement in your PSPF maturity. Without a structured plan, it's difficult to show measurable progress.
Assessment of your current maturity against PSPF core and supporting requirements across all applicable domains.
Focused assessment of your information security posture against PSPF technology requirements.
Preparation of your annual PSPF security report with clear maturity ratings and improvement plans.
Identification of maturity gaps with a prioritised roadmap for year-on-year improvement.
Support for developing and maintaining security policies that align with PSPF requirements.
Authorisation of ICT systems is a PSPF requirement, with the ISM providing the specific documents and process used to support authorisation. We help you assemble the System Security Plan, operating procedures, and assessment evidence required to authorise systems defensibly.
You have direct PSPF reporting obligations and need structured support to assess, improve, and report on your security maturity.
Your Commonwealth clients expect PSPF-aligned security practices. We help you demonstrate alignment and meet contractual security requirements.
PSPF and ISM work together. If you're already managing ISM compliance, we help you extend that effort to cover PSPF governance and reporting.
Federal department
Delivered an Essential Eight maturity review across a multi-system environment using ACSC verification methodology. Followed with continuous assurance aligned to PSPF reporting and ASD survey cycles, maintaining visibility of control effectiveness between formal assessments.
Federal agency
Delivered executive and board-ready cyber governance papers, stood up a Foreign Ownership Control and Influence process, and supported system accreditation activities across a shared-services environment — so the agency walked into its next review with defensible answers.
Federal agency
Scoped, assessed, and reported on three distinct SRAs within one assessment cycle, covering an integration platform, supplier uplift, and public-facing services.
The PSPF is the overarching protective security framework for Commonwealth entities, covering six domains — Governance, Risk, Technology, Information, Physical, and Personnel. The ISM provides the detailed technical controls for information security and underpins the authorisation of ICT systems (a PSPF requirement). They work together — PSPF sets the policy, ISM provides the implementation detail.
It depends on your entity type and risk profile. Commonwealth entities have direct obligations. Service providers may need to demonstrate alignment with specific domains depending on their contracts. We help you determine exactly what applies.
Yes. We support the full annual reporting process — from maturity assessment through to report preparation. We help you present an accurate picture of your posture and a credible improvement plan.
For an annual PSPF report we typically need 4-8 weeks of preparation. A full PSPF maturity uplift runs longer and is scoped alongside your existing cyber program to avoid duplicate effort.
PSPF work is scoped and priced per entity. We'll give you a firm range after an initial conversation so the investment is predictable and aligned to your reporting cycle.
Internal teams often know their environment but not the specific evidence formats PSPF reviewers look for. We've written and reviewed PSPF board papers for federal agencies — we know what lands and what gets rejected.