Skip to main content

The Australian Government is currently following caretaker conventions until the results of the 2025 election are announced. No election-related material will be available on this website. For more information about the election, please visit the relevant minister’s or party's websites.

Significant security incident reporting

The PSPF policy: Reporting on security requires entities to report significant or reportable security incidents to the relevant authority or affected entity. This includes reporting to the Department of Home Affairs as significant security incidents arise.

The PSPF defines a significant security incident as a deliberate, negligent or reckless action that leads, or could lead, to the loss, damage, compromise, corruption or disclosure of official resources.

The Chief Security Officer is responsible for managing the entity's response to security-related crises, incidents and emergencies in accordance with the entity's security incident and investigation procedures, and establishing monitoring mechanisms across the entity (refer PSPF policy: Management structures and responsibilities – Investigating, responding to and reporting on security incidents). This includes determining when a security incident is considered significant and therefore reportable.