Upload
hoangque
View
213
Download
0
Embed Size (px)
Citation preview
Personnel security guidelinesVetting Practices
Approved November 2014
Amended December 2017
Version 1.4
© Commonwealth of Australia 2016
All material presented in this publication is provided under a Creative Commons Attribution 4.0 International licence (www.creativecommons.org/licenses).
For the avoidance of doubt, this means this licence only applies to material as set out in this document.
The details of the relevant licence conditions are available on the Creative Commons website as is the full legal code for the CC BY 4.0 licence (www.creativecommons.org/licenses).
Use of the Coat of Arms
The terms under which the Coat of Arms can be used are detailed on the It's an Honour website (www.itsanhonour.gov.au).
Contact us
Enquiries regarding the licence and any use of this document are welcome at:
Attorney-General’s Department3–5 National CctBARTON ACT 2600
Email: [email protected]
Document details
Security classification Unclassified
Dissemination limiting marking Publicly available
Date of next review
Authority Protective Security Policy Committee
Author Protective Security Policy SectionAttorney-General’s Department
Document status Approved 4 November 2014Amended April 2015Amended June 2016Replaces the Personnel Security Practitioners Guidelines Version 1.0 approved June 2010Amended December 2017
i
Contents1. Introduction..........................................................................................................................1
1.1. Purpose............................................................................................................................1
1.2. Audience..........................................................................................................................1
1.3. Scope...............................................................................................................................1
1.4. Use of specific terms in these guidelines.........................................................................2
1.5. Vetting decisions/clearance status:.................................................................................2
1.6. Relationship to other documents....................................................................................4
1.7. References to legislation in these guidelines...................................................................4
1.7.1 Public Service Act 1999 (Cth)..................................................................................4
1.7.2 Privacy Act 1988 (Cth)............................................................................................4
1.7.3 Archives Act 1983 (Cth)..........................................................................................4
1.7.4 Australian Security Intelligence Organisation Act 1979 (Cth).................................5
1.8. Avoiding bias and conflict of interest...............................................................................5
1.9. Sharing personal information..........................................................................................5
2. Competencies of vetting personnel........................................................................................7
2.1 Assessing officer roles, qualifications and competencies................................................7
2.1.1 Role of the assessing officer...................................................................................7
2.1.2 Additional duties for assessing officers..................................................................8
2.1.3 Qualifications for assessing officers.......................................................................8
2.1.4 Competencies of an assessing officer.....................................................................8
2.1.5 Ongoing assessment of competencies...................................................................8
2.2 Vetting managers’ role, qualifications and competencies...............................................8
2.3 Delegates’ role, qualifications and competencies............................................................9
2.4 Outsourced vetting service providers..............................................................................9
2.5 Provision of training.........................................................................................................9
3. Initiating a clearance process...............................................................................................10
3.1 Provisional access..........................................................................................................10
3.2 Recognising existing security clearances.......................................................................11
3.3 Clearance pack requirements........................................................................................12
3.4 Non-compliance with the submission of clearance pack information...........................12
4. Clearance processing...........................................................................................................13
4.1 Justifying information required in a security clearance.................................................13
4.2 Confirming eligibility (citizenship and background) for a clearance...............................13
4.2.1 Confirming Australian citizenship.........................................................................13
ii
4.2.2 Confirming the clearance subject has a checkable background...........................13
4.3 Gaps, anomalies and discrepancies (GADs)...................................................................16
4.4 Supporting documents required for security clearances...............................................16
4.4.1 Authenticity of documents...................................................................................17
4.4.2 Statutory Declarations of authenticity.................................................................17
4.4.3 Translation of documents....................................................................................19
4.4.4 Requesting additional information from the clearance subject...........................19
4.5 Basis for assessing results of checks..............................................................................19
4.6 Vetting assessment checks............................................................................................21
4.6.1 Analysis of personal information..........................................................................21
4.6.2 Financial history checks........................................................................................22
4.6.3 Digital footprint checks........................................................................................23
4.6.4 Security incident and breach history....................................................................23
4.6.5 Integrity checks....................................................................................................23
4.6.6 Professional and personal referee reports...........................................................24
4.6.7 Interviews.............................................................................................................26
4.6.8 Supplementary interviews....................................................................................26
4.7 Supplementary checks...................................................................................................27
4.7.1 Medical checks.....................................................................................................27
4.7.2 Mental health checks...........................................................................................27
4.7.3 Psychological assessment....................................................................................28
4.7.4 Qualifications checks............................................................................................28
4.7.5 Employment details.............................................................................................28
4.8 ASIO security assessment, Police records check (PRC), and Immigration movements records check...........................................................................................................................29
4.8.1 ASIO security assessments...................................................................................29
4.8.2 Police Records Checks..........................................................................................32
4.8.3 Australian entry/exit check..................................................................................33
5. Personnel security adjudicative guidelines...........................................................................34
5.1 Suitability to hold a clearance........................................................................................34
5.2 Factor Areas...................................................................................................................35
5.2.1 External loyalties, influences and associations.....................................................36
5.2.2 Personal relationships and conduct.....................................................................40
5.2.3 Financial considerations.......................................................................................43
5.2.4 Alcohol and drug usage........................................................................................44
5.2.5 Criminal history and conduct...............................................................................46
5.2.6 Security violations................................................................................................47iii
5.2.7 Emotional/Mental health issues..........................................................................49
6. Assessing officers recommendation to the delegate.............................................................51
6.1 Meeting the principles of procedural fairness...............................................................51
6.2 Procedural Fairness Guidelines......................................................................................51
6.2.1 What is procedural fairness?................................................................................51
6.2.2 Is there a difference between natural justice and procedural fairness?...............52
6.2.3 Procedural fairness and security clearance decisions...........................................52
6.2.4 How does procedural fairness apply to a clearance subject who may be negatively affected by a Delegate’s decision?.................................................53
6.2.5 How does procedural fairness apply to an assessing officer?...............................53
6.2.6 How does procedural fairness apply to the Delegate?.........................................54
6.3 ASIO adverse or qualified security assessments............................................................54
6.3.1 Attorney-General’s Certificate..............................................................................54
6.4 Making a recommendation............................................................................................54
6.4.1 Recommending a clearance with specific clearance maintenance requirements.55
6.4.2 Recommending against a clearance....................................................................56
6.5 Quality assurance..........................................................................................................56
7. Delegate’s decision..............................................................................................................57
7.1 Approval conditional to specific clearance maintenance...............................................57
7.2 Documenting the delegate’s decision and reasons........................................................57
8. Advising the clearance subject and sponsoring agency of the clearance...............................58
8.1 Clearance subject notification requirements.................................................................58
8.1.1 Additional requirements when a clearance is cancelled or denied.......................58
8.2 Sponsoring agency notification requirements...............................................................58
8.2.1 Where a clearance is denied or cancelled............................................................59
9. Review or appeal of a clearance decision.............................................................................60
9.1 Reviewing clearance decisions.......................................................................................60
10. Clearance maintenance........................................................................................................62
10.1 Specific clearance maintenance requirements..............................................................62
10.1.1 Specific clearance maintenance arrangements....................................................62
10.1.3 Outcomes of specific clearance maintenance......................................................62
10.1.4 Advising the agency to withdraw access..............................................................63
10.1.5 Advising the clearance holder of the outcome.....................................................63
10.2 Clearance revalidation...................................................................................................63
10.3 Review for cause............................................................................................................64
10.4 Upgrades to clearances.................................................................................................65
11. Personal Security File management.....................................................................................66iv
11.1 Classification of PSFs......................................................................................................66
11.2 Transferring PSFs...........................................................................................................66
11.2.1 Permanent transfer..............................................................................................66
11.2.2 Temporary transfers............................................................................................67
11.2.3 Contractors’ PSFs.................................................................................................68
11.2.4 Removal of police records checks and other third party information from PSFs on transfer...........................................................................................68
11.2.5 Addressing anomalies in PSFs..............................................................................68
11.3 Access by clearance holders to their PSFs.....................................................................68
11.4 Disclosure of security risk to sponsoring agencies.........................................................69
11.5 The Archives Act 1983...................................................................................................69
11.5.1 Disposal in accordance with the Archives Act......................................................70
Annex A - Useful links..............................................................................................................71
Annex B - Documents that can be used as evidence of Australian citizenship.........................73
Annex C - Alternate proof of identity documents....................................................................74
Annex D - Documents, checks and inquiries required for security clearances.........................76
Annex E – Sample Financial History Check Questionnaire.......................................................80
Annex F - Example Financial Statement...................................................................................81
Annex G - Example ‘Instrument of Approval’...........................................................................84
Annex H - Template Privacy Notice and Security Clearance Informed Consent Form.............85
v
Amendments No. Date Location of amendment Details of amendment
1. April 2015 Section 4.6.3 Amend links to social media search sites
2. April 2015 Throughout Amend PSPF links
3. April 2015 Paragraph 87 Remove reference to Gold Standard Enrolment Framework – superseded by the National Identity Proofing Guidelines
4. June 2015 Section 1.7.2 Amend reference to the Privacy Act 1988 (Cth)
5. June 2016 Section 9.10 Amend content of ‘Reviewing clearance decisions’
6. June 2016 Section 11.3 Amend content of ‘Access by clearance holders to their PSFs’
7. June 2016 Section 11.5.1 Amend content of ‘Disposal in accordance with the Archives Act’
8. August 2016 Throughout Update template, format and hyperlinks.
9. December 2017 Paragraph 61Section 4.5 Table 1
Updated policies agreed Feb 2016: Increase the revalidation period of NV2 and PV
security clearances from 5 years to a period from 5-7 years.
Decrease the period of checking for PV security clearances from whole of life to 10 years or 16 years of age, whichever is greater.
vi
1. Introduction1.1. Purpose
1. The Australian Government personnel security guidelines—vetting practices have been developed to support the protection of the Australian Government’s people, information and assets, through sound personnel security practices. The guidelines provide advice to agencies to assist in their application of the controls identified in the Australian Government personnel security protocol.
2. These guidelines are for guidance only; agencies may use other controls and measures to implement the requirements of the Protective Security Policy Framework (PSPF).
3. Personnel security is one element of good protective security management. The Australian Government’s personnel security measures determine the suitability of personnel to access Australian Government resources. A suitable person possesses integrity and reliability and is not vulnerable to improper influence.
4. Effective personnel security provides assurance and confidence across government when collaborating or sharing Australian Government resources. This approach mitigates the threat from the trusted insider.
5. These guidelines should be read in conjunction with the PSPF—Personnel security core policy, protocol and the Australian Government personnel security guidelines—Agency responsibilities.
1.2. Audience6. These guidelines are intended for use by agencies undertaking security clearance vetting
and by all personnel involved in the conduct of vetting.
1.3. Scope7. These guidelines cover vetting agencies’ responsibilities for:
using competent and qualified vetting personnel
processing clearance requests and clearance packs
transferring existing clearances
conducting internal and external checks and interviews
actions required of the delegate when a clearance is recommended
actions required of the delegate when the recommendation is to deny or cancel a clearance
advice to clearance applicants of the review or appeal process if a clearance is denied
managing clearance maintenance requirements with the clearance holder’s agency, and
management of Personal Security Files (PSFs).1
8. These guidelines apply to all levels of security clearances, from Baseline to Positive Vetting (PV). However, there are additional requirements for PV clearances as detailed in the Australian Government Sensitive Material Security Management Protocol (SMSMP) available to agency security management personnel.
1.4. Use of specific terms in these guidelines9. In these guidelines the terms:
‘are to’ or ‘is to’—are controls identified in the Australian Government personnel security protocol
‘should’—refers to better practice; agencies are expected to apply better practice unless there is a reason based on their risk assessment to apply alternative controls.
personnel–refers to employees, contractors and service providers as well as anybody else who is given access to agency assets.
personal security file (PSF)–an electronic or paper file containing sensitive personal information and other information used to make a decision on a person’s suitability to hold and maintain a security clearance.
vetting agency–any agency undertaking security vetting, including Australian Government Security Vetting Agency (AGSVA), authorised agencies and State and Territory vetting agencies.
vetting personnel–all those involved in conducting the clearance vetting process, including administrative staff, checking officers, assessing officers, vetting managers and delegates.
assessing officers-a person who is appropriately qualified and competent to conduct personnel security clearance assessments in accordance with the procedures outlined in the PSPF.
Financial statement – provides a detailed summary of a clearance subject’s assets, income, liabilities and expenditure.
Financial history check - provides an overview of a clearance subject’s financial history.
1.5. Vetting decisions/clearance status:10. The following definitions are to be used when defining vetting decisions or clearance status.
11. Vetting decisions:
Ineligible–a determination by a vetting agency that a clearance subject is not eligible for an Australian Government security clearance as they do not:
- hold Australian citizenship, and/or
- have a checkable background.
Deny–a determination by a vetting agency that a clearance subject is not eligible to hold an Australian Government security clearance at one or more clearance levels.
Grant–a determination by a vetting agency that a clearance subject is eligible and suitable to hold an Australian Government security clearance.
2
Grant: conditional–a determination by a vetting agency that clearance subject is eligible and suitable to hold an Australian Government security clearance with conditions and/or aftercare requirements attached to the clearance.
Cancel–security clearance initiated, but not completed by the vetting agency as either the:
- sponsorship of the clearance was removed at the request of the sponsoring agency
- sponsorship or clearance requirement could not be confirmed, or
- clearance subject was non-compliant.
12. Clearance status:
Active–a maintained security clearance that is:
- sponsored by an Australian Government agency, and
- being maintained by a clearance holder and sponsoring agency.
Inactive–a security clearance that is within the revalidation period, however the clearance is:
- not sponsored by an Australian Government Agency, or
- not being maintained by the clearance holder for a period greater than six months due to long term absence from their role (for example maternity leave, leave without pay, temporary deployment or posting)
- for Positive Vetting an annual security check was completed within the last two years, (can be reactivated or reinstated provided the clearance is sponsored by an Australian Government agency before the end of the revalidation period).
Expired–a security clearance that:
- is outside the revalidation period and is not sponsored by an Australian Government agency
- is a PV clearance and did not have a Security Appraisal Form (SAF) completed within a two year period
- cannot be reactivated and reinstated, and
- reverts to an initial security clearance assessment process if an Australian Government agency provides sponsorship after the end of the revalidation period.
Ceased–a security clearance:
- that has been denied or revoked
- that may have time-based conditions on when a clearance subject or holder can reapply for a security clearance, and
- where the clearance subject or holder is ineligible to hold or maintain a security clearance.
3
1.6. Relationship to other documents13. These guidelines support the PSPF—Personnel security core policy and Australian
Government personnel security protocol.
14. These guidelines supersede:
Agency personnel security guidelines
Reporting changes in personnel circumstances guidelines
Contact reporting guidelines, and
Security clearance subjects guidelines.
15. Additional terms used in this guideline can be found in the PSPF—Glossary of Terms.
1.7. References to legislation in these guidelines1.7.1 Public Service Act 1999 (Cth)
16. These guidelines refer to sections of the Public Service Act 1999 (Cth) (PS Act) relating to employment conditions, the APS Values and the APS Code of Conduct for public servants employed under the PS Act. Where a client agency employs staff under different legislation, assessing officers should be aware of the client agency’s specific employment conditions.
17. The ability of an agency head of a vetting agency to delegate authority to grant or deny clearances is based on Section 78 of the PS Act, allowing agency heads to delegate their powers or functions. Authorised vetting agencies should refer to their own enabling legislation.
1.7.2 Privacy Act 1988 (Cth)18. The Privacy Act 1988 (Cth) contains the Australian Privacy Principles (APPs) which regulate
the handling of personal information by Australian Government agencies and businesses. Agencies should familiarise themselves with their obligations under the APPs, in particular APP 5 and APP 6. More information can be found at www.oaic.gov.au.
1.7.3 Archives Act 1983 (Cth)19. Vetting agencies need to be aware of their obligations regarding maintaining and disposing
of records including Personal Security Files (PSF) contained in the Archives Act 1983 (Cth).
20. Once a clearance is expired and the clearance holder no longer requires access to classified material, the vetting agency should dispose of the PSF in accordance with Administration Functions Disposal Authority 1764-1766 (AFDA), issued under section 24 of the Archive Act 1983 (Cth).
21. The AFDA allows for the disposal of PSFs five years after separation from the Australian Public Service or six years after the date of the last clearance check on file, whichever is sooner.
22. For more information see www.naa.gov.au.4
1.7.4 Australian Security Intelligence Organisation Act 1979 (Cth) (ASIO Act)
23. The ASIO Act provides a mechanism, for ASIO to provide Commonwealth agencies with individual security assessments for the purpose of the security clearance process.
1.8. Avoiding bias and conflict of interest24. Vetting agencies should ensure that there is no bias or perceived bias in the security
clearance process. For further information see section 6.2 – procedural fairness guidelines.
25. Vetting personnel should not be involved in any capacity in the clearance of anyone with whom they are or have been in a personal or business relationship.
26. Vetting recommendations and decisions can affect a clearance subject’s employment. Vetting personnel should be tolerant of the views of others and remain objective when assessing people and situations. For further information Commonwealth Anti-Discrimination Legislation.
1.9. Sharing personal information27. Vetting agencies and agencies are to share information relevant to the ongoing suitability of
personnel to access Australian Government resources.
28. Vetting agencies are to obtain written informed consent from all clearances subjects to share information with other agencies for the purposes of assessing their ongoing suitability. A template consent form is provided at Annex H – template privacy notice and security clearance informed consent form.
5
Diagram 1 – Summary of the security clearance process
Diagram 1 broadly outlines the security clearance process.
