Skip to main content
Empire | Defence Industries
Empire | Defence Industries
Defence Industry services

DISP Frequently Asked Questions

Comprehensive Guide to DISP Accreditation, Compliance, and Obligations

The Defence Industry Security Program (DISP) is a critical accreditation framework administered by the Australian Department of Defence. This page answers the most commonly asked questions about DISP accreditation, eligibility, compliance requirements, and how your business can prepare for successful certification.

Whether you are a defence contractor, SME, or service provider working with sensitive or classified information, understanding DISP is essential for participation in Defence and national security supply chains.

General Information

What is DISP?

The Defence Industry Security Program (DISP) is designed to help organisations meet security requirements when working on Defence-related contracts or accessing Defence assets, information, or infrastructure.

It covers four key security pillars:

  • Governance

  • Personnel Security

  • Physical Security

  • Information and Cyber Security

Read more about DISP →

Who is required to be DISP accredited?

DISP accreditation is strongly recommended or contractually required for organisations that:

  • Access or manage classified or sensitive Defence information

  • Provide services to the Department of Defence or its supply chain

  • Require access to Defence bases or facilities

  • Operate in cyber, physical, ICT, or personnel security services for Defence

Is DISP mandatory?

While not legislated, DISP is often a contractual requirement and is increasingly expected across Defence and critical infrastructure engagements. It functions as an assurance framework demonstrating your organisation’s security maturity.

Accreditation and Process

How do I apply for DISP?

Applications are submitted through the Department of Defence DISP portal. To apply, your organisation must prepare a full security plan, document governance processes, and demonstrate alignment with DISP requirements in all four security domains.

See our step-by-step accreditation guide →

How long does DISP accreditation take?

The timeframe typically ranges from 6 to 12 weeks depending on the complexity of the application, readiness of documentation, and Defence’s review queue. Organisations that complete a readiness assessment and gap closure process in advance are more likely to achieve faster outcomes.

What documentation is required?

To meet DISP obligations, you will need to prepare and submit:

  • A DISP Security Plan

  • Insider Threat Mitigation Strategy

  • Cybersecurity policies aligned with the ACSC Essential Eight

  • Personnel security vetting and training procedures

  • Physical security controls and site plans

  • Governance documentation, including roles and responsibilities

SME and Consultant Considerations

Can small businesses obtain DISP accreditation?

Yes. Small-to-medium enterprises (SMEs) can and should apply for DISP, especially if supporting prime contractors or bidding on Defence work. Entry Level DISP is typically sufficient for subcontractors, consultants, and technology vendors not handling classified information.

Is DISP aligned with other frameworks?

DISP requirements overlap with several other recognised security and risk standards, including:

  • ISO 27001 (Information Security Management Systems)

  • ISO 18788 (Security Operations Management)

  • SOCI Act (Security of Critical Infrastructure)

  • ACSC Essential Eight

View DISP to ISO and SOCI comparison matrix →

Compliance and Support

What is a DISP gap assessment?

A DISP gap assessment identifies your organisation’s current level of compliance with DISP standards. It highlights deficiencies across the four security domains and provides a remediation plan prior to submitting a formal application.

Book a DISP gap assessment →

How much does DISP accreditation cost?

There is no direct fee to apply through the Department of Defence, but implementation costs vary. These may include:

  • Professional consulting services

  • Policy and documentation development

  • Security infrastructure upgrades

  • Cybersecurity platform integration

Can DefenceIndustries.com.au help with DISP?

Yes. We provide comprehensive DISP advisory services, including:

  • Readiness assessments

  • Documentation development

  • ReadiNow integration for security governance

  • Physical and cybersecurity uplift

  • Onboarding and post-accreditation support


Get Started Now