Holan was engaged to review and redesign the security systems of a small Australian Government entity responsible for managing sensitive information. The engagement required a comprehensive assessment of security posture and resilience across multiple dimensions — systems, personnel, operations and the external operating environment.
Through skilful stakeholder engagement and structured methodologies, the team navigated complex operational challenges, captured critical insights, and delivered a set of actionable recommendations. These outcomes not only informed the redesign of the entity’s security systems but also strengthened its overall risk management framework and enhanced its ability to safeguard information assets in alignment with government security standards.
What we delivered
Following a comprehensive risk assessment, the team identified key flaws and vulnerabilities within the entity’s existing security protocols and developed a tailored remediation plan to strengthen its overall security posture. The plan was operationalised in close collaboration with the entity, modernising core systems, reinforcing internal controls, and aligning security practices with the Protective Security Policy Framework (PSPF) and the Information Security Manual (ISM). Key deliverables included:
- New policies, providing clear guidance on protective security obligations and compliance expectations;
- Procedures, establishing consistent practices for day-to-day security management;
- Governance frameworks, to ensure effective oversight, accountability and continuous improvement;
- Incident and asset registers, improving visibility and traceability of security events and critical resources; and
- Targeted protective security training, equipping staff with the knowledge and capability to manage risks effectively.
Outcome
The team delivered a significant uplift in the entity’s security posture — achieving enhanced compliance with government security requirements, strengthened operational resilience, and improved alignment with best-practice standards. A culture of accountability and continuous improvement was embedded across the workforce, ensuring that security was reinforced at a systems and procedural level and embraced as a core organisational value.
Frequently asked questions
When was the PSPF updated?
The second PSPF release was on 24 July 2025 and included changes within the Governance, Information, Technology and Personnel domains.
How often should I review my security policies?
Better practice is to review these at least annually, and at least in line with any updates in key frameworks and policies.