6
2. Competencies of vetting personnel29. Vetting agencies are to provide appropriate training and ensure vetting staff attain and
maintain the required competencies. Vetting personnel are to hold appropriate qualifications and demonstrate the required competencies to conduct security vetting.
30. Qualifications held by staff should be appropriately confirmed and recorded.
31. Vetting agencies are to ensure that all assessing officers operate in accordance with the PSPF—Personnel security core policy and the Australian Government personnel security protocol, prior to undertaking assessments of suitability to hold security clearances.
2.1 Assessing officer roles, qualifications and competencies
2.1.1 Role of the assessing officer32. An assessing officer is a person who is appropriately qualified and competent to conduct
personnel security clearance assessments in accordance with the procedures outlined in the PSPF.
33. The assessing officer is responsible for assessing the clearance subject’s character and identifying any vulnerabilities—i.e., factors that may expose the clearance subject to improper influence or coercion and anything that may potentially expose Australian Government resources to be compromised.
34. Assessing officers are to:
meet any obligations set out in legislation governing the Australian Public Service or the agency for which they are conducting clearances
comply with Australian Privacy Principles (APPs) of the Privacy Act 1988 (Cth) as they apply to security vetting, including being able to provide reasons for the collection, use and disclosure of personal information and conducting the checks undertaken as part of the clearance process
comply with the security provisions of the Crimes Act 1914 (Cth) and the Criminal Code 1995 (Cth).
declare any real, perceived or potential conflict of interest, and
ensure sensitive information is secure and never used for personal gain or to prejudice fair decision making.
35. Assessing officers are not to use their position to benefit themselves or others.
36. Assessing officers have access to others’ personal information, some of which may be sensitive, as defined in the APPs. The collection and use of this information may be of concern to some clearance subjects. Assessing Officers should be sensitive to the privacy of clearance subjects.
7
37. The assessing officer is to assess security concerns or factor areas against those listed in section 5 – personnel security adjudicative considerations.
2.1.2 Additional duties for assessing officers38. The vetting agency may also require assessing officers to:
make recommendations to the delegate in relation to personnel security policy and procedures
manage other assessing staff ,and
liaise with internal and external clients.
2.1.3 Qualifications for assessing officers39. Assessing officers undertaking Positive Vetting, Negative Vetting Level 2 or complex vetting
assessments are to hold a Certificate IV in Government Security (Personnel security stream) or equivalent.
40. Assessing officers undertaking Negative Vetting Level 1 and Baseline Vetting assessments are to hold a Certificate III in Government Security (Personnel security stream) or equivalent.
41. Unqualified, trainee assessing officers are to work under the close supervision of a qualified assessing officer. The qualified assessing officers remain responsible for all vetting recommendations to the delegate.
2.1.4 Competencies of an assessing officer42. Assessing officers are to be trained and assessed as competent in:
applying relevant public sector legislation, including the Privacy Act 1988 (Cth)
applying the principles of natural justice/ procedural fairness (see section 6.2 – procedural fairness guidelines )
handling official information
workplace communications
relevant interviewing skills
data analysis, and
conducting personnel security assessments.
2.1.5 Ongoing assessment of competencies43. Vetting agencies are to regularly assess the competencies of all assessing officers and provide
additional training and education to any officer with identified deficiencies.
2.2 Vetting managers’ role, qualifications and competencies
44. A vetting manager:
manages teams of vetting personnel, workflow management, administrative duties, and
provides advice and guidance to assessing officers on routine and problematic assessments.8
45. Vetting managers that supervise staff which conduct vetting assessments are to hold a Certificate III in Government Security (Personnel security stream) or equivalent.
46. Vetting mangers that make vetting recommendations in addition to their supervisor duties are to hold a Certificate IV in Government Security (Personnel Security stream).
2.3 Delegates’ role, qualifications and competencies
47. A security clearance delegate is a person formally authorised by the head of a vetting agency to deny, grant, grant-conditional or cancel a security clearances.
48. Delegates, as the final decision maker, should have reasonable knowledge and experience of the vetting process.
49. As an administrative decision reviewable under section 13(1) of the Administrative Decisions (Judicial Review) Act 1977 (Cth), the delegate’s decision needs to be formally recorded. Where a review is requested, the Act requires the decision maker to provide a statement setting out the findings on material questions of fact, giving the reasons for the decision and citing the evidence or other material on which the findings were based.
2.4 Outsourced vetting service providers50. Vetting agencies are responsible for the conduct of any security vetting by their contracted
service providers, and ensuring they comply with requirements of the PSPF. See the Protective security governance guidelines—Security of outsourced services and functions.
51. Vetting agencies are to confirm that the service provider’s vetting staff are suitably trained and competent in accordance with the PSPF.
2.5 Provision of training52. Vetting agencies are to ensure that training for qualifications listed in sections 2.1 and 2.2 are
provided by, Registered Training Organisation (RTO). RTOs are accredited training providers which offer Nationally Recognised Training courses. A list of RTOs is available from www.training.gov.au.
9
3. Initiating a clearance process53. Before the clearance process is started, vetting agencies are to confirm that all requests for
security clearances are sponsored by a Government agency.
54. State and Territory vetting agencies may only undertake vetting for clearances up to Negative Vetting Level 2, identified by agencies of that State or Territory.
55. Vetting agencies should check that the clearance request includes:
a signed informed consent for the sharing personal information, including sensitive information, between the vetting agency and the sponsoring agency
details of any existing clearances and a transfer approval consent signed by the clearance subject
a request for priority processing, where appropriate
advice if short term temporary access is approved or confirmation of suitability for provisional access is requested, and
confirmation of eligibility (citizenship)—i.e.:
- certification that the agency has completed the appropriate Australian citizenship checks for all employees, or
- an approved citizenship waiver with a detailed risk assessment for clearance requests for non-Australian citizens.
confirmation that the clearance subject has a checkable background—i.e.:
- the agency has taken into consideration any significant periods of greater than 12 months (cumulative) that a clearance subject has spent out of Australia, and
- if a clearance subject has spent more than 12 months (cumulative) outside of Australia, an approved eligibility (background) waiver with a detailed risk assessment has been completed—vetting agencies may still find an individual subject to an uncheckable background waiver unsuitable for a clearance based on those grounds.
3.1 Provisional access56. The decision to approve provisional access before a security clearance is granted rests with
the sponsoring agency after confirmation or receipt of a completed clearance pack with no obvious areas of concern from the vetting agency.
57. Sponsoring agencies should confirm with the vetting agency whether the clearance subject has previously held a security clearance. For further information see the Australian Government personnel security protocol section 7.
58. The sponsoring agencies approving provisional access accepts the risk associated with this action.
10
59. The vetting agency is to advise the sponsoring agency of any areas of significant concern identified during the clearance process for any clearance where provisional access has been approved.
3.2 Recognising existing security clearances60. Before commencing a new clearance process, if advised in the request for a clearance that
the clearance subject already holds a security clearance, vetting agencies are to confirm the clearance details with the granting agency and obtain the personal security file.1
61. The vetting agency is to recognise a security clearance already held by the clearance subject unless:
the clearance has expired—i.e. the period since the clearance was granted or last revalidated exceeds:
- for Baseline clearances : 15 years
- for Negative Vetting Level 1: 10 years
- for Negative Vetting Level 2: 5-7 years, or
- for Positive Vetting: 5-7 years with annual security appraisals in accordance with the SMSMP.
the vetting agency has concerns that the incoming clearance subject is no longer suitable to access Australian Government security classified resources at that clearance level
the clearance was granted on the basis of an eligibility (citizenship or background) waiver, or
the clearance was granted subject to specific clearance maintenance requirements.
62. If the clearance is subject to an eligibility waiver or specific clearance maintenance requirements, the vetting agency is to advise the gaining sponsoring agency. The gaining sponsoring agency is to decide whether they will pursue their own waiver submission and / or continue to accept / enforce the clearance maintenance conditions. If the sponsoring agency does not approve a new eligibility waiver or accept existing clearance maintenance conditions, then the clearance cannot be transferred.
63. When the clearance request is for a higher level security clearance, vetting agencies are to initiate a new clearance at the appropriate level.
64. The vetting agency is to advise the clearance subject and sponsoring agency of any decision to accept or not accept a transferred security clearance.
3.3 Clearance pack requirements65. In addition to the forms the clearance subject is required to complete, vetting agencies
should include the following information in the clearance pack:
1 Some PSF’s cannot be transferred due to the requirements contained in the Australian Security Intelligence Organisation Act 1979 (Cth) and the Intelligence Services Act 2001 (Cth). Agencies should check the requirements contained in their enabling legislation prior to transferring a PSF.
11
a single point of contact for the clearance subject within the vetting agency
the due date for the return of the completed pack and supporting documents
details of the required document copies and the statutory declaration to be completed, and
a privacy statement and informed consent form, identifying that the information provided will be used for:
- the initial clearance assessment
- any subsequent reviews
- any subsequent security investigations involving the clearance subject
- assessing the ongoing suitability to hold and maintain a security clearance
- See Annex I – for a sample privacy notice and template security clearance informed consent form .
66. The vetting agency should advise the clearance subject that, if the required forms are not fully completed and the requested documentation is not provided, the clearance process may be delayed or cancelled.
67. Non-compliance with the clearance process can be an indicator of poor security behaviour and will be considered as part of the assessment for the suitability to hold an Australian Government security clearance.
3.4 Non-compliance with the submission of clearance pack information
68. For new clearances, clearance revalidations or other clearance reviews, vetting packs, including supporting documents are to be returned within the required time set by the vetting agency, unless the clearance subject contacts the vetting agency to make other arrangements.
69. If a clearance subject fails to supply the required information in the time set by the vetting agency, then the vetting agency is to cancel the process and, for revalidations or review for cause cancel the existing clearance.
70. The vetting agency is to cancel any existing clearance held by a clearance subject where there is non-compliance with the submission of documentation. The vetting agency is to notify the clearance subject and the sponsoring agency that the clearance has been cancelled.
4. Clearance processing4.1 Justifying information required in a security
clearance71. Assessing officers are to only ask questions for the purpose of assessing an individual’s
suitability to access Australian Government resources, when interviewing the clearance subject or their referees. This may include questions about an individual’s integrity, character
12
traits, maturity, trustworthiness, honesty, tolerance, and loyalty. For further information see the APS Code of Conduct .
4.2 Confirming eligibility (citizenship and background) for a clearance
72. Only Australian citizens with a checkable background are eligible for an Australian Government security clearance, unless the eligibility requirements have been waived by the sponsoring agency head.
73. Sponsoring agencies are to confirm all clearance subjects are eligible, by confirming citizenship and checkable background requirements, prior to requesting a security clearance.
4.4.1 Confirming Australian citizenship74. Vetting agencies are to confirm the citizenship status of all clearance subjects who are not
employees of the sponsoring agency. While agencies are responsible for confirming the citizenship status of all employees during recruitment and before requesting a security clearance, this may not be possible if the clearance subject is not employed by the agency. For example, contractors, consultants and other sponsored recipients of classified information. For further information see Annex B – Citizenship proof requirements.
75. The Department of Immigration and Border Protection (DIBP) is responsible for Australian citizenship matters. If the vetting agency has any doubt about a clearance subject’s Australian citizenship status, it should refer the matter to DIBP. For further information see www.citizenship.gov.au.
76. Vetting agencies are to ensure that an eligibility waiver has been provided for non-Australian citizens prior to processing a clearance request.
4.4.2 Confirming the clearance subject has a checkable background
77. A checkable background is established when a vetting agency has validated information provided by a clearance subject with respect to their background from independent and reliable sources – for example referees, previous employers.
78. A clearance subject has an uncheckable background when the vetting agency cannot complete the minimum checks and inquiries for the relevant checking period, or the checks and inquiries, where able to be made, do not provide adequate assurance about the clearance subject’s life or background. In these circumstances, the vetting agency may decline the request for a clearance.
79. Any clearance subject that has spent greater than 12 months (cumulative) out of Australia within the requisite background checking period is to be considered to have an uncheckable background (if their periods of time out of Australia cannot be verified from independent and reliable sources). If the clearance subject’s periods of time out of Australia cannot be verified from independent and reliable sources, the subject is to be assessed by the vetting agency as ineligible to be considered for an Australian Government security clearance.
13
80. Vetting agencies are to consider the security risk to the Australian Government as the primary factor when assessing whether a person is considered to have a checkable background, and therefore whether they are eligible to be considered for an Australian Government security clearance.
81. For an individual to be eligible for an Australian Government security clearance, background checks should generally be able to be undertaken in Australia. It is expected that individuals sponsored by agencies for an Australian Government security clearance will have strong, established ties to Australia.
82. A vetting officer is to be satisfied that enough credible and reliable information is available about the clearance subject, over the assessable period, to make an informed, confident recommendation as to the clearance subject’s suitability.
83. A clearance subject may be assessed as having an uncheckable background when the assessing officer cannot complete the required minimum checks for a clearance because of the unavailability of required information, or the assessing officer does not have sufficient confidence in the quantity, quality, credibility or reliability of the information provided. For example, a background may be assessed to be uncheckable because:
minimum checks cannot be conducted in certain countries of former residence
certain documents do not exist - either they never existed, no longer exist or it is not possible to get copies from the issuing authority
there are significant gaps in a clearance subject’s background – for example, periods spent overseas – for which insufficient information is available, and/or the risks associated with these gaps are not readily able to be mitigated, or
the source of the documents or information about the clearance subject may not be assessed as credible or reliable.
84. If a clearance subject has spent significant periods of time overseas, in certain circumstances, it may be appropriate to undertake checks with authorities or individuals in other countries.
85. Overseas checking sources that may corroborate information provided in the clearance subject’s completed security pack and during interview include but are not limited to:
government agencies and bodies
academic institutions
local police records if available (obtained through liaison with the Australian Federal Police (AFP) or the Department of Foreign Affairs and Trade (DFAT))
humanitarian and aid agencies that maintain records for displaced persons
places of worship which often maintain birth, death and marriage information in lieu of government records, and
private companies with whom the clearance subject has been employed.
86. Immigration records may be useful in corroborating some information regarding the identity and background of citizens not born in Australia. However, checks made under the Migration Act 1958 (Cth) to assess a clearance subject’s suitability to hold Australian citizenship are different from those required to assess suitability to hold a clearance. The vetting agency
14
should not use citizenship or residency status as a substitute for minimum checks and inquiries.
87. Vetting agencies are to exhaust all reasonable and available checking avenues before determining that a clearance subject’s background is uncheckable. The assessing officer is to document the alternative measures undertaken. For examples of alternative checks refer to the National Identity Proofing Guidelines .
88. The vetting agency should interview clearance subjects identified as having uncheckable backgrounds. The interview is not a substitute for the mandatory background checks but can be used to corroborate information collected from other sources or to address remaining doubts or concerns.
89. The vetting agency may not be able to determine whether a background is checkable or not until the majority of checks and inquiries have been completed, depending upon the clearance subject’s circumstances.
90. If the vetting agency cannot confirm the clearance subject’s background the vetting agency is to:
request an eligibility (background) waiver from the sponsoring agency where:
- there is insufficient information on a subject’s background to be able to make a fully informed assessment
- there are no other concerns, and
- any identified risks can be mitigated, or
advise the sponsoring agency that the clearance cannot progress where:
- the checkable background is insufficient to enable an assessment to be conducted against the Personnel Security Adjudicative guidelines
- there are other concerns, or
- the risk cannot be mitigated.
91. Where a security clearance is recommended for a clearance subject with an uncheckable background, the assessing officer is to fully document how the identified risks were mitigated.
4.3 Gaps, anomalies and discrepancies (GADs)92. GADs checking refers to the checking and cross referencing for consistency of supporting
documents and background personal information provided by clearance subjects in their clearance packs. The vetting agency is to ensure that information provided by the clearance subject is complete, consistent and accurate. Assessing officers should:
check that all documents requiring signature and witnessing have been signed and that signatures and dates of signature match
confirm addresses and dates of residence with supporting documents15
confirm employment and dates employed with supporting documents
confirm that identity details in background information are consistent with the birth certificate, marriage certificate, passport and any other identity documents provided
check that appropriate referees and their contact details have been provided where applicable, and
check the financial statement for completeness (if applicable).
93. The assessing officer should resolve any inconsistencies and gaps in residential and employment addresses. If there are inconsistencies, the assessing officer should contact the clearance subject for clarification or further information. Things to look for include periods of residency in:
one country while working in another, and
one town while working in another, some distance away.
94. In some instances, the clearance subject may maintain a permanent residential address but work away from home. The assessing officer should identify any temporary residential addresses during these periods.
95. Where paper-based packs are used and the assessing officer amends or annotates information provided by the clearance subject, the changes should be clearly identified as being made by the assessing officer.
4.4 Supporting documents required for security clearances
96. The vetting agency is to sight copies or originals of the supporting documents listed in Annex D - Documents, checks and inquiries required for security clearances.
97. Vetting agencies should support the provision of supporting documentation through a range of methods, such as receiving documentation via post, e-mail, and fax.
98. Vetting agencies are to maintain a record of supporting documents sighted.
99. Once the clearance and any review or appeal of the clearance process is finalised, the vetting agency is to return any original supporting documents listed in Annex D - Documents, checks and inquiries required for security clearances .
100. In any subsequent Negative Vetting or Baseline clearance action, vetting agencies should not request documents previously recorded as sighted unless there are concerns about the authenticity of the documents.
4.4.1 Authenticity of documents101. The assessing officer should satisfy themselves that copies of supporting documents
provided by the clearance subject have not been altered, particularly primary identification
16
documents. Where there are doubts about the authenticity of the documents, the vetting agency may request that original documents be provided.
102. If there are concerns about the authenticity of the document supplied or if it appears to have been altered, the assessing officer should check with the issuing agency.
