At Halliday Engineering, we take great pride in the work we do for the Defence industry. The projects are challenging, and we appreciate the opportunity to support national security measures. We’re proud to announce that our business has achieved its accreditation in the Defence Industry Security Program (DISP).The DISP program is open to any Australian business that is looking to become part of the Defence industry supply chain. It helps businesses understand and meet their security obligations.
In all honesty, our DISP accreditation was initially a commercial decision – we believed that membership could lead to us winning more business.
As we went through the process, we began to realise a range of other important benefits. More than simply strengthening our defence tender applications, it helped us strengthen our resilience and improve our procedures.
Here we explore our path to DISP membership and the key changes we had to make. As part of this, we will look at how this uplifted our operations and the functional improvements we have made. We will also share our top tips for other businesses considering beginning the membership process.
The path to DISP membership
Acting as a vetting process for Australian businesses, the DISP is designed to improve the security capabilities of defence partners. It does this through a combination of knowledge building, policy development, process improvement, and system design. It also has a clear focus on increasing protections across five key security risk categories:
- Personnel security
- Physical security
- Cyber security
When we first started the process, we felt that our security measures were already quite robust. While we expected we would need to make some changes, we thought we had a good base to build on. And, most importantly, we knew we had a dedicated and highly skilled team that would make sure we succeeded.
To get a clear picture of the exact work required, we started by assessing our current security arrangements. This helped us identify a few gaps that required action and provided the basis for our new Security Risk Assessment. It also helped inform the development of our new Security Policy and Security Management Procedure.
With this overarching structure in place, we were then able to focus on more tactical activities. This included seeking baseline security clearances for key team members and electing and training dedicated Security Officers (including a Chief Security Officer). We also implemented multi-factor authentication on all our devices, and updated our virus protection and back-up and restore facilities.
It was more complex and time consuming than we initially anticipated. In the end, it took us almost 6 months to work through the different steps and gather the required evidence. We also attended multiple interviews and provided evidence of the controls and measures we had implemented.
The unexpected benefits
DISP membership is more than a simple box ticking exercise. It requires active engagement with crucial security concepts and a genuine commitment to improving and maintaining good security practices.
As a result, the process has delivered a wider range of benefits than we initially anticipated.
Most significantly, we can now tick the “DISP Member” box when preparing tender documents for defence clients. This adds weight to our applications and indicates that we are a safe choice and trustworthy project partner. While this does not guarantee that we will win the work, it puts us ahead of most of our competitors.
At the same time, the process gave us a framework for important internal conversations about protecting our people and property. This was not something we really discussed previously, which potentially left us, and those we worked with, susceptible to attack. Now it is a key watchpoint for our management team and something we actively work on constantly improving.
Moreover, the program provided valuable insight into both minimum standards and industry best practices. This gave us easy actions we could immediately adopt, building on the great work our team was already doing. It also set clear benchmarks, which we have used to guide our longer term strategy and planning.
Our advice to other businesses
If you are considering pursuing DISP membership, make sure you are doing so for the right reasons. If you are looking to quickly generate new business, you are unlikely to get the returns you are after. However, if you are thinking long term and genuinely want to strengthen your organisation, DISP membership could help you achieve your goals.
It is also important to be patient, trust the process, and work through each step carefully and methodically. Cutting corners will only undermine the value you get from the program and create weaknesses in your security practices. As such, you need to do the work and commit to making lasting changes.