DISP
ACCREDITATION
AUSTRALIA
What DISP accreditation means, what it requires, how to achieve it, and how to maintain it — the complete guide for Australian defence suppliers.
WHAT IS DISP ACCREDITATION?
Administered by DISO. Underpinned by the Defence Security Principles Framework (DSPF), Principle 16, Control 16.1.
DISP accreditation is the formal recognition granted by the Defence Industry Security Office (DISO) when an organisation successfully demonstrates that it meets all security requirements of the Defence Industry Security Program at a specified membership level. In practice, the terms "DISP accreditation" and "DISP membership" are used interchangeably across the Australian defence industry.
DISP accreditation is not a one-time certificate. It is a continuous compliance status that must be actively maintained through annual reporting, ongoing security management, and proactive notification of material changes. DISO can suspend or cancel accreditation at any time if compliance obligations are not met — and cancellation immediately disqualifies the organisation from holding Defence contracts that require DISP membership.
The accreditation process is structured around four security domains: personnel security, physical security, information and cyber security, and industrial security. Each domain has specific requirements that scale with the membership level — from Baseline (access to PROTECTED information) through to Positive Vetting (access to the most sensitive national security information).
DISP Accreditation vs Other Security Frameworks
DISP ACCREDITATION REQUIREMENTS BY LEVEL
Requirements scale with the classification level of information accessed. Baseline is the entry point for most defence supply chain work.
- Security Officer (SO) at Baseline clearance
- Facility Security Officer (FSO) at Baseline clearance
- Comprehensive Security Plan covering all 4 domains
- IRAP assessment confirming Essential Eight ML2
- Physical security controls for PROTECTED information
- Security awareness training for all relevant staff
- Annual Security Report (ASR) submitted to DISO
- All Baseline requirements, plus:
- SO and FSO at NV1 clearance level
- Secure Working Area (SWA) configured to DSPF standards
- Enhanced ICT controls for SECRET information
- Cleared personnel for all roles accessing SECRET material
- Enhanced physical security infrastructure
- More detailed Security Plan with SWA-specific procedures
MAINTAINING DISP ACCREDITATION IN AUSTRALIA
Annual Security Report
Submit the ASR to DISO each year. The ASR documents your security posture, any incidents, changes to key personnel, and compliance with DISP obligations across all four domains.
Continuous E8 Compliance
Maintain Essential Eight ML2 (or higher) compliance across all in-scope systems. DISO may conduct Deep Dive Audits at any time to verify your ICT security posture.
Clearance Renewals
AGSVA clearances expire and must be renewed. Track expiry dates for your SO, FSO, and all cleared personnel. A lapsed clearance for a key role can trigger a compliance review.
Material Change Notifications
Notify DISO of any material changes — ownership changes, key personnel changes, new facilities, significant ICT changes, or changes to the scope of Defence work — within required timeframes.
DISP ACCREDITATION — FREQUENTLY ASKED QUESTIONS
5 key questions about DISP accreditation in Australia.
What is DISP accreditation?
DISP accreditation is the formal recognition granted by DISO (Defence Industry Security Office) when an organisation successfully meets all requirements of the Defence Industry Security Program at a specified membership level. It is the outcome of a successful DISP membership application — the terms 'DISP membership' and 'DISP accreditation' are often used interchangeably in the Australian defence industry.
What is the difference between DISP membership and DISP accreditation?
In practice, 'DISP membership' and 'DISP accreditation' refer to the same thing — formal recognition by DISO that an organisation meets DISP security requirements. 'Accreditation' is sometimes used to emphasise the formal assessment and approval process, while 'membership' emphasises the ongoing obligations and relationship with DISO. Both terms describe the same status.
How long does DISP accreditation last?
DISP membership does not have a fixed expiry date, but it is subject to continuous compliance obligations. Members must submit an Annual Security Report (ASR) to DISO each year, maintain their security posture, and notify DISO of material changes. DISO can suspend or cancel membership at any time if compliance obligations are not met.
What are the requirements for DISP accreditation at Baseline level?
Baseline DISP accreditation requires: a cleared Security Officer (SO) and Facility Security Officer (FSO) at Baseline clearance level; a comprehensive Security Plan covering all four security domains; an IRAP assessment confirming Essential Eight Maturity Level 2 compliance; physical security controls meeting DSPF requirements for PROTECTED information; and evidence of security awareness training for all relevant personnel.
Can DISP accreditation be revoked?
Yes. DISO can suspend or cancel DISP membership if an organisation fails to submit its Annual Security Report, experiences a significant security incident, undergoes a material change in ownership or key personnel without notifying DISO, or is found to be non-compliant with DISP requirements during a Deep Dive Audit. Cancellation immediately disqualifies the organisation from holding Defence contracts requiring DISP membership.
ACHIEVE DISP
ACCREDITATION
FIRST ATTEMPT.
Book a free DISP Readiness Assessment. We'll identify your gaps, scope the work, and give you a structured path to first-attempt DISP accreditation.