103. The Australian Federal Police Forensic Document Examination Team can provide advice on verification and authenticity, contactable at [email protected].
4.4.2 Statutory Declarations of authenticity104. Vetting agencies are to ensure all clearance subjects sign a Statutory Declaration stating that:
the information provided is truthful and complete, and
all documents provided:
- are accurate and without amendment
- are as issued by the issuing authority, and
- relate to the clearance subject.
105. The clearance subject may also make Statutory Declarations in lieu of some supporting documents where copies of documents cannot reasonably or readily be obtained from issuing authorities within the time required.
106. The vetting agency may accept a Statutory Declaration in lieu of supporting documents where a considerable delay is expected and where the clearance subject undertakes to provide the documents as soon as they are received. In such instances, the assessing officer should recommend the clearance be granted on the condition that the documents are provided within a reasonable time. A date should be specified in the recommendation to facilitate maintenance of the conditional clearance.
107. If a clearance subject fails to provide the documentation by the date specified the clearance should be ceased.
108. Vetting agencies should not accept Statutory Declarations for:
primary identification documents issued by an Australian authority
proof of current employment
proof of current residential address, or
primary identification documents issued by a foreign authority where it is possible to obtain these documents.
109. Where a Statutory Declaration is provided in lieu of any primary identification from a foreign authority due to unavailability or significant delays in gaining the document the clearance subject may have an uncheckable background. For further information see section 4.2.2 - confirming the clearance subject has a checkable background .
17
110. Where the clearance subject has taken all reasonable measures to source the documents, the clearance subject may provide a Statutory Declaration for other supporting documents such as:
proof of previous residential addresses, and
proof of previous employment.
111. A Statutory Declaration provided in lieu of supporting documents should state:
that the clearance subject does not have the document(s)
why the clearance subject is unable to provide the document(s)
what the clearance subject has done to find the document(s), and
that, if found, the document(s) will be provided.
112. The assessing officer should check that:
the witness to the declarant’s signature is an authorised witness in accordance with the legislation
the declaration was signed and witnessed on the same day
if the text of the declaration is more than one page, that all pages are initialled at the bottom by the signatory and the witness, and
if errors have been made, they have been ruled out (no correcting fluids can to be used) and all corrections have been initialled by the signatory and the witness.
113. Where the requirements listed above are not met, the vetting agency cannot accept the Statutory Declaration and should return it to the clearance subject for correction.
114. Further information about statutory declarations see the Attorney-General’s Department’s publication on Statutory Declarations.
4.4.3 Translation of documents115. Where supporting personal documents are in a language other than English, the vetting
agency should advise the clearance subject to seek translations from a translator accredited by the National Accreditation Authority for Translators and Interpreters or approved by the vetting agency.
116. Following translation of the document(s), the clearance subject should provide the vetting agency copies of the original document and the translation.
117. Exceptions can be made where the document provides information in English as well as in the foreign language, or where the necessary information can be easily interpreted by the vetting agency.
18
118. Some foreign government agencies will provide a translation or dual language original of official documents such as birth certificates and marriage certificates. The vetting agency should accept copies of these translated or dual language documents.
4.4.4 Requesting additional information from the clearance subject
119. The vetting agency should thoroughly review the returned security pack and supporting documentation for GADs before contacting the clearance subject to seek additional information.
120. Vetting agencies are to advise clearance subjects of any timeframes for the return of additional documents or information requested as a result of GADs.
121. If additional information is not provided within the allowed time and other arrangements have not been made, the vetting agency is to commence the process to cancel the clearance. For further information see section 3.4 – non-compliance with the submission of clearance pack information.
4.5 Basis for assessing results of checks122. Vetting agencies should assess all information gathered against section 5 – personal security
adjudicative guidelines when assessing the results of any checks. A summary of checks is at Annex D - – Documents, checks and inquiries required for security clearances .
19
Table 1 – Minimum personnel security checks and requirements for initial clearances 1
Notes:1. Suitability is assessed against the criteria contained in Section 52. Qualifications checks should be part of an agency employment screening process where qualifications are claimed and/or mandatory.3. Financial statement – provides a detailed summary of a clearance subject’s assets, income, liabilities and expenditure. For further information see section 4.6.2. .4. Referees are to collectively cover the whole checking period. Professional checks are to cover at least the preceding 3 months. Additional referees may be required.5. The application of spent convictions legislation will vary dependent on the jurisdiction in which the offence occurred.6. Identity checked in accordance with the Australian Identity Proofing Guidelines (level 3 for baseline and NV1 and level 4 for NV2 and PV). In addition to documentation to confirm residential addresses, employment, supporting
documentation is also required to confirm citizenship status, and if relevant overseas travel, see section 4.6 . 7. For further details see the Sensitive Material Security Management Protocol8. Financial history check - provides an overview of a clearance subject’s financial history. For further information see section 4.6.2. .
20
Postive Vetting
Psychological assessment
Negative Vetting 2 Financial probity check
Negative Vetting 1 Security interview Security interview
Digital footprint checks Digital footprint checks Digital footprint checks
Financial statement 3 Financial statement 3 Financial statement 3 and supporting documents
Suitability screening questionnaire Suitability screening questionnaire Suitability screening questionnaire
Baseline Vetting ASIO assessment ASIO assessment ASIO assessment
Qualification verification 2 Qualification verification 2 Qualification verification 2 Qualification and document verification
Professional referee check 4 Referee checks (including 1 professional) 4 Referee checks (including 1 professional and 1 un-nominated) 4
Referee checks (including 1 professional and 1 un-nominated) 4
Police Records Check (No Exclusion) 5 Police Records Check (Full Exclusion) 5 Police Records Check (Full Exclusion) 5 Police Records Check (Full Exclusion)
Financial history check8 Financial history check8 Financial history check8 Financial history check8
5 year background check 6 10 year background check 6 10 year background check 6 10 year background check or from 16 years of age, whichever is greater 7
Official secrets declaration Official secrets declaration Official secrets declaration Official secrets declaration
Statutory Declaration Statutory Declaration Statutory Declaration Statutory Declaration
Identity verification 6 Identity verification 6 Identity verification 6 Identity verification 6
4.6 Vetting assessment checks4.6.1 Analysis of personal information
123. When analysing the personal background information provided in the clearance pack by the clearance subject, the assessing officer should consider the following, in conjunction with the factors listed in section 5 – personnel security adjudicative guidelines :
Overseas influences – Was the clearance subject born in another country? Do they have family or friends in other countries that may have influence on the clearance subject? Can the foreign country use the clearance subject’s family or friends to influence the clearance subject?
Does the clearance subject have any outstanding military obligations to their country of birth? – Some countries have compulsory military service. If the clearance subject left the country before they met this obligation, they may be required to complete it or be prosecuted for avoidance if they return to the country of origin. Becoming an Australian citizen does not indemnify or exempt the clearance subject from this obligation.
Does the clearance subject hold dual citizenship? – Some clearance subjects may concurrently hold citizenship of another country or countries. In such cases there is the risk of divided or conflicted loyalties. The clearance subject should be asked to explain why they have retained foreign citizenship. Some countries do not allow their citizenship to be renounced and the clearance subject may not be aware that they are still a citizen or that country and that they may have continuing obligations (including military service), particularly if they came to Australia as a minor. Alternatively some countries do not permit dual citizenships.
Family/relationship circumstances – Where a clearance subject has had a number of partners, there may be concerns about their maturity, reliability, resilience and/or tolerance. Where there have been multiple partners during the review period or if there are any concerns about these relationships, the assessing officer should request additional information from the clearance subject.
Clubs – Membership of sporting and/or community clubs is not normally a concern if for social purposes. However, membership of a large number of clubs with gambling facilities may indicate a gambling problem.
Associations – The assessing officer should ask the clearance subject to list and explain all the associations they belong to. If unsure about the nature and purpose of the association, further information should be sought from the clearance subject. For example:
- membership of some religious or political associations may make the clearance subject susceptible to undue influence, and
- some associations, particularly religious groups, may impose considerable financial obligations on the clearance subject. These should be considered when assessing the clearance subject’s financial position.
21
124. Where the assessing officer identifies concerns about a clearance holder which cannot be mitigated, an interview for cause may be warranted. For further information see section 4.6.7 - supplementary interviews. An interview for cause may be conducted by telephone call or, for significant concerns, by face-to-face interview. Vetting agencies are to document supplementary interviews on the PSFs.
125. For internal checks for positive vetting see the SMSMP.
4.6.2 Financial history checks126. It is recommended that assessing officers undertake specialist training, or seek specialist advice
before undertaking complex financial analysis.
127. Issues to be considered include whether:
the clearance subject is living beyond their means, e.g. spending more than he/she earns or is impulsive and irresponsible in his/her spending
there is any unexplained income, and
there is any history of indebtedness, failure to meet financial obligations (including submission of tax returns, payment of rent and debts, bankruptcy and denial of credit).
128. Vetting agencies should complete a financial history check for all clearance subjects as detailed in Table 1 (above) and Table 4 of the Personnel Security Protocol. For a sample financial history check questionnaire see Annex E - sample financial history check questionnaire .
129. Vetting agencies are to complete a financial statement for all negative vetting and positive vetting clearances, as detailed in Table 1 (above) and Table 4 of the Australian Government personnel security protocol . Annex F – Financial statement is an example of a financial statement.
130. Where the assessing officer has concerns about a clearance subject’s financial situation, particularly unexplained wealth or a high level of debt, additional checks may be warranted. Vetting agencies should determine appropriate checks on a case by case basis but may include an examination of bank account records.
131. Where clearance subject has indicated that they have been bankrupt or insolvent, the vetting agency should request a bankruptcy check in writing through the Insolvency and Trustee Service Australia (ITSA).
132. If a clearance subject has a history of financial defaults, is in a difficult financial situation, or if there are concerns about the clearance subject’s finances, the vetting agency may seek a credit history check from an accredited financial credit check organisation. A number of private organisations can provide credit checks on a fee for service basis. Additionally clearance subjects can obtain a credit reference checks at no cost directly from a number of private organisations.
22
4.6.3 Digital footprint checks
133. A digital footprint is the unique pattern of electronic transactions made by an individual’s online presence. Publically available information relating to peoples personnel lives online has never been so prolific.
134. An assessment of an individual’s digital footprint can provide a comprehensive picture of their life, their interactions and world view. This information may identify behaviours of security concern that should be considered during the clearance assessment.
135. Vetting agencies should undertake digital footprint checks for all clearance subjects.
136. There are a number of ways vetting agencies can undertake a digital footprint check on a clearance subject. Some examples of free digital footprint checks include:
Typing the clearance subjects full name in quotations (e.g. “John Smith”) in a search engine such as Google or Bing. If multiple results are returned, the location of the clearance subjects past residences can be added to refine the result returned (e.g. “John Smith” AND “Canberra”).
The website Pipl assists in finding personal profiles, public records, and other people-related documents. Searches can be completed by name, email address and username.
The website Yasni is search engine platform that provides details of a number of internet subscriptions of the name entered; including: social network profiles, news articles, websites, interests, employers, contact details, and documents.
137. In addition to the search engines above, there are number of social networking sites that may contain publically available information on a clearance subject. Most social networking sites can be viewed, dependant on the privacy settings of the individuals profile. Some example of social networking sites that could be searched, include: Bebo , Myspace , Facebook , V Kontakte , Linkedin and Qzone .
4.6.4 Security incident and breach history138. The assessing officer should contact the clearance subject’s current and past
agencies/employers to confirm whether the clearance subject has had any security infringements, breaches or violations if any concerns are identified during the security assessment. The assessing officer should request any infringement or breach history from government agencies, if not previously provided.
139. If the clearance subject has a history of security incidents or breaches, they may have a disregard for security and their commitment to protecting Australian government resources may be questionable.
4.6.5 Integrity checks140. Vetting agencies should contact previous Government employers to determine if there is a
current investigation into a possible breach of the ‘code of conduct’ or any integrity issues; or if the person has been found to have breached the code of conduct. Previous private sector
23
employers may also be contacted if a supervisor referee report provided by that employer does not confirm the clearance subject’s integrity.
141. Before contacting a current private employer, the assessing officer should confirm with the clearance subject that the employer can be contacted. Contacting some private organisations may put the clearance subject’s current employment at risk. Where a current supervisor cannot be contacted the assessing officer should consider whether this constitutes an uncheckable background – see section 4.2.2 –confirming clearance subject has a checkable background .
4.6.6 Professional and personal referee reports142. The sponsoring agency is responsible for undertaking professional referee checks for all Baseline
security clearances for its own employees.
143. Vetting agencies are to obtain at a minimum:
for Baseline—one professional referee report. Sponsoring agencies should undertake a supervisor referee check as part of the pre-employment screening. Where a supervisor report has not been obtained by the sponsoring agency during pre-employment screening, the vetting agency should seek to obtain a supervisor report from the clearance subjects referees
for Negative Vetting Level 1, two referee reports including one professional referee
for Negative Vetting Level 2, three referee reports including one professional referee, one personal referee and one un-nominated referee, and
for Positive Vetting further guidance is included in the SMSMP.
144. Referee interviews should be conducted by phone or, for complex issues, face-to-face where practicable. If a verbal interview is not practicable or possible, a written referee report may be requested. As it is more difficult to gauge potential areas of concern from written reports, the written report form should be structured to address all the factor areas identified in section 5 – personnel security adjudicative guidelines and any specific issues or concerns.
145. The assessing officer should substantiate any information provided by referees to avoid possible conflict with the clearance subject over the accuracy of information. The information can be substantiated by contacting additional referees or carrying out other supplementary checks.
146. At the beginning of the referee interview, the assessing officer should establish the nature of the referee’s relationship with the clearance subject and how long they have known each other.
147. The assessing officer should avoid using family members as referees.
148. Referees should have known the clearance subject for a minimum of three months.
149. In accordance with the Privacy Act 1988 (Cth) , the assessing officer should advise the referee of the purpose of the report and who will have access to the information provided. Referees should be advised that the information may be passed to other Government agencies if/when the clearance subject changes employment to or from an authorised agency.
24
150. The assessing officer should advise the referees that the information will be treated confidentially. However, if there is a request for review of a clearance process, or a freedom of information request, the information may be provided to the clearance subject.
151. Assessing officers should ask referees whether they recommend the clearance subject as a suitable person to hold a security clearance and why they recommend them. If the referee is ambiguous or the recommendation is negative, the assessing officer should seek as much information as possible from the referee to assist in substantiation with other referees or supplementary checks.
152. The assessing officer should follow up with appropriate questions where the referee implies or directly states the clearance subject is unsuitable to establish an understanding of the issues. The assessing officer should confirm with the referee if he or she can be contacted again to resolve any security concerns that may arise.
153. In addition to providing advice on a clearance subject’s suitability to hold a security clearance, referees can corroborate information provided by clearance subject such as current and previous addresses, current and previous employment, overseas travel, financial status, and use of alcohol or drugs. This may be used as a mitigation factor where other supporting documentation is not available.
154. Vetting agencies should make reasonably practicable efforts to substantiate the accuracy of information provided in referees reports in accordance with the Privacy Act 1998 (Cth).
Professional referee reports
155. Vetting agencies should seek supervisor referee reports that cover at least the preceding three months. If the current supervisor has not been supervising the clearance subject for this time, the vetting agency should contact previous supervisor(s) to make up the three month period.
156. Assessing officers should contact the clearance subject’s most recent significant supervisor. Where this person cannot be contacted, a previous supervisor or another workplace referee may be contacted. Workplace referees should be at or above the current level of the clearance subject. Generally, lower level work colleagues or subordinates should not be used as workplace referees.
157. Professional referee reports should include information on the clearance subject’s:
relationship with the supervisor and how long the clearance subject has been supervised by the referee
reasons for leaving the workplace (if applicable)
attitude to security in the workplace
personality and behaviour in the workplace, including relationships with managers, peers and subordinates
any security infringements, breaches or violations, and
25
character traits such as integrity, honesty, trustworthiness, loyalty, maturity, resilience and tolerance.
158. The assessing officer should confirm with the clearance subject that their current supervisor can be contacted. Contacting referees in some organisations may put the clearance subject’s current employment at risk.
Personal referee checks
159. Personal referees should cover the whole assessment period and may include more than one referee where required.
160. Professional or workplace referees can provide personal referee reports where they can cover the factor areas identified in section 5 – personnel security adjudicative guidelines. They can also provide input on the clearance subject’s attitude to security in the workplace.
4.6.7 Interviews161. Vetting agencies are to undertake an interview of the clearance subject for all Negative Vetting
Level 2 and Positive Vetting clearances. The interview should address all factor areas and any specific areas of concern. Interviews may also be used to clarify information or address specific concerns for all levels of clearance.
162. Vetting agencies are to conduct interviews with all clearance subjects with eligibility waivers at the NV1 and NV2 levels to determine any issues of allegiance. It is recommended that interviews be undertaken for clearance subjects with eligibility waivers at the Baseline level.
163. The assessing officer should review the PSF and referee reports before the interview to identify any factor areas that may be of particular concern.
164. Vetting agencies are to document all interviews on the PSF.
4.6.8 Supplementary interviews165. Supplementary interviews should be conducted for all clearance levels where specific areas of
concern arising from internal and external checking have not been adequately resolved by other supplementary checks. Supplementary interviews should address the specific areas of concern and any further concerns identified at interview.
166. Supplementary interviews should be conducted face-to-face wherever possible for significant or complex issues. However, a telephone interview may be conducted for minor issues or where a face-to face interview is not possible (e.g. the clearance subject is travelling overseas or is on leave as a carer).
167. The assessing officer should, if possible, carry out one interview to resolve all issues identified.
168. Vetting agencies are to document all additional interviews on the PSF.
26
4.7 Supplementary checks169. Vetting agencies are to conduct any necessary supplementary checking to resolve any issues
identified during the clearance process. If the issues are not resolved the assessing officer is not to recommend the clearance.
170. Some available supplementary checks are listed below. It is not an exhaustive list. Checks used to resolve issues for higher level clearances may also be used at lower levels.
4.7.1 Medical checks171. The vetting agency should seek the sponsoring agency’s agreement before undertaking any
medical checks as these may incur significant additional costs.
172. Supplementary medical checks should only be conducted where there is a health concern that may impact on the clearance subject’s suitability to access classified material has been identified. Where concerns are raised, advice should be sought from a medical practitioner before undertaking checks.
173. A vetting agency can only request supplementary medical checks with the written consent of the clearance subject for the medical practitioner to release information relating to the issue. Further information can be found about requesting medical information and privacy at Office of the Australian Information Commissioner.
174. The informed consent form as part of the normal vetting process is not sufficient for the release of medical information from a medical practitioner. A separate release including the subject’s consent will be required. Any medical request needs to:
identify to the medical practitioner the specific issue(s) of concern
explain why the issue(s) is/are relevant to the security clearance process, and
identify what information is required.
175. If the clearance subject refuses to give consent and the area of concern cannot otherwise be mitigated, the vetting agency should not grant the clearance.
176. For further information see section 5.2.7 – emotional/mental health issues and section 5.2.4 – alcohol and drug usage.
4.7.2 Mental health checks177. Mental health assessments should only occur where the vetting agency identifies issues relating
to the clearance subject’s ability to protect Australian Government resources. Having a mental health illness does not necessarily mean that a clearance subject would not be able to protect classified information or resources.
178. Additional mental health checks may be warranted where the vetting agency is concerned that the clearance subject’s emotional stability or psychological health may affect their ability to protect Australian Government resources.
27
179. If the clearance subject is, or has been, under treatment for an emotional or mental health condition, information may be requested from a mental health professional. The request for any medical information, including mental health concerns, should be undertaken in accordance with section 4.7.1 – medical checks.
180. It may be necessary for a vetting agency to appoint a mental health professional if the clearance subject does not have their own practitioner or if the concern is unrelated to current or previous treatments. The vetting agency should brief the practitioner about the assessing officer’s concerns and the requirements for the protection of classified information.
181. The vetting agency is not to grant the clearance, where:
the clearance subject refuses to consent to a check with their own practitioner, or
refuses to attend an evaluation with an appointed mental health professional, and
the assessing officer’s concern(s) cannot otherwise be mitigated.
182. For further information see section 5.2.7 – emotional/mental health issues.
4.7.3 Psychological assessment183. An additional tool that vetting agencies can use to establish a clearance subjects identity and
suitability, is psychological assessments.
184. A typical psychological assessment consists of two parts: psychometric testing and the psychological interview. Psychological assessments aim to establish the identity and general suitability (character, attributes, background and actions) of the clearance subject.
185. Psychological assessments are undertaken by appropriately qualified psychologists and primarily used to establish a clearance subjects’ suitability for a Positive Vetting clearance.
4.7.4 Qualifications checks186. The sponsoring agency is responsible for verifying the qualifications of all personnel. This would
normally be part of employment screening. For further information see AS4811:2006 Employment Screening. The sponsoring agency should provide qualification details to the vetting agency if required.
187. The vetting agency may also write directly to educational institutions if there is doubt about the authenticity of a clearance subject’s educational qualifications.
4.7.5 Employment details188. Subject to the clearance subject’s agreement, the assessing officer may contact current or past
employers to confirm employment for those periods where proof of employment is not available.
189. It may not be possible to verify short periods of employment. The assessing officer should consider whether the periods of employment are significant to the ‘whole of person’ assessment of the clearance subject before making any recommendation on an uncheckable background.
28
4.8 ASIO security assessment, Police records check (PRC), and Immigration movements records check
190. The ASIO security assessment is to be completed after all checks and the clearance interview is complete. This prevents any unnecessary checking by ASIO where the clearance subject would not otherwise be recommended for a clearance. Vetting agencies should negotiate with ASIO on a case by case basis where operational needs require the ASIO security assessment to be conducted simultaneously.
191. It is better practice to complete all checks (including any supplementary checks) before undertaking the PRC and Immigration check.
192. All checks, other than the ASIO security assessment, should be completed before conducting a clearance interview (where required).
193. Unless resolved through supplementary checking, the assessing officer is to raise any concerns identified in external checks at the clearance interview.
4.8.1 ASIO security assessments194. An ASIO security assessment is to be conducted for all Negative Vetting and Positive Vetting
security clearance actions.
195. The vetting agency can request an ASIO security assessment for a baseline security clearance, if there are any concerns that may impact on the national interest.
196. ASIO security assessments provide a recommendation to the vetting agency on the suitability of the clearance subject to access security classified information, confidential and above. The security assessment is not a recommendation to grant a clearance; that remains the vetting agency’s decision. Before making a recommendation, the assessing officer is to take into consideration any issues arising out of the internal and external checks, including the ASIO security assessment.
197. In conducting a security assessment, ASIO takes into account matters such as the activities, associates, attitudes and character of the clearance subject, as these relate to ‘security’ as defined in the ASIO Act.
198. Vetting agencies are to only request an ASIO security assessment after all other checks have been finalised to ensure that ASIO has access to the most comprehensive information available relating to a clearance applicant, when providing as security assessment.
199. The vetting agency is to inform ASIO of any issues of security significance or suitability relating to the clearance subject. Where issues arise which warrant a recommendation to not grant a clearance, the assessing officer should not request an ASIO assessment or should cancel any request already made.
200. If the clearance subject is not an Australian citizen, the assessing officer should attach a copy of the eligibility waiver to the request to ASIO.
29
Requesting an ASIO security assessment
201. Only AGSVA and Commonwealth authorised vetting agencies can request security assessments for security clearances from ASIO.
202. State and Territory agencies' requests for security assessments will be coordinated by the Head of their Premier’s or Chief Minister's Department and/or the Commissioner of Police or their delegates, in accordance with the Memorandum of Understanding for the Protection of National Security Information signed in April 2007.
203. State and Territory requests for ASIO security assessments may be submitted through the Attorney-General’s Department (AGD) as the sponsoring Commonwealth agency. For further information contact AGD’s Departmental Security Unit at [email protected].
204. Vetting agencies should include a completed ‘Request for Security Assessment’ form and a copy of the completed personal background information form with all hardcopy requests to ASIO from Commonwealth authorised agencies or AGD on behalf of a State or Territory agency. AGSVA will lodge electronic requests which include a copy of the electronic personal information forms.
205. If the vetting agency holds or subsequently receives any other information which may have a bearing on the security assessment, including interview reports, this information is to be included with the request or, if subsequently received, forwarded to ASIO.
206. ASIO will return an endorsed copy of the request form to the vetting agency but will not return any other documents. Vetting agencies should only send original documents to ASIO in exceptional circumstances. Vetting agencies should discuss such cases with ASIO before original documents are dispatched.
207. ASIO will not assess incomplete forms. Personal background information forms are to be completed in full before being submitted for ASIO assessment.
208. ASIO has developed the following guidelines for accepting paper personal background information forms. Where the form was certified as completed:
less than six months ago: ASIO will proceed as usual
more than six but less than 12 months ago: ASIO will proceed with the assessment provided the vetting agency has contacted the subject to confirm no details have changed. The vetting agency should note the contact with the subject for this information on the forms whether or not there are any amendments. The assessing officer should note and date any changes of circumstances or note where there are no changes, or
more than 12 months ago: The clearance subject should complete a new personal background information form. ASIO will only accept forms over 12 months old in exceptional circumstances. In such cases the assessing officer should discuss the circumstances with ASIO before sending the forms.
30
209. ASIO will not provide security assessments from personal background information forms that do not meet these criteria. For further information relating to this process contact ASIO at [email protected] .
Requesting priority handling for an ASIO security assessment
210. Requests for urgent priority assessments will not be given priority unless there are exceptional circumstances. Vetting agencies should contact ASIO to discuss these cases prior to sending assessment requests.
211. Urgent priority requests for ASIO security assessments are processed by ASIO before routine requests. Commonwealth authorised agencies and AGD should only request urgent handling where there is a critical requirement for rapid resolution of the clearance. Such circumstances may include, but are not limited, short notice clearances for overseas postings or deployments and for national security operational purposes. The lack of organisational planning does not constitute exceptional circumstances.
212. Vetting agencies should include a brief explanation of the urgency and the date by which a response is required with all requests for priority handling.
Security assessment response
213. ASIO will provide one of three responses in accordance with Part IV of the ASIO Act:
Non prejudicial - ASIO does not object to a person having access
Qualified - ASIO does not object to a person having access, but that they have information relevant to security that the agency should be aware of, and
Adverse - ASIO recommends that the person not be granted access or that his/her access be limited or restricted in some way. ASIO will provide reasoning for this decision.
214. The vetting agency should consider ASIO’s response in conjunction with other information presented in the clearance process before making a recommendation to a delegate.
Requesting an ASIO security re-assessment upon security clearance revalidation or upgrade.
215. An ASIO security re-assessment is required for the revalidation of Negative and Positive Vetting clearances.
216. Where a clearance subject has previously undergone an ASIO security assessment for a baseline security clearance, the vetting agency should seek another security assessment if there has been a significant change of circumstances, including but not limited to changes that may have a bearing on the clearance subject’s security assessment. Vetting agencies are to consult with ASIO to determine this requirement. For further information see section 8.1 of the Personnel Security Guidelines – Agency Personnel Security Responsibilities .
217. If, the vetting agency is unsure whether to request a new ASIO security assessment, the vetting agency may email the query to [email protected].
31
218. A new ASIO security assessment is required for all upgrades of clearances. For example a new ASIO security assessment is required for upgrades from Baseline to a Negative Vetting level clearance, an upgrade from a Negative Vetting level 1 to a Negative Vetting level 2, or any upgrade to Positive Vetting.
219. Requests for an ASIO security re-assessment from Commonwealth authorised agencies or AGD on behalf of a State or Territory agency should have attached a completed ‘Review of Security Assessment’ form and a copy of the completed current personal background information forms. The current personal background information form is to be completed in full. A change of circumstances form and a previous personal background information form is not sufficient. The guidelines regarding the age of a personal background information form apply, for further information see section 4.8.3 - ASIO security assessments. Vetting agencies should include any other information relevant to security. The AGSVA will electronically lodge an updated personal background information form.
4.8.2 Police Records Checks (PRCs)Australian PRCs
220. The Australian Federal Police (AFP) or CrimTrac carry out Australian PRCs in accordance with the Spent Convictions Scheme. The scheme allows the clearance subject to withhold disclosure of spent convictions unless an exclusion has been granted. For further information see the OAIC – Spent Conviction Scheme Fact Sheet .
Level of PRC
221. Under the Spent Convictions Scheme, a Full Exclusion PRC under Commonwealth legislation requires that all criminal offences be declared. Under a Partial Exclusion, only specified types of offences need be declared. Where there is No Exclusion, the Spent Convictions Scheme applies to all criminal offences and the clearance subject only needs to provide details of applicable offences.
222. A ‘Full Exclusion’ PRC is to be sought for all new and revalidated Negative Vetting clearances. Clearance subjects are to detail all convictions, regardless of the date of conviction or nature of offence, as well as any cases currently pending or before the courts.
223. For Baseline Vetting clearances a ‘No Exclusion’ PRC is to be sought. Clearance subjects are not required to divulge convictions, if any of the below conditions are applicable to that conviction:
it has been 10 years from the date of the conviction (or 5 years for juvenile offenders)
the individual was not sentenced to imprisonment for more than 30 months
the individual has not re-offended during the 10 year (5 years for juvenile offenders) waiting period
a statutory or regulatory exclusion does not apply
224. For further information see the AFP’s publication on the Spent Conviction Scheme.
225. Assessing officers should be aware of sponsoring agencies that may have ‘Partial or Full Exclusions’ under the agency’s legislation. Where the sponsoring agency undertakes a Partial or
32
Full Exclusion PRC, it is considered an agency-specific character check. However, the sponsoring agency may, with the clearance subject’s approval, provide the vetting agency with a copy of a ‘Nil Report’ result in lieu of a ‘No Exclusion’ PRC in the clearance process.
PRCs from other countries
226. The assessing officer may request a clearance subject to seek a PRC from another country when the clearance subject has spent a considerable portion of the checking period living in another country outside Australia, either working or travelling. It may not be worthwhile undertaking checks for short periods outside Australia.
227. Before seeking an overseas PRC, the vetting agency should consider any consequences for the clearance subject if that country is alerted that the individual may be undergoing a clearance process in Australia.
228. In some countries the accuracy and reliability of a PRC is questionable. In such circumstances it may be preferable to verify the clearance subject’s honesty and reliability through additional referee checks.
229. For details on obtaining an overseas police certificate, see the Department of Immigrations and Border Protection - Character and police certificate requirements and the Centre for the Protection of National Infrastructure guide Overseas criminal record checks.
Action if a conviction is recorded
230. When a PRC is returned with an undisclosed conviction recorded, vetting agencies are to conduct an interview for cause.
231. Undisclosed convictions that are closer to the present date may raise concerns over the clearance subject’s honesty.
232. On occasion, the AFP or CrimTrac may provide incorrect responses, e.g. where there is a number of people with the same or similar name and the same date of birth. The vetting agency should follow the AFP or CrimTrac resolution processes before questioning the clearance subject’s integrity. Another PRC may be required if there are discrepancies.
4.8.3 Australian entry/exit check (Immigration movement records)
233. If the assessing officer needs to verify a clearance subject’s entry to or exit from Australia, the Department of Immigration and Border Protection can provide a movement record of all Australian entries and exits. For further information see the Department of Immigration and Border Protection - Movement Records.
33
5. Personnel security adjudicative guidelines
234. The personnel security adjudicative guidelines have been developed to assist assessing officers and delegates assess the clearance subject against common factor areas that may impact on the clearance subject’s suitability to hold a security clearance. They apply to considerations for initial or continued suitability for access to security classified material.
235. In evaluating the relevance of any conduct, the assessing officer and delegate should consider the:
nature, extent, and seriousness of the conduct
circumstances surrounding the conduct including the degree of willing and/or knowledgeable participation
frequency and currency of the conduct
clearance subject's age and maturity at the time of the conduct
presence or absence of rehabilitation and other pertinent behavioural changes
motivation for the conduct
potential for pressure, coercion, exploitation, or duress, and
likelihood of continuation or recurrence.
236. Clearance subjects must be assessed on their own merits, and the final determination remains the responsibility of the delegate. Any doubt concerning the clearance subject’s suitability must be resolved in favour of the national interest.
5.1 Suitability to hold a clearance237. A clearance subject is suitable to hold a security clearance at any level, where it is established, to
the appropriate degree of satisfaction, that the clearance subject possesses and demonstrates an appropriate level of integrity, i.e., a soundness of character and moral principle. In the security context, integrity is defined as a range of character traits that a clearance subject should possess and demonstrate in order for the Government to have confidence in that clearance subject’s ability to protect security classified resources. These character traits are:
honesty – truthful and frank, and do not have a history of unlawful behaviour
trustworthiness – responsibility and reliability and maturity
maturity – capable of honest self-appraisal and able to cope with stress; age is not necessarily a good indicator of maturity
34
tolerance - an appreciation of the broader perspective even when holding strong personal views, able to remain impartial and flexible (an inability to accept other peoples’ life choices or respect cultures can indicate intolerance); and accept differences in people, opinions or situations through respect, understanding and empathy.
resilience – ability to adapt well in the face of adversity, trauma, tragedy, threats or significant sources of stress, and
loyalty – a commitment to the democratic processes of the Australia Government, loyalty is not confined to the nation but also includes the objectives, ethos and values of the working environment (strong political views incompatible with the Australian Constitution may put in doubt a person’s loyalty).
238. Reference to a number of factor areas of the clearance subject’s life, including personal relationships, employment history, behaviour and financial habits contributes to an assessment of a clearance subject’s integrity. Agencies should be confident that clearance subjects who are responsible for security classified resources possess a sound and stable character.
239. Clearance subjects must also demonstrate that they are not unduly vulnerable to influence or coercion.
5.2 Factor Areas240. The ultimate determination of whether the granting or continuance of a security clearance is
consistent with the national interest must be an overall common sense determination based upon careful consideration of the whole person in the context of the following:
External loyalties, influences and associations
Personal relationships and conduct
Financial considerations
Alcohol and drug usage
Criminal history and conduct
Security attitudes and violations, and
Mental health disorders.
241. These factor areas may have a bearing on one or more of a clearance subject’s character traits.
242. Although adverse information concerning a single criterion may not be sufficient for an unfavourable determination, the clearance subject may be denied the clearance if available information reflects a current or recurring pattern of:
questionable judgment
dishonesty
35
intolerance/ inflexibility
immaturity
untrustworthiness
irresponsibility
vulnerability to influence or coercion, or
emotionally unstable behaviour.
243. Reliable and significant adverse information may lead the delegate to deny the clearance.
244. When information of security concern becomes known about an clearance subject who currently has access to security classified material, the delegate and assessing officer should consider whether the person:
voluntarily reported the information
responded to questions truthfully and completely
sought assistance and followed professional guidance, where appropriate
resolved or appears likely to favourably resolve the security concern, and
has demonstrated positive changes in behaviour and employment before determining whether clearance suspension or revocation is warranted.
245. If after evaluating material of security concern, the delegate decides that the material is not serious enough to warrant a recommendation of denial or revocation of the security clearance, it may be appropriate to recommend granting the clearance with a warning that future incidents of a similar nature may result in revocation of access.
5.2.1 External loyalties, influences and associationsThe concerns
246. All people working on behalf of the Australian Government must have a commitment to the democratic process and a respect for the processes by which the elected government functions. If clearance subjects express political or personal views incompatible with Australia’s constitutional, democratic system of government, doubts arise about whether they can remain loyal to the Australian Government. Conflicts of view or conscientious objections could arise in some cases. However, the issue is whether clearance subjects recognise their individual responsibilities to their employing agency, the elected government and the public interest.
247. When a clearance subject acts in such a way as to indicate a preference for a foreign country over Australia, then he/she may be prone to act in a way that is harmful to the national interest of Australia.
248. Involvement in certain types of outside employment or activities is of security concern if it poses a conflict with a clearance subject's security responsibilities and could create an increased risk of unauthorised disclosure of security classified information.
36
249. A security risk may exist when the clearance subject or their immediate family, including cohabitants, and other persons to whom he or she may be bound by affection, influence, or obligation are not Australian citizens or may be subject to duress. These situations could create the potential for foreign influence that could result in the compromise of security classified information. Contacts with citizens of other countries or financial interests in other countries are also relevant to security determinations if they make the clearance subject potentially vulnerable to coercion, exploitation, or pressure.
Conditions that could raise a security concern and may be disqualifying
250. Involvement in, support of, training to commit, or advocacy of any act of:
espionage
sabotage
sedition
terrorism
treason
politically motivated violence
communal violence
attacks on Australia’s defence system, or
acts of foreign interference
251. Association or sympathy with persons who are attempting to commit, or who are committing, any of the above acts.
252. Association or sympathy with persons or organisations that advocate, threaten, or use force or violence, or use any other illegal or unconstitutional means, in an effort to:
overthrow or influence the Australian Government or any state or local government
prevent federal, state, or local government personnel from performing their official duties
gain retribution for perceived wrongs caused by the Federal, state, or local government, and/or
prevent others from exercising their rights under the Constitution or laws of Australia or of any state or territory.
253. Contact with a family member, business or professional associate, friend, or other person who is a citizen of, or resident in, a foreign country, if that contact creates an unacceptably heightened risk of foreign exploitation, inducement, manipulation, pressure, or coercion.
254. Connections to a foreign person, group, government, or country that create a potential conflict of interest between the clearance subject's obligation to protect security classified resources
37
and the clearance subject's desire to help a foreign person, group, or country by providing that information.
255. Sharing living quarters with a person or persons, regardless of citizenship status, if that relationship creates a heightened risk of foreign or criminal inducement, manipulation, pressure, or coercion.
256. A substantial business, financial, or property interest in a foreign country, or in any foreign-owned or foreign-operated business, which could subject the clearance subject to heightened risk of foreign influence or exploitation.
257. Failure to report, when required, association with a foreign national.
258. Unauthorised association with a suspected or known agent, associate, or employee of a foreign intelligence service.
259. Indications that representatives or nationals from a foreign country are acting to increase the vulnerability of the clearance subject to possible future exploitation, inducement, manipulation, pressure, or coercion.
260. Conduct, especially while travelling outside Australia, which may make the clearance subject vulnerable to exploitation, pressure, or coercion by a foreign person, group, government or country.
261. Exercise of any right, privilege or obligation of foreign citizenship after becoming an Australian citizen. This includes but is not limited to:
possession of a current foreign passport
military service or a willingness to bear arms for a foreign country
accepting educational, medical, retirement, social welfare, or other such benefits from a foreign country
residence in a foreign country to meet citizenship requirements
using foreign citizenship to protect financial or business interests in another country
seeking or holding political office in a foreign country, or
voting in a foreign election.
262. Action to acquire or obtain recognition of a foreign citizenship by an Australian citizen.
263. Performing or attempting to perform duties, or otherwise acting, so as to serve the interests of a foreign person, group, organisation, or government in conflict with Australia’s national interest.
264. Any statement or action that shows allegiance to a country other than Australia, for example, declaration of intent to renounce Australian citizenship, or the renunciation of Australian citizenship.
265. Any employment or service, whether compensated or voluntary, with:
38
the government of a foreign country
any foreign national, organisation, or other entity
a representative of any foreign interest
any foreign, domestic, or international organisation, including media, or person engaged in analysis, discussion, or publication of material on intelligence, defence, foreign affairs, protected technology or protective security, or
failure to report or fully disclose an outside activity when this is required.
266. Ongoing voluntary association with individuals or groups of an extremist nature e.g. - those that espouse beliefs incompatible with a liberal democracy.
Conditions that could mitigate security concerns
267. Mitigating factors may impact one or more areas of concern:
The clearance subject was unaware of the unlawful aims of an individual or organisation and severed ties upon learning of these.
The clearance subject’s involvement was only with the lawful or humanitarian aspects of an organisation such as those referred to in A7.
Involvement in activities of concern occurred for only a short period of time and was attributable to curiosity or academic interest.
The involvement or association with such activities occurred under such unusual circumstances, or so much time has elapsed, that it is unlikely to recur and does not cast doubt on the clearance subject’s current reliability, trustworthiness, or loyalty.
The nature of the relationships with foreign persons, the country in which these persons are located, or the positions or activities of those persons in that country are such that it is unlikely the clearance subject will be placed in a position of having to choose between the interests of a foreign individual, group, organisation, or government and Australia’s national interest.
There is no conflict of interest, either because the clearance subject’s sense of loyalty or obligation to the foreign person, group, government, or country is so minimal, or the clearance subject has such deep and longstanding relationships and loyalties in Australia that they can be expected to resolve any conflict of interest in favour of Australia’s national interest.
Contact or communication with foreign citizens is casual and infrequent and there is little likelihood that it could create a risk for foreign influence or exploitation.
The foreign contacts and activities are on Australian Government business and/or are approved by the agency security adviser.
39
The clearance subject has promptly complied with agency requirements regarding the reporting of contacts, requests, or threats from persons, groups, or organisations from a foreign country.
The value or routine nature of the foreign business, financial, or property interests is such that they are unlikely to result in a conflict and could not be used to influence, manipulate, or pressure the clearance subject.
Where reasons for possession or acquisition of multiple citizenship are not a security concern, including, but not limited to:
o multiple citizenship is based solely on parents' citizenship or birth in a foreign country
o marriage, and
o convenience of travel.
The clearance subject has expressed a willingness to renounce other citizenships.
Exercise of the rights, privileges, or obligations of foreign citizenship occurred before the clearance subject became an Australian citizen or when the clearance subject was a minor.
The use of a foreign passport is approved by the agency security adviser.
The foreign passport has been destroyed, surrendered, or otherwise invalidated.
The vote in a foreign election was encouraged by the Australian Government.
5.2.2 Personal relationships and conductThe concerns
268. Conduct involving questionable judgment, dishonesty, or unwillingness to comply with rules and regulations can raise questions about the clearance subject's reliability, trustworthiness and ability to protect security classified information.
269. Of special interest is any failure to provide truthful and candid answers during the security clearance process or any other failure to cooperate with the security clearance process. The following will normally result in denial or revocation of a security clearance; or administrative termination of further processing for a security clearance assessment:
refusal, or failure without reasonable cause, to undergo or cooperate with security clearance processing, including but not limited to meeting with an assessing officer for a security interview, completing security and/or consent forms and cooperation with supplementary evaluations and periodic reviews, or
refusal to provide full, frank and truthful answers to relevant questions of assessing officers, or other official representatives in connection with a personnel security determination.
40
270. Sexual behaviour that involves a criminal offence indicates a personality or emotional disorder reflects a gross lack of judgment or discretion, or which may subject the clearance subject to undue influence or coercion, exploitation, or duress can raise questions about the clearance subject's reliability, trustworthiness and maturity. Sexual orientation is not relevant to these considerations.
Conditions that could raise a security concern and may be disqualifying
271. Deliberate omission, concealment, or falsification of relevant facts from any personnel security questionnaire, personal history statement, or similar form used to determine security clearance suitability; or providing misleading information assessing officers or other officers involved in the clearance process.
272. Credible adverse information in several adjudicative issue areas that is not sufficient for an adverse determination under any other single guideline, but which, when considered as a whole, supports a whole-person assessment of questionable judgment, untrustworthiness, unreliability, lack of candour, unwillingness to comply with rules and regulations, or other characteristics indicating that the person may not properly safeguard official information.
273. Credible adverse information that is not explicitly covered under any other guideline and may not be sufficient by itself for an adverse determination, but which, when combined with all available information supports a whole-person assessment of questionable loyalty, trustworthiness, honesty, maturity, tolerance or vulnerability to coercion or influence. This includes but is not limited to consideration of:
untrustworthy or unreliable behaviour including breach of client confidentiality, release of proprietary information, unauthorised release of sensitive corporate or other official government information
disruptive, violent, or other inappropriate behaviour in the workplace
a pattern of dishonesty or rule violations, or
evidence of significant misuse of Government or other employer's time or resources.
274. Sexual behaviour of a criminal nature, whether or not the clearance subject has been prosecuted.
275. A pattern of compulsive, self-destructive, or high risk sexual behaviour that the person is unable to stop or that may be symptomatic of a personality disorder.
276. Sexual behaviour that causes the clearance subject to be vulnerable to coercion, exploitation, or duress (refer to guideline G).
277. Personal conduct, or concealment of information about one's conduct, that creates a vulnerability to exploitation, manipulation, or duress, such as:
engaging in activities which, if known, may affect the person's personal, professional, or community standing, or
41
while in another country, engaging in any activity that is illegal in that country or that is legal in that country but illegal in Australia and may serve as a basis for exploitation or pressure by the foreign security or intelligence service or other group.
278. Violation of a written or recorded commitment made by the clearance subject to the employer as a condition of employment.
279. Association with persons involved in criminal activity.Conditions that could mitigate security concerns2
280. Mitigating factors may impact one or more areas of concern:
The behaviour occurred prior to or during adolescence and there is no evidence of subsequent conduct of a similar nature.
The behaviour no longer serves as a basis for coercion, exploitation, or influence.
The clearance subject made prompt, good-faith efforts to correct the omission, concealment, or falsification before being confronted with the facts.
The refusal or failure to cooperate, omission, or concealment was caused by or associated with improper or inadequate advice of government officers or legal counsel. Upon being made aware of the requirement to cooperate or provide the information, the clearance subject cooperated fully and truthfully.
The behaviour or offence is so minor, or so much time has passed, or the behaviour is so infrequent, or it happened under such unique circumstances that it is unlikely to recur and does not cast doubt on the clearance subject's current reliability, trustworthiness, or good judgment.
The clearance subject has acknowledged the behaviour and obtained counselling to change the behaviour or taken other positive steps to alleviate the stressors, circumstances, or factors that caused untrustworthy, unreliable, or other inappropriate behaviour. There is evidence that this treatment has been effective and such behaviour is unlikely to recur.
The clearance subject has taken positive steps to reduce or eliminate vulnerability to exploitation, manipulation, or duress.
The information was unsubstantiated or from a source of questionable reliability.
Association with persons involved in criminal activity has ceased or occurs under circumstances that do not cast doubt upon the clearance subject's reliability, trustworthiness, judgment, or willingness to comply with rules and regulations.
2 The assessing officer and delegate should also consider guidelines pertaining to criminal conduct or mental health disorders, in determining how to resolve any security concerns raised by sexual behaviour.
42
5.2.3 Financial considerationsThe concerns
281. Failure or inability to live within one's means, satisfy debts, or meet financial obligations may indicate poor self-control, lack of judgment, or unwillingness to abide by rules and regulations. This may raise questions about a clearance subject's honesty, trustworthiness, maturity, and vulnerability to coercion or influence.
282. A clearance subject who is financially overextended may be at a heightened risk of engaging in illegal acts including espionage to generate funds. This risk is further heightened if the financial difficulties have arisen from compulsive behaviour, e.g. gambling.
283. Unwillingness to pay debts where means are available may indicate untrustworthiness or lack of conscience regarding obligations.
284. Affluence that cannot be explained by known sources of income is also a concern as it may indicate proceeds from financially profitable criminal acts.
Conditions that could raise a security concern and may be disqualifying
285. Inability or unwillingness to satisfy debts.
286. Indebtedness caused by frivolous or irresponsible spending and the absence of any evidence of willingness or intent to pay the debt or establish a realistic plan to pay the debt.
287. A history of not meeting financial obligations.
288. Deceptive or illegal financial practices such as embezzlement, theft, fraud, tax evasion or other intentional breaches of trust.
289. Consistent spending beyond one's means, which may be indicated by excessive indebtedness, significant negative cash flow, high debt-to-income ratio, and/or other financial analysis.
290. Financial problems that are linked to drug abuse, alcoholism, gambling addiction, or other matters indicating compulsive behaviour or emotional or psychological instability that may have implications for the clearance subject’s maturity, trustworthiness and vulnerability to coercion or influence (refer to guidelines D and G).
291. Repeated failure to meet Australian taxation requirements.
292. Unexplained affluence, as shown by a lifestyle or standard of living, increase in net worth, or money transfers that cannot be explained by subject's known legal sources of income.
293. Compulsive or addictive gambling as indicated by an unsuccessful attempt to stop gambling, ‘chasing losses’ (i.e. increasing the bets or returning another day in an effort to get even), concealment of gambling losses, borrowing money to fund gambling or pay gambling debts, family conflict or other problems caused by gambling.
Conditions that could mitigate security concerns
294. Mitigating factors may impact one or more areas of concern:
43
The behaviour happened so long ago, was so infrequent, or occurred under such circumstances that it is unlikely to recur and does not cast doubt on the clearance subject's current reliability, trustworthiness, or good judgment.
The conditions that resulted in the financial problem were largely beyond the person's control (e.g. loss of employment, a business downturn, unexpected medical emergency, or a death, divorce or separation), and the clearance subject acted responsibly.
The person has received or is receiving counselling for the problem and/or there are clear indications that the problem is being resolved and/or is under control.
The clearance subject initiated good-faith efforts to repay overdue creditors or otherwise resolve debts.
The clearance subject has a reasonable basis to dispute the legitimacy of the debt and provides evidence of actions to resolve the issue.
The affluence resulted from a legal source of income.
5.2.4 Alcohol and drug usageThe concerns
295. Excessive alcohol consumption often leads to the exercise of questionable judgment or the failure to control impulses, and can raise questions about a clearance subject's reliability and trustworthiness and ability to maintain discretion.
296. Use of illegal drugs or misuse of prescription drugs can raise questions about a clearance subject's trustworthiness and honesty, both because it may impair judgment and because it raises questions about a person's ability or willingness to comply with laws, rules, and regulations. Use of illegal drugs or misuse of prescription drugs may also make the clearance subject vulnerable to coercion or influence.
297. Drugs are mood and behaviour altering substances and include, but are not limited to, drugs, materials, and other chemical compounds identified and listed in Schedule VI of the Customs Act 1901, and inhalants and other similar substances.
298. Drug abuse is the use of an illegal drug, or use of a legal drug in a manner that deviates from approved medical direction.
Conditions that could raise a security concern and may be disqualifying
299. Alcohol-related incidents away from work, such as driving while under the influence, fighting, child or spouse abuse, disturbing the peace, or other incidents of concern, regardless of whether the clearance subject has been diagnosed as an alcohol abuser or alcohol dependent.
300. Alcohol-related incidents at work, such as reporting for duty in an intoxicated or impaired condition, or excessive drinking while at work.
301. Habitual or binge consumption of alcohol to the point of impaired judgment.
44
302. Diagnosis by a duly qualified medical professional (e.g. physician, clinical psychologist, or psychiatrist) of alcohol, or drug abuse or dependence.
303. Identification of alcohol or drug abuse or dependence by an accredited clinical social worker who is a staff member of a recognised alcohol or drug treatment program.
304. Relapse after diagnosis of alcohol or drug abuse or dependence and completion of an alcohol or drug rehabilitation program.
305. Criminal charges relating to alcohol or drug abuse or possession.
306. Failure to follow any court order regarding alcohol or drug education, evaluation, treatment, or abstinence.
307. Any drug abuse
308. Testing positive for illegal drug use.
309. Illegal drug possession, including cultivation, processing, manufacture, purchase, sale, or distribution; or possession of drug paraphernalia.
310. Expressed intent to continue illegal drug use, or failure to clearly and convincingly commit to discontinue drug use.
Conditions that could mitigate security concerns
311. Mitigating factors may impact one or more areas of concern:
So much time has passed, or the behaviour was so infrequent, or it happened under such unusual circumstances that it is unlikely to recur or does not cast doubt on the clearance subject's current reliability, trustworthiness, or good judgment.
The clearance subject is participating in an alcohol counselling or treatment program, has no history of previous treatment and relapse, and is making satisfactory progress.
o the clearance subject acknowledges his or her alcohol dependence or abuse and has successfully completed inpatient or outpatient alcohol counselling or rehabilitation along with any required aftercare
o has demonstrated a clear and established pattern of modified consumption or abstinence in accordance with treatment recommendations, such as adherence to a program, such as Alcoholics Anonymous or a similar organisation, and
o has received a favourable prognosis by a duly qualified medical professional or an accredited clinical social worker who is a staff member of a recognised alcohol treatment program.
A demonstrated intent not to abuse any drugs in the future, such as:
o disassociation from drug-using associates and contacts
o changing or avoiding the environment where drugs were used
45
o an appropriate period of abstinence, and
o a signed statement of intent with automatic review for cause of clearance for any violation.
Abuse of prescription drugs was after a severe or prolonged illness during which these drugs were prescribed, and the abuse has since ended.
Satisfactory completion of a prescribed drug treatment program, including but not limited to, rehabilitation and aftercare requirements, without recurrence of abuse, and a favourable prognosis by a duly qualified medical professional or an accredited clinical social worker who is a staff member of a recognised drug treatment program.
5.2.5 Criminal history and conductThe concerns
312. Criminal activity creates doubt about a person's judgment, reliability, trustworthiness, maturity and honesty. By its very nature, it calls into question a person's ability or willingness to comply with laws, rules and regulations.
Conditions that could raise a security concern and may be disqualifying
313. A criminal offence, or multiple lesser offences, or a conviction in an Australian or foreign court, including a military court-martial, for a crime.
314. Discharge or dismissal from the Australian Defence Force or police force under adverse conditions.
315. Credible allegation or admission of criminal conduct, regardless of whether the person was formally charged, formally prosecuted or convicted.
316. The clearance subject is currently on parole or probation.
317. Violation of parole or probation, or failure to complete a court-mandated rehabilitation program.
318. Voluntary association with criminals.Conditions that could mitigate security concerns
319. Mitigating factors may impact one or more areas of concern:
So much time has elapsed since the criminal behaviour happened, or it happened under such unusual circumstances that it is unlikely to recur and does not cast doubt on the clearance subject's reliability, honesty, trustworthiness or good judgment.
The person was pressured or coerced into committing the act and those pressures are no longer present in the person's life.
Persuasive evidence that the person did not commit the offence or the conviction for the offence was subsequently overturned.
46
There is evidence of successful rehabilitation; including but not limited to the passage of time without recurrence of criminal activity, evidence of remorse or restitution, job training or higher education, good employment record, or constructive community involvement.
5.2.6 Security violationsThe concerns
320. Deliberate or negligent failure to comply with procedures, rules and regulations for protecting security classified or other sensitive information, including on information and communications technology (ICT) systems, raises doubt about a clearance subject's trustworthiness, judgment, reliability, or willingness and ability to safeguard such information, and is a serious security concern.
321. ICT systems include all related computer hardware, software, firmware, and data used for the communication, transmission, processing, manipulation, storage, or protection of security classified information.
Conditions that could raise a security concern and may be disqualifying
322. The unauthorised:
viewing
disclosure
collecting
storing
handling
destruction
manipulation, and/or
modification of official or personal information.
323. Deliberate disregard of agency procedures or guidelines for the handling, use and storage of official or personal information.
324. Copying official or personal information in a manner designed to conceal or remove classification or other document control markings.
325. Viewing or downloading information from a secure system beyond the clearance subject’s need-to-know.
326. Any failure to comply with rules for the protection of security classified or other sensitive information.
327. Negligence or lax security habits that persist despite counselling by management.
47
328. Failure to comply with rules or regulations that results in damage to national security, regardless of whether it was deliberate or negligent.
329. Illegal or unauthorised:
entry into any ICT system
modification
destruction
manipulation
and/or denial of access to information, software, firmware, or hardware in an ICT system.
330. Use of any ICT system to gain unauthorised access to another system or to a compartmented area within the same system.
331. Downloading, storing, or transmitting security classified information on or to any unauthorised software, hardware, or ICT system
332. Unauthorised use of a government or other ICT system.
333. Introduction, removal, or duplication of hardware, firmware, software, or media to or from any ICT system without authorisation, when prohibited by rules, procedures, guidelines or regulations.
334. Any misuse of ICT, whether deliberate or negligent, that results in damage to the national security.
335. Misuse of both Government and private information and ICT systems are of concern.Conditions that could mitigate security concerns
336. Mitigating factors may impact one or more areas of concern:
So much time has elapsed since the behaviour, or it has happened so infrequently or under such unusual circumstances, that it is unlikely to recur and does not cast doubt on the clearance subject's current reliability, honesty, trustworthiness, or good judgement.
The clearance subject responded favourably to counselling or remedial security training and now demonstrates a positive attitude toward the discharge of security responsibilities.
The security violations were due to improper or inadequate training.
The misuse was minor and done only in the interest of a bona fide emergency or operational imperative when no other timely alternative was readily available.
The conduct was unintentional or inadvertent and was followed by a prompt, good-faith effort to correct the situation and notify a supervisor.
48
5.2.7 Emotional/Mental health issuesThe concerns
337. Certain emotional, mental, and personality conditions can impair judgment, reliability, or trustworthiness. A formal diagnosis of a disorder is not required for there to be a concern under this guideline.
338. A duly qualified mental health professional (e.g. clinical psychologist or psychiatrist) employed by, or acceptable to and approved by the agency, should be consulted when evaluating potentially disqualifying and mitigating information under this guideline.
339. No negative inference concerning the standards in this Guideline may be raised solely based on seeking mental health counselling.
Conditions that could raise a security concern and may be disqualifying
340. Behaviour that casts doubt on a clearance subject's judgment, reliability, or trustworthiness that is not covered under any other guideline, including but not limited to emotionally unstable, irresponsible, dysfunctional, violent, paranoid, or bizarre behaviour.
341. An opinion by a duly qualified mental health professional that the clearance subject has a condition not covered under any other guideline that may impair judgment, reliability, or trustworthiness.
342. The clearance subject has failed to follow treatment advice related to a diagnosed emotional, mental, or personality condition, e.g. failure to take prescribed medication.
Conditions that could mitigate security concerns
343. Mitigating factors may impact one or more areas of concern:
The identified condition is readily controllable with treatment, and the clearance subject has demonstrated ongoing and consistent compliance with the treatment plan.
The clearance subject has voluntarily entered a counselling or treatment program for a condition that is amenable to treatment and the clearance subject is currently receiving counselling or treatment with a favourable prognosis by a duly qualified mental health professional.
Recent opinion by a duly qualified mental health professional employed by, or acceptable to and approved by the agency seeking the clearance that a clearance subject's previous condition is under control or in remission, and has a low probability of recurrence or exacerbation.
The past emotional instability was a temporary condition (e.g. one caused by death, illness, or marital break-up), the situation has been resolved, and the clearance subject no longer shows indications of emotional instability.
There is no indication of a current problem.
49
6. Assessing officers recommendation to the delegate
344. Vetting agencies need to apply procedural fairness without compromising the national interest.
345. The assessing officer is to make a recommendation to the delegate, whether to grant or deny a clearance.
346. The assessing officer should remove from the PSF any information not relevant to the current clearance process before passing it to the delegate. For further information on obligation under the Privacy Act 1988 (Cth) or www.oaic.gov.au.
6.1 Meeting the principles of procedural fairness347. When the principles of procedural fairness are applied in a security clearance process, it
reduces the likelihood of requests for review or appeal and, where an appeal or request has been lodged, of the process being declared flawed and/or a new clearance process being ordered.
348. If the assessing officer intends to recommend against the approval of a clearance at the level sought or to recommend that the clearance be approved with specific clearance maintenance requirements, the clearance subject is to be given a chance to respond before the final recommendation is made.
349. Any information the assessing officer uses to make a decision should be substantiated, particularly when the information is from a referee who may be biased or have a conflict of interest.
350. Vetting agencies should provide the clearance subject with a written statement identifying any concerns. Vetting agencies should give the clearance subject a reasonable period (normally two weeks from the date of advice) to respond to the concerns before a final recommendation is made.
351. The clearance subject’s response is to be provided to the delegate so she/he may make an informed decision based on all the material available.
352. If a procedural fairness issue involving an outsourced vetting services provider arises, vetting agencies should consider whether the outsourced vetting service provider is able to manage the issue.
6.2 Procedural Fairness Guidelines6.2.1 What is procedural fairness?
353. Procedural fairness is concerned with the procedures used by a decision-maker, rather than the actual outcome reached. It requires a fair and proper procedure be used when making a
50
decision. A decision-maker who follows a fair procedure is more likely to reach a fair and correct decision.
354. The two primary rules of procedural fairness are:
‘the hearing rule’ – which requires that a person be given an opportunity to be heard and express their views to a decision maker; and
‘the bias rule’ which requires a decision maker to be impartial.
6.2.2 Is there a difference between natural justice and procedural fairness?
355. The term procedural fairness is thought to be preferable when referring to administrative decision-making because the term natural justice is associated with procedures used by courts of law. However, the terms have similar meaning and are commonly used interchangeably. For consistency, the term procedural fairness is used in these guidelines.
6.2.3 Procedural fairness and security clearance decisions356. Vetting agencies must apply the rules of procedural fairness to security clearance decisions
which are adverse to a clearance subject, including decisions to deny or revoke a security clearance.
357. As part of the security clearance decision making process, and in accordance with the ‘hearing rule’, where an adverse decision is proposed to be made, vetting agencies must tell the clearance subject the case to be met (to the fullest extent possible consistent with national security) and give them the chance to reply before the Delegate makes a decision. Specifically, vetting agencies must ensure that the clearance subject:
is provided with an opportunity to reply
is told the case to be met before preparing his/her reply, including being provided with a description of the proposed decision, the criteria for making that decision and the information on which any such decision would be based. Negative information an agency has about the clearance subject should be disclosed to him/her to the extent possible consistent with national security. It is sufficient that a summary of the information being considered be provided to the clearance subject, original documents and the identity of confidential sources do not have to be provided
is provided with a reasonable opportunity to consider their position and prepare a response, and
have his/her reply considered by the Delegate before the decision is made.
358. Further, the ‘bias rule’ requires that a delegate making a security clearance decision:
not have an interest (either direct or indirect) in the matter being decided, and
not bring, or appear to bring, a biased or prejudiced mind to making the decision.
51
A delegate must be, and appear to be, impartial. Vetting agencies must establish processes to ensure application of the ‘bias rule’.
6.2.4 How does procedural fairness apply to a clearance subject who may be negatively affected by a Delegate’s decision?
359. If a clearance subject will be negatively affected by a Delegate’s decision he/she is entitled to expect that the assessing officer and Delegate will follow the rules of procedural fairness before reaching a conclusion. In particular, a clearance subject is entitled to:
be told the case to be met (for example, that an agency is considering denying or ceasing a clearance, or imposing conditions on the clearance), including being provided with a description of the proposed decision, the criteria for making that decision and the information on which any such decision would be based. Any negative or prejudicial information relating to the clearance subject should be disclosed to him/her to the extent possible consistent with national security, and
an opportunity to reply to the case to be met. A clearance subject will be invited to provide a written reply or submission. In very exceptional circumstances, a delegate may determine that it is appropriate that a face to face meeting be facilitated.
360. In submitting a reply to the delegate, a clearance subject may, among other things, wish to:
deny the allegations
provide evidence she/he believes disproves the allegations
explain the allegations or present an innocent explanation, or
provide details of any special circumstances she/he believe should be taken into account.
6.2.5 How does procedural fairness apply to an assessing officer?
361. An assessing officer must take into account the requirements of procedural fairness during the clearance process including when undertaking a security clearance assessment, and preparing a recommendation for a Delegate.
362. In making a recommendation to a Delegate, an assessing officer should:
consider all submissions made by a clearance subject
take into account only relevant information
ensure that any recommendation made is based on evidence that is relevant and supports the recommendation
act fairly and impartially
conduct the clearance process without unnecessary delay, and
52
ensure that a full record of the clearance process has been made.
6.2.6 How does procedural fairness apply to the Delegate?363. In making a security clearance decision a Delegate must comply with the rules of procedural
fairness and ensure that:
a clearance subject has been provided with an opportunity to be heard, or provide a clearance subject with an opportunity to make submissions if this has not already occurred, and
he or she acts fairly and impartially. This includes ensuring that from an onlooker’s perspective there is no reasonable perception of bias on the part of the Delegate.
6.3 ASIO adverse or qualified security assessments
364. If ASIO provides an adverse or qualified security assessment, the assessing officer should inform the clearance subject of that security assessment, subject to any Attorney-General’s Certificate being issued.
365. The Attorney-General, may issue a certificate that states either:
the notice should be withheld from the person subject to the security assessment, as it is essential to the security of the nation, or
the disclosure of the grounds contained in the security assessment, if released to the person subject to the security assessment, would be prejudicial to the interest of security.
366. For further information see section 38 of the ASIO Act .
6.3.1 Attorney-General’s Certificate367. In accordance with the Attorney-General’s Certificate, ASIO will provide guidance to the
vetting agency on what information can be given to the clearance subject and the sponsoring agency about the adverse or qualified assessment.
6.4 Making a recommendation368. Vetting agencies are to resolve any doubts about the clearance subject’s suitability in the
national interest prior to making a recommendation.
369. The assessing officer should review the clearance subjects PSF before making a recommendation. The assessing officer should ensure that all issues have been identified and all possible areas of concern mitigated. If questions remain, supplementary checks should be undertaken.
370. The recommendation should be supported by a summary of relevant information, including:
53
any gaps in the checking period where supporting documents were not available, how the gaps were covered/mitigated and what supplementary checks were undertaken to fill or explain the gaps
any anomalies or issues identified, how those anomalies and issues were mitigated and what supplementary checks were undertaken in relation to the anomalies or issues
any issues or anomalies that could not be mitigated after supplementary checks
an adverse or qualified ASIO assessment, and
any recommended clearance maintenance requirements and the reasons for recommending those requirements.
371. It is not necessary to list all checks undertaken if these are normally part of the clearance process and no issues were identified.
372. An assessing officer should recommend that:
the clearance be granted at the level sought, with or without specific clearance maintenance requirements, or
the clearance be denied.
373. Where a security clearance is not recommended, the assessing officer should specify how long before a new clearance process can be considered or when a review can be undertaken, as well as the reasons this recommendation.
374. The vetting agency should advise the delegate of the review and appeal processes open to the clearance subject. The delegate should also be aware the clearance subject may appeal in the Administrative Appeals Tribunal against any assessment or any decision made as a result of the ASIO assessment.
375. The vetting agency should ensure the clearance subject has been:
advised of any adverse or qualified ASIO assessment, taking into account any restrictions imposed by an Attorney-General’s Certificate, and of the appeals process through the Administrative Appeals Tribunal, and/or
given a chance to respond to any other suitability concerns. Any response by the clearance subject should be included on the PSF.
6.4.1 Recommending a clearance with specific clearance maintenance requirements
376. Where there are ongoing concerns, but they are not sufficient to cancel the clearance, the vetting agency may, after consultation with the sponsoring agency recommend specific clearance maintenance requirements to mitigate these concerns.
377. All ongoing concerns are to be resolved in favour of the national interest.
378. Specific clearance maintenance may include, but is not limited to:
provision of missing documents that could not be provided within a reasonable period but are covered by a statutory declaration
undertaking additional checks where there have been minor incident(s) in the checking period and confirmation that the incident(s) were isolated events
54
additional financial checks where there is a concern that the clearance subject may be at risk because of financial hardship or where there has either been reluctant to service debt or difficulty servicing debts
additional medical checks where there is concern over possible drug or alcohol abuse
additional or ongoing medical or other professional checks where there is concern about physical or mental health issues that may affect the clearance subject’s suitability to access classified material, and/or
more regular revalidations than the Personnel Security Management Protocol requires for the level of clearance.
379. The vetting agency should include a timeframe for meeting any time critical clearance maintenance requirements.
380. The vetting agency should advise the sponsoring agency’s security adviser of any recommendation to limit the clearance subject’s access so that the sponsoring agency can take appropriate/necessary action to limit, withdraw or closely monitor the clearance subject’s access while the delegate is considering their decision.
6.4.2 Recommending against a clearance381. In recommending that a clearance not be granted, the assessing officer is to be confident
that the clearance subject poses a risk to the national interest and does not meet the minimum requirements for the requested clearance level.
382. In finalising the recommendation to the delegate, the assessing officer needs to clearly identify areas of specific concern and mitigations to the delegate. The delegate also needs to include any further information or comment provided by the clearance subject in accordance with procedural fairness. For further information see section 6.2 – procedural fairness guidelines.
6.5 Quality assurance383. A different assessing officer should review the completed clearance before the PSF is
forwarded to the delegate. This is to ensure that all issues have been identified and any mitigation taken into account.
384. A senior assessing officer should review all complex cases.
385. If the assessing officer reviewing the clearance determines the assessment underpinning the vetting recommendation or the process is incomplete the clearance should be returned to the original assessing officer to address the concerns before the clearance goes to the delegate.
55
7. Delegate’s decision386. The delegate is to apply procedural fairness in all decisions. Before making a decision on
granting a clearance, delegates are to refer to:
section 5 – personnel security adjudicative considerations , and
section 6.2– procedural fairness guidelines .
387. If the delegate is not satisfied that all issues raised in the clearance process have been addressed or if they do not agree with the assessing officer’s recommendation, they should return the clearance to the assessing officer for further action.
388. If the delegate is aware of relevant additional information that is not in the PSF, the delegate is to return the PSF to the assessing officer to re-evaluate the clearance subject’s suitability, taking into consideration the additional information.
389. A different delegate to the original delegate should review the revised assessment. For further information (see the Bias Rule in section 6.2– procedural fairness guidelines).
7.1 Approval conditional to specific clearance maintenance
390. Where the delegate believes there are unresolved concerns about the clearance subject’s suitability that can be mitigated by appropriate clearance maintenance requirements, they may grant a security clearance with those specific requirements. The clearance maintenance requirements may be in addition to any recommendation made by the assessing officer.
391. The delegate should return the PSF to the assessing officer to complete this additional action. The delegate should indicate their reasons for the additional clearance maintenance requirements.
392. Any variation by the delegate of the assessing officer’s recommendation is to be recorded on the PSF, including the delegate’s reasons. The PSF should also record what actions were taken by the delegate to provide procedural fairness.
7.2 Documenting the delegate’s decision and reasons
393. A clearance subject may request a review where a clearance has been denied, granted or where specific clearance maintenance requirements have been imposed. For this reason, it is imperative that the delegate fully and clearly document their decision and the reasons for making that decision. The vetting agency is to retain this decision on the PSF.
56
8. Advising the clearance subject and sponsoring agency of the clearance
8.1 Clearance subject notification requirements394. The vetting agency is to advise the clearance subject in writing as soon as possible of the
outcome of the clearance process. The letter of advice is to include:
the level of clearance the subject is being assessed against
the grant, grant-conditional, cancel or denial date
any eligibility (background or citizenship) waiver granted in the clearance process and any restrictions that is placed on the clearance subject’s access because of the waiver
any specific clearance maintenance requirements imposed as part of the clearance
the date for revalidation, and
details of the review and appeals processes open to the clearance subject (if the clearance has been denied, canceled, or granted -conditional).
8.1.1 Additional requirements when a clearance is cancelled or denied
395. Unless it is not in the national interest, the vetting agency should advise the clearance subject, in writing, of the reasons for the clearance being denied or cancelled.
396. Vetting agencies need to include information about the review and appeal processes open to the clearance subject in the letter of advice. Vetting agencies should give a reasonable period to lodge an appeal or request a review. The period will depend on the complexity of the issues and any operational constraints within the sponsoring agency.
397. Vetting agencies are to include advice on when the vetting agency would be prepared to consider a new clearance process.
8.2 Sponsoring agency notification requirements398. The vetting agency is to advise the sponsoring agency’s security section of the clearance
outcome.
399. Vetting agencies are to advise sponsoring agencies of any information provided as part of the vetting process including that which is related to any vulnerabilities or risk factors or ongoing clearance maintenance that may impact on a person’s suitability to access Australian Government resources or where risk mitigation measures are required.
400. Vetting agencies are to consult with sponsoring agencies before granting a security clearance that imposes additional clearance maintenance conditions.
401. If mitigation is not satisfied by agreement to additional clearance maintenance conditions by either the clearance subject or sponsoring agency, the vetting agency is to deny the clearance
57
8.2.1 Where a clearance is denied or cancelled402. The vetting agency should ensure that any reasons provided to a sponsoring agency for a
clearance not being granted, or being granted at lower level, is in accordance with the APP’s.
403. The vetting agency is to advise the sponsoring agency, when concerns about the clearance subject’s suitability are identified, so that access to security classified information or resources can be withdrawn or restricted pending the outcome of the clearance process. The vetting agency is to confirm with the sponsoring agency that access needs to be withdrawn or restricted.
404. Vetting agencies should advise sponsoring agencies not to terminate a clearance subject’s employment before any reviews or appeals are finalised. In accordance with its human resources policies, the sponsoring agency may redeploy or suspend the clearance subject during this period.
405. The vetting agency is to advise the sponsoring agency’s security section where the clearance subject has advised that they will appeal an ASIO assessment or seek a review of the clearance decision.
58
9. Review or appeal of a clearance decision
406. Any decision to deny, cancel or grant - conditional clearance at a level below that requested may have implications for the clearance subject’s suitability for employment. For this reason, such decisions are more likely to be subject to requests for review or appeal.
9.1 Reviewing clearance decisions407. The denial, grant or cancel of a security clearance, with or without specific clearance
maintenance requirements, is an administrative decision and is reviewable. The avenues for review vary depending on the applicable vetting agency, sponsoring agency and the status of the clearance subject.
408. For APS employees administrative review is available through the following processes:
Primary review by the relevant vetting agency — an employee can seek an initial review conducted by the vetting agency. The employee has 120 days from notification of the security decision to request a review under regulation 5.24(1) of the Public Service Regulations 1999.
Secondary review by the Merit Protection Commissioner — an employee can seek an independent review if they are dissatisfied with a decision arising from the vetting agency’s review or have been advised that the matter is not reviewable. An employee has 60 days from the time they are advised of the decision of the relevant vetting agency’s review to make an application for review by the Merit Protection Commissioner under regulation 5.29(1) of the Public Service Regulations 1999. An employee seeking review must lodge their application with the vetting agency. The agency has 14 days to forward the application to the Merit Protection Commissioner with all of the relevant paperwork from the primary review.
409. For the Australian Defence Force (ADF) – members may seek an internal review via the procedures outlined in Defence Complaints and Resolution Manual which is available to ADF members.
410. Non-APS employees may have access to internal review procedures set by the relevant vetting agency.
411. APS and non-APS employees may also lodge a complaint with the Commonwealth Ombudsman. ADF members can seek review by the Defence Force Ombudsman. An Ombudsman will generally only investigate a complaint if other review processes have been completed within the relevant agency. If an employee or ADF member is dissatisfied with the Ombudsman’s decision whether to investigate a complaint, they can seek an internal review of the decision within 3 months.
412. In relation to a decision to deny a security clearance, a vetting agency review can confirm the original decision, direct the application be reassessed, or substitute a new decision.
59
413. Secondary review by the Merit Protection Commissioner cannot reverse a decision made by the delegate, under regulation 5.28 of the Public Service Regulations 1999. Instead, the Commissioner must make a recommendation to the relevant vetting agency. The agency may confirm the action, vary it, or set the action aside and substitute a new action in response to the recommendation under regulation 5.32. The agency must advise the Merit Protection Commissioner of its decision. If the Merit Protection Commissioner is not satisfied with the vetting agency’s response, section 33(6) of the Public Service Act 1999 allows for the matter to be reported to the agency’s minister, the Prime Minister and the Parliament.
414. The clearance subject may also make a formal complaint to:
the Privacy Commissioner, if they feel that there was a breach of the Privacy Act 1988 in the way information was handled, or
the Human Rights Commissioner, if they feel that they have been unfairly discriminated against. Under section 20 of the Human Rights Commission Act 1986, the Commissioner will investigate a complaint or provide written notice explaining why the complaint will not be investigated. If the complaint refers to an action by an intelligence agency, the Commissioner will refer the complaint to the Inspector-General of Intelligence and Security
415. An employee may seek judicial review of a vetting decision in the Federal Court of Australia or High Court of Australia under section 39B of the Judiciary Act 1903 or section 75(v) of the Constitution.
60
10. Clearance maintenance416. The vetting agency is responsible for the periodic reassessment and review of the clearance
holder’s ongoing suitability to hold a security clearance.
417. Sponsoring agencies have responsibility for clearance maintenance including ongoing security awareness training and for advising vetting agencies of any concerns about the clearance subject, such as:
significant changes of personal circumstances
significant security concerns
patterns of behaviour that demonstrate a disregard for security, and
any security violations or breaches.
10.1 Specific clearance maintenance requirements
418. Where specific clearance maintenance requirements have been made, the vetting agency is to document key dates and outcomes. Vetting agencies are to advise clearance holders and the sponsoring agency of these requirements and key dates. The PSF should also include details of clearance maintenance requirements yet to be met.
419. The vetting agency is to record the date of completion of any specific requirements.
10.1.1 Specific clearance maintenance arrangements420. The vetting agency is to advise the clearance holder of any requirement to provide
information relating to the specific maintenance requirements of their clearance, including any reporting schedules and timeframes. The advice should include:
any documents to be completed by the clearance holder
a list of supporting documents to be provided by the clearance holder
date/time of an interview, if applicable, and
the process for handling a clearance holder that does not cooperate or participate in the clearance maintenance arrangements.
10.1.2 Outcomes of specific clearance maintenance421. Based on the checks undertaken as part of the clearance maintenance process, the
assessing officer should recommend to the delegate that:
the specific clearance maintenance requirements have been met and can now be finalised, or
clearance maintenance should be continued or repeated, or
the requirements have not been met and access should be reconsidered.
61
422. Vetting agencies should cancel the clearance where the clearance subject has not cooperated in meeting the specific clearance maintenance.
10.1.3 Advising the agency to withdraw access423. Where specific clearance maintenance requirements have not been met or where the
clearance holder has not participated or cooperated in the process, the vetting agency is to advise the sponsoring agency to withdraw the clearance holder’s access to security classified information and resources pending the completion of a review for cause of their suitability.
10.1.4 Advising the clearance holder of the outcome424. The vetting agency is to advise the clearance holder of the outcome of the clearance
maintenance process, including any continuing conditions.
425. The vetting agency is to advise the clearance holder where:
the clearance maintenance requirements were not met, or
there are ongoing conditions approved by the delegate that were not part of the original requirements when the clearance was granted.
426. The vetting agency is to advise the clearance holder of any avenues for review of new clearance maintenance requirements.
427. The vetting agency is to advise the clearance subject and sponsoring agency in writing of the decision to grant including any risk mitigations, deny, deem ineligible (citizenship or background) or cancel a security clearance and any conditions imposed.
10.2 Clearance revalidation428. The vetting agency should commence the revalidation process before the due date so that
the process can be completed by that date. See the Australian Government personnel security protocol for minimum timeframes and checks required for revalidations.
429. The vetting agency should contact the clearance holder’s agency before commencing a revalidation to confirm the security clearance requirements. If a higher level clearance is required, a new clearance process will be necessary.
430. Where the clearance holder has left an agency or, for a contractor, the vetting agency is not certain of the clearance holder’s current sponsor, the vetting agency should contact the clearance holder directly for details of their current employment.
431. If the clearance subject cannot be located or no longer works for a government agency as an employee or contractor, a clearance is no longer required and the clearance is to be cancelled as a revalidation will not be necessary.
432. When a sponsoring agency advises that the clearance required is now at a lower level than currently held, the vetting agency may extend the clearance to the period allowed in the Protocol for that lower level of clearance. The only exception to this would be where the
62
sponsoring agency has identified specific concerns about the clearance holder that warrant a review of suitability.
433. A revalidation is to cover the period since the initial clearance or last revalidation was completed, unless there are significant concerns that raise doubts about the previous assessment. The revalidation is to meet the relevant minimum standards listed in the Protocol.
434. The vetting agency is to investigate any significant changes of circumstance or any concerns raised by the:
supervisor
PRC
financial history
referees, and
for Negative and Positive Vetting, ASIO assessment where required.
10.3 Review for cause435. A vetting agency may initiate a review for cause where there is concern about the clearance
holder’s suitability to access Australian government resources. This concern may arise from:
advice from the clearance holder of a change of circumstance
concern raised by the clearance holder’s sponsoring agency
a security incident involving the clearance holder, or
other information or advice of concern received by the vetting agency about the clearance holder.
436. A review for cause is not an alternative to human resource/performance management within an agency and should only be used to consider suitability to access Australian Government resources.
437. Vetting agencies should consider if a review for cause satisfies the requirements of a revalidation to avoid unnecessary duplication of vetting where the review identifies no cause for concern.
438. If, in the course of conducting a review for cause, the assessing officer considers that the clearance holder should not continue to have access to security classified information or resources at their current level, the vetting agency is to advise the sponsoring agency to consider suspending or limiting the clearance holder’s access until the review has been completed.
10.4 Upgrades to clearances439. Where a sponsoring agency has requested a clearance upgrade, a new clearance process is
to be initiated.
63
440. Assessing officers are to consider information already collected as part of any previous vetting action to determine whether it is sufficient to meet the minimum controls for the new clearance level.
441. Upgrades of Baseline clearances to Negative Vetting clearances will need a personal particulars form that covers the 10 year checking period and a Full Exclusion PRC.
442. A new ASIO assessment is required for all security clearance upgrades.
64
11. Personal Security File management443. Vetting agencies are to create a Personal Security File (PSF) for each clearance applicant.
The PSF records the checks undertaken for each clearance applicant.
444. PSFs are to be either hard copy or electronic files. This is to ensure that all records will be on one file.
445. All information on a PSF is considered personal and is covered by the Privacy Act 1988 (Cth).
11.1 Classification of PSFs446. The PSF, including file notes, contains significant amounts of personal information that may
harm or disadvantage the clearance subject if used inappropriately as well as information that is identified as ‘sensitive information’ under Part 6 of the Privacy Act 1988 (Cth).
447. The PSF should have the Dissemination Limiting Marker ‘Sensitive: Personal’. Individual records may also contain security classified material and are to be classified at the appropriate level for the document. If individual documents are security classified, the overall classification of the PSF will be at the level of the highest classified document on the file. For further information see the Australian Government Security Classification System.
11.2 Transferring PSFs448. PSFs should be transferred to the relevant responsible vetting agency for permanent moves
or where the period is of a duration where there is an ongoing need to access classified information or for assurance purposes or where ongoing clearance maintenance is required by the hosting agency for secondments and temporary transfers see section 11.2.1 – permanent transfers.
449. The PSF should only be transferred if the vetting has been undertaken in accordance with the PSPF.
450. Informed consent is to be sought at the initiation of vetting undertaken by vetting agencies.
451. A vetting agency can only request the transfer of PSFs for clearance subjects with the consent of the clearance holder.
11.2.1 Permanent transfer452. When a clearance holder transfers permanently to another agency, the gaining vetting
agency is to request the PSF. A copy of the clearance holder’s consent should also be provided where:
an existing or previous clearance is identified on the security clearance request, or
another vetting agency has confirmed the existence of a current clearance.
65
453. Some agencies have legal restrictions on the transfer of PSFs. This includes, but is not limited to:
the Department of Defence, which cannot transfer PSFs of Regular or Reserve Australian Defence Force personnel, and
ASIO, which can only transfer PSFs to other AIC agencies. ASIO can only provide a statement of clearance to other vetting agencies.
454. Agencies should check the requirements contained in their enabling legislation prior to transferring a PSF.
455. The vetting agency transferring the PSF should do so as soon as reasonably practicable. In some instances it may not be possible to transfer PSFs immediately. This can include where the clearance holder is:
still employed by the losing agency
under investigation for a security breach or violation; the gaining agency should be advised and given an indication of when the investigation will be completed
being revalidated, with the review yet to be finalised; the gaining agency should be given the option of completing the revalidation as it may need to upgrade the clearance, or
undergoing a review for cause; the gaining agency should be advised and given an indication of when the review is likely to be completed.
456. Where a gaining agency requires an NV clearance and a PV clearance is held, the losing vetting agency should only provide proof of clearance and copies of personal documents.
457. A vetting agency should not request personal information already on transferred PSFs unless the vetting agency uses electronic clearance packs. If electronic packs are used, information may be regathered electronically to populate the electronic record once. This should occur at the next revalidation or review of the security clearance.
458. Vetting agencies should not request copies of supporting documentation if there is a copy already on the PSF or there is a record that the document (or copy) has been previously sighted. The exception would be where there are concerns about the authenticity of the document originally supplied.
11.2.2 Temporary transfers459. PSFs for employees on temporary transfer should not be transferred unless the gaining
agency requires a higher level of clearance or the clearance expires during the period of the temporary transfer. In these instances, the gaining agency is responsible for the upgrade of the clearance.
460. The vetting agency is to seek informed consent from the clearance subject to share personal information, including sharing of the PSF. For further information see Annex H– sample privacy notice and template security clearance informed consent form .
66
11.2.3 Contractors’ PSFs461. Where the contractor requires access to more than one agency, the vetting agency for the
sponsoring agency should hold the PSF.
462. Where requested by another interested party, the vetting agency holding the PSF is to confirm the level of clearance and any conditions. The vetting agency holding the PSF should also allow access to the PSF when requested by another vetting agency representing an interested party.
463. Where a contractor works with multiple agencies, vetting agencies should advise all interested parties of any changes of circumstances, to assist in ongoing clearance maintenance.
464. If the vetting agency has not received confirmation of a contractor’s clearance requirement one year after the expiry of a clearance, the vetting agency should contact the sponsoring agency to clarify whether the clearance is still required.
465. If the sponsoring agency cannot confirm the requirement, the vetting agency should contact the contractor to ask for a new contact in the sponsoring agency to confirm the requirement for a clearance.
11.2.4 Removal of police records checks (PRCs) and other third party information from PSFs on transfer
466. Prior to sharing a PSF that retains a PRC, the vetting agency needs to ensure that any previous convictions recorded, are not spent. For further information on the spent conviction scheme see Privacy Fact Sheet 41- Commonwealth spent convictions scheme .
467. If a PRC is not shared, the gaining vetting agency is to decide whether to request a new PRC on transfer of the PSF or at the next revalidation.
11.2.5 Addressing anomalies in PSFs468. The gaining vetting agency is to address any anomalies within the incoming employee’s PSF
at the time of transfer.
469. The gaining vetting agency is to decide whether the anomalies warrant a review for cause, which will usually require additional vetting. The vetting agency is to advise the sponsoring agency of any review for cause as it may impact on the agency’s decision to grant access.
470. Vetting agencies should identify any areas of incompleteness in the PSF that may impact on the clearance subject’s ongoing suitability to access Australian Government resources, and take necessary steps to mitigate the risk including notifying the sponsoring agency.
11.3 Access by clearance holders to their PSFs471. A clearance subject may seek access to their personal information under the Freedom of
Information Act 1982 (Cth) (FOI Act). Under the FOI Act, every person has a legally
67
enforceable right to access documents in the possession of the Australian Government unless a document is exempt under the legislation.
472. Vetting agencies should have administrative access procedures to permit clearance holders to access the personal information held on their PSFs. This does not mean that individuals have unrestricted access to their file. It may be appropriate to withhold the following information under an administrative access procedure:
certificates issued by the Attorney-General and information covered by such certificates in order to protect national security interests;
documents containing material obtained in confidence, such as third party referee reports;
documents affecting national security, defence or international relations;
documents affecting enforcement of law and protection of public safety;
information to which secrecy provisions apply;
documents subject to legal professional privilege;
documents relating to personal privacy.
473. Where information is withheld, the clearance holder should be advised of the decision (unless covered by an Attorney-General’s certificate).
474. The administrative access procedures should ensure that information is not removed or altered.
11.4 Disclosure of security risk to sponsoring agencies
475. Where vetting agencies become aware of information about a clearance subject which relates directly to a security risk the vetting agency is to disclose the information to the sponsoring agency concerned. Additionally, if the concerns relate to a suspected criminal offence or affects national security, the vetting agency is to advise the AFP or ASIO accordingly.
476. The sponsoring agencies and vetting agencies need to ensure all personal information is handled with sensitivity, on a strict need-to-know basis, and in accordance with the APP’s.
11.5 The Archives Act 1983477. Commonwealth vetting agencies need to manage PSFs in accordance with the Archives Act
1983 (Cth) (Archives Act). State and Territory vetting agencies should refer to their own archival requirements.
478. The Archives Act also requires that some data be kept by vetting agencies after the disposal of a PSF.
68
11.5.1 Disposal in accordance with the Archives Act479. This section refers to the Administrative Functions Disposal Authority 1764-1766
(Administrative Functions Disposal Authority Express classes 20306, 20313, 20307). The Administrative Functions Disposal Authority identifies minimum retention periods for Commonwealth records and authorises the destruction of Commonwealth records. Some agencies have specific records authorities that may conflict with the Administrative Functions Disposal Authority.
480. Agencies are encouraged to consult with their records management area when considering disposing of PSFs. A ‘ Notification of Records Destroyed ’ (NAS45 form) needs to be sent to the National Archives of Australia whenever PSFs are destroyed.
481. All PSFs need to be disposed of in accordance with the Privacy Act 1988 ( Cth) , Administrative Functions Disposal Authority and the Australian Government information security core policy.
482. Where an agency seeks to destroy a PSF, it should be done in a secure manner.
483. Vetting agencies should review all expired PSFs at least annually and dispose of them accordingly.
69
Annex A – Useful linksLegislation
Administrative Decisions (Judicial Review) Act 1977 http://www.comlaw.gov.au/Series/C2004A01697
Archives Act 1983 http://www.comlaw.gov.au/Series/C2004A02796
Australian Citizenship Act 2007http://www.comlaw.gov.au/Series/C2007A00020
Australian Citizenship (Transitionals and Consequentials) Act 2007http://www.comlaw.gov.au/Series/C2007A00021
Australian Security Intelligence Organisation Act 1979http://www.comlaw.gov.au/Series/C2004A02123
Migration Act 1958 http://www.comlaw.gov.au/Series/C1958A00062
Migration Amendment (Employer Sanctions) Act 2007 http://www.comlaw.gov.au/Details/C2007A00007
Privacy Act 1988http://www.comlaw.gov.au/Series/C2004A03712
Public Service Act 1999http://www.comlaw.gov.au/Series/C2004A00538
Statutory Declarations Act 1959http://www.comlaw.gov.au/Series/C1959A00052
Fair Work Act 2009http://www.comlaw.gov.au/Series/C2004A03679
APSC Publications
APS Valueshttp://www.apsc.gov.au/publications-and-media/current-publications/aps-values-resources
APS Code of Conducthttp://www.apsc.gov.au/publications-and-media/current-publications/aps-values-resources
Conditions of Engagementhttp://www.apsc.gov.au/working-in-the-aps/conditions-of-engagement
Citizenship in the Australian Public Servicehttp://www.apsc.gov.au/publications-and-media/archive/publications-archive/citizenship-in-the-australian-public-service
Termination of employmenthttp://www.apsc.gov.au/trash/termination
Other useful links
Office of the Australian Information Commissionerhttp://www.oaic.gov.au/
Office of the Australian Information Commissioner Advice on the Spent Convictions Scheme http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/law-enforcement/privacy-fact-sheet-41-commonwealth-spent-convictions-scheme
70
National Archives of Australiahttp://www.naa.gov.au Attorney-General’s Department Statutory Declaration advice http://www.ag.gov.au/statdec
DIBP advice on Visa Entitlement Verification Online (VEVO) for Organisations http://www.immi.gov.au/managing-australias-borders/compliance/info-employers/evo-orgs.htm
DIBP advice on Visas and Immigration http://www.immi.gov.au/employers
DIPB advice on movement records https://www.border.gov.au/Trav/Ente/Goin/monitoring-people-movement
DIPB advice on foreign police checks Character Requirements and Penal Clearance Certificates https://www.border.gov.au/Trav/Visa/Char
National Accreditation Authority for Translators and Interpretershttp://www.naati.com.au/
Veda Advantage credit history checks http://www.vedaadvantage.com/home/home_default.aspx
71
Annex B – Documents that can be used as evidence of Australian citizenship
Were you born in Australia? Birth Certificate & Certificate
of Australian Citizenship
Yes
No
Were you born after 20 August 1986?
Australian Birth Certificate No
Australian Birth Certificate
Yes
An Australian Passport issued on or after 1 Jan 2000
for a period of at least one year.
Plus one of the Following
Certificate of Australian Citizenship
Certificate of evidence of Australian Citizenship
Proof of one parent’s Australian citizenship at the
time of your birth
One parent’s Australian Birth Certificate, or Australian
Passport.
One parent’s Australian Citizenship Certificate, issued
before your birth
Proof of one parent’s Australian permanent
residence at the time of your birth
If you cannot otherwise confirm Australian Citizenship, contact the
Department of Immigration and Border Protection 13 881 or see
www.immi.gov.au
484.
72
Annex C – Alternate proof of identity documents
The following information may be used by clearance subjects if any information identified on the consent form is unavailable.
Other primary evidence
other international travel documents with the same characteristics as a passport.
Other secondary evidence
confirmation from a financial institution e.g. bank, building society, credit union or similar registered organisation that the signatory is a known customer of at least 12 months.
written references signed by an “acceptable” referee confirming the identity of the clearance subject.
a statement or form endorsed by community elders, elected members of Aboriginal or Torres Strait regional or land councils/commissions, or staff members of local land councils confirming the identity of the clearance subject as an Aboriginal or Torres Strait Islander. This document needs to include all names by which the clearance subject has been known.
Other documents
The name and address of the clearance subject verified by:
a document held by a cash dealer/other financial body giving security over the clearance subject’s property
a current employer within the last two years
a rating authority
the Credit Reference Association, and/or
land titles record office.Supporting documents
inclusion of the name, address and telephone number in the telephone book and confirmation call and/or
marriage certificate.Name of clearance subject verified from:
credit card (1 only)
council rates notice
telephone account
foreign driver’s licence and/or
Medicare card.
73
Name and address verified by:
notification from the Australian Electoral Commission confirming inclusion on the electoral roll
a statement from the manager of accommodation rented by the clearance subject
records from a public utility
records of another financial body used by the clearance subject
other records under law
records of educational organisation(s) attended by clearance subject in last 10 years, and/or
trade or professional association records.
74
Annex D – Documents, checks and inquiries required for security clearances
Documents
Document Purpose Comment and further action by assessing officerFull birth certificate
A prime means to identify clearance applicant that: provides citizenship details provides birth dates and birth places of
clearance subject, and can provide birth dates, birth places and
occupation of parents.
If full birth certificate not available, the following are acceptable:extract or notarised record of birthcertificate of adoptionstatutory declaration other documents such as religious records (especially for overseas births) in conjunction with the statutory declarationFormally check with relevant Registrar of Births Deaths and Marriages if there are concerns.
Deed poll A legal document that: advises a formal change of name, and states the previous name and the current
name.
Formally check with appropriate Registrar of Titles Office if there are concerns.
Citizenship certificate
Document confirms citizenship and the date and location of the grant of citizenship.
Formally check with the Department of Immigration and Citizenship if there are concerns.Certificate of evidence of Australian Citizenship
Marriage or divorce certificates
Marriage certificate provides details of spouse and witnesses, location of nuptials (helps to corroborate other information).Divorce certificate (decree nisi or decree absolute) to corroborate other information - required for each divorce.
Applicant does not need to provide other evidence of previous marriages if he/she provides divorce papers (decree nisi or decree absolute). Where a marriage certificate is not available (e.g. some countries do not issue them) a person who witnessed the marriage may sign a statutory declaration.Formally check with:the relevant Registrar of Births Deaths and Marriages if there are concerns about Marriage certificate, andthe Family Court of Australia or the relevant overseas issuing authority if there are concerns about the divorce papers.
75
Document Purpose Comment and further action by assessing officerTravel or residency documents
Examination of the passports may help identify citizenship of, residence in, or visits to foreign countries.
For concerns about authenticity of passports formally contact:DFAT Passports Fraud Section for Australian passports, orDIAC for concerns about fraudulent or incomplete contents for foreign passportsProvide copies of cover pages and any long term residency visas
Current driver’s licence
Helps corroborate the clearance subject’s identity, as well as evidence of current, and possibly previous, residential addresses.
Required for police check
Evidence of current residential address
Establishing the current and previous residential addresses will assist in further corroborating his or her identity.
Cross check information about the clearance subject against a number of sources such as telephone directories and electoral rolls.Proof of the clearance subject’s current and previous residential addresses is evidenced by any one, or a combination, of a number of items such as:
utilities and telephone bills rental agreements land titles, and personal documentation such as driver’s licences.
If personal documents provided for establishing identity are also sufficient evidence of the clearance subject’s current residential address, additional documents are not required.
Educational documentation
Courses taking during the required checking period can help when cross-referencing past and present addresses, periods of unemployment and overseas travel
For concerns about academic qualifications, formally contact the appropriate educational facility.
Evidence of previous employment
If previous employer checks are not possible, employment documentation will assist in corroborating employment history (e.g., pay slips, group certificates). Employment history may corroborate personal information, including, for example, qualifications and travel history.
Assessing officers must by law obliterate tax file numbers on the PSF copy.Assessing officer is to check with the clearance subject whether such inquiries could jeopardise current employment or, in the case of overseas inquiries, be detrimental to the wellbeing of the clearance subject or the clearance subject’s family. The AGSVA or authorised vetting agency is to evaluate the information provided by the clearance subject on this question and consider the balance between the interest of the clearance subject and the need for the agency to conduct meaningful inquiries.
76
Document Purpose Comment and further action by assessing officerDischarge certificate or military service record
Provides details about the clearance subject’s service in the armed forces – helps check identity and confirm employment.
Formally contact the appropriate military service if there are concerns about the document provided.
Recent photograph
To corroborate the validity of identity documents that contains photographic identification of the clearance subject, and to assist identify applicant to referees
77
Checks and inquiries
Check Purpose Other commentFinancial history checks and financial statement
Provides insight into the clearance subject’s financial history or current situation
Assessing officers are to make inquiries relating to a person financial history. Annex E provides a same financial history check questionnaire. Annex F provides a sample financial statement
Police records checks
Corroborates claims made by clearance subject concerning criminal history
Applicants to complete Consent to Obtain Personal Information or Police Record Check form.Obtain from the Criminal History Unit of the AFP or CRIMTRAC
ASIO security assessment
Assesses clearance applicant in relation to national security matters, as defined in Part IV of the ASIO Act
Workplace and personal referees
Corroborate information provided by the clearance subject.Comment on the honesty, trustworthiness, maturity, tolerance and loyalty of the clearance subject.
Clearance subject interviews
Clarifies any information provided by the clearance subject or obtained through inquiries.Resolves any doubts and anomalies that emerge as a result of inquiries.Examines areas of potential personal vulnerability.Helps evaluate the clearance subject’s character, values, loyalty and attitudes in so far as they are relevant to security.
AGSVA or authorised vetting agencies is to conduct interviews for:Negative Vetting Level 2 clearancesuncheckable backgroundsother levels of security clearance where the assessing officer has any concern or need to resolve any discrepancies or anomalies (known as supplementary interviews)reviews for cause
78
Annex E – Sample Financial History Check Questionnaire
79
Annex F – Example Financial Statement
80
81
82
Annex G – Example ‘Instrument of Approval’
83
Annex H – Template Privacy Notice and Security Clearance Informed Consent FormYour personal information is being collected to assess your ongoing suitability to hold and maintain a security clearance and to access Australian Government official resources. Australian Government official resources include people, information and assets.
Personal information, including sensitive information, may be collected from and disclosed to any entity or person listed in the Privacy Statement to assess your ongoing suitability to hold and maintain a security clearance.
Without your personal information your suitability to hold security a clearance cannot be assessed. The inability to obtain a security clearance may have an adverse effect on your employment, where it is a condition of engagement to hold and maintain a security clearance.
Where you are simultaneously engaged by more than one agency, each agency will have access to your personal information, including sensitive information. The security clearance assessment, involves a series of assessments and background checks to determine if you are a suitable person to access security classified information, and other Australian Government official resources.
It is your responsibility to provide accurate information and continue to update your personal information by advising [Vetting Agency Name] of any changes in circumstances [insert link to change of circumstances form].
The security clearance process is intrusive by its nature. However, your privacy and dignity will be respected. If you have any enquiries relating to the Privacy Act 1988 (Cth), or how your information will be collected, used or disclosed, please email [insert person’s and position] [[email protected]] or call (0X) XXXX XXXX.
[Vetting agency’s] privacy policy can be found at [insert website]
The privacy policy contains information on how:
to access and seek correction of your personal information held by [vetting agency name];
to make a complaint about a breach of the Australian Privacy Principles by the [Vetting Agency name]; and
the [Vetting Agency name] will deal with such a complaint.
84
Privacy Statement
The [Vetting Agency Name] recognises and respects your privacy and is committed to the Australian Privacy Principles set out in the Privacy Act 1988 (Cth). The collection and use of your personal information is required in accordance with the Australian Government’s Protective Security Policy Framework.
By signing the consent form contained in this security clearance pack, you consent to the collection, use and disclosure of your personal information as described below and for your Personnel Security File (PSF) to be transferred to [Vetting Agency Name] and to be shared with the current and any future sponsoring agency.
How your information will be collected
During the security clearance assessment process and while you continue to hold an Australian Government security clearance, we may collect personal information, including sensitive information, from:
your current and previous or future private and Government employers. If you do not consent to your current employer being contacted, please notify [Vetting Agency Name] with the reasons for the denial of consent;
your referees (both nominated by you and not nominated by you);
third parties relevant to assessing and monitoring your ongoing suitability to hold and maintain a security clearance. your Personnel Security File (if applicable) from the relevant Commonwealth, State or Territory Agency in relation to any existing or previous security clearances held by you;
other service providers, such as contracted vetting providers, and medical or psychological practitioners, used during the clearance process;
financial institutions and financial checking institutions
agencies to confirm residential addresses
the Department of Immigration and Border Protection and the Department of Foreign Affairs and Trade to check any naturalisation and/or citizenship documents and international movements;
medical professionals to clarify any medical conditions, with your consent; and
State and Territory Registries of Births, Deaths and Marriages.
you directly
the Government agency which has sponsored your clearance
Government agencies which have investigated any suspected breaches of law or Australian government policy
85
AFP and state and territory law enforcement agencies
ASIO, and
Educational institutions in relation to education documentation.Disclosure of your information
During the security clearance assessment process and while you continue to hold an Australian Government security clearance, we may disclose your personal information, including sensitive information with:
you directly
the Government agency that has sponsored this clearance and any previous Government agencies which have employed you or engaged you as a contractor, and any future sponsoring or interested vetting agencies;
the Australian Federal Police (AFP) [or S&T Police Name];
financial institutions and [Financial checking agencies]; and
the Australian Security Intelligence Organisation (ASIO).
your previous and current and or future private and/or Government employers; including any employers that you worked for as a contractor. If you do not consent to your current employer being contacted, please notify [Vetting Agency Name] with the reasons for the denial of consent;
your referees (both nominated by you and not nominated by you);
third parties relevant to assessing and monitoring your ongoing suitability to hold and maintain a security clearance
your Personnel Security File (if applicable) from the relevant Commonwealth, State or Territory Agency in relation to any existing or previous security clearances held by you
other service providers, such as contracted vetting providers, and medical or psychological practitioners, used during the clearance process
financial institutions and financial checking institutions
agencies to confirm residential addresses
the Department of Immigration and Border Protection and the Department of Foreign Affairs and Trade to check any naturalisation and/or citizenship documents and international movements;
medical professionals to clarify any medical conditions, with your consent; and
State and Territory Registries of Births, Deaths and Marriages
86
the Government agency which has sponsored your clearance
Government agencies which have investigated any suspected breaches of law or Australian government policy
AFP and state and territory law enforcement agencies
ASIO, and
Educational institutions in relation to education documentation.Limited amounts of your personal information may also be disclosed to overseas recipients if you are required to access foreign government resources. The information that may be disclosed includes your clearance status, your full name and date of birth, and your position.
The [Vetting Agency Name] will not use or disclose your personal information that is collected for the purpose of assessing your ongoing suitability to hold and maintain a security clearance, to any other person or organisation, other than those listed above, unless:-
it would be reasonably expected by you that such a disclosure would occur, in relation to your security clearance;
disclosure is required or authorised by or under Australian law or a court/tribunal order;
a permitted general situation exists in relation to the use or disclosure of the information, as defined in section 16A of the Privacy Act 1988 (Cth); or
the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Sample – Consent to collect, use and disclose personal information
87
I have received and read [the Privacy Statement and Notice. I understand that:
a). My personal information, including sensitive information, may be collected from and disclosed to the persons and entities listed in the privacy notice.
b). My personal information, including sensitive information, will be used to assess and monitor my ongoing suitability to hold and maintain a security clearance and to access Australian Government resources, while I continue to hold a security clearance.
c). It is my responsibility to notify the vetting agency of any change in circumstances, using the change of circumstances form.
I consent for my personal information, including sensitive information, to be collected from and disclosed to the persons and entities listed in the privacy notice and statement for the purpose of assessing and monitoring my ongoing suitability to hold and maintain a security clearance and to access Australian Government resources, while I continue to hold a security clearance.
88