Recommendation 1

2.5

The Committee recommends that the Department of Foreign Affairs and Trade make available to the Committee:

an extract of the findings and recommendations from the internal audit of the Departmental Security Framework (to be undertaken in 2018), and an outline of how DFAT intends to address these

a summary of how the Framework addresses the key issues identified in this report, giving particular emphasis to the matters raised in paragraph 2.3

Recommendation 2

2.7

The Committee recommends that the Department of Foreign Affairs and Trade report back to the Committee on its progress in implementing recommendations from:

the Review of Diplomatic Security (May 2015)

Auditor-General’s Report No.5 (2017–18), complete with timeframes, planned deliverables and outcomes observed to date

Recommendation 3

2.14

The Committee recommends that the Department of Foreign Affairs and Trade assess whether current independent assurance arrangements provide sufficient and ongoing oversight of its overseas security management, and take timely action accordingly.

Recommendation 4

2.16

The Committee recommends that the Department of Foreign Affairs and Trade review its security policies and procedures, and implement revised arrangements to ensure consequences for non-compliance are adequate to embed a strong security compliance culture.

Recommendation 5

2.18

The Committee recommends that the Department of Foreign Affairs and Trade report back to the Committee on the status of its cyber resilience and compliance with the ‘Essential Eight’ as at July 2018.

Recommendation 6

3.4

The Committee recommends that the Department of Foreign Affairs and Trade provide the Committee with a detailed outline of:

how recent improvements to DFAT’s systems are providing assurance that staff have received the required security training for their posting

any further improvements to these systems that DFAT is planning to implement, including timeframes

Recommendation 7

3.7

The Committee recommends that the Department of Foreign Affairs and Trade:

review the level of support it provides to Canberra-based and out-posted staff regarding post security, with particular attention to the effectiveness of the security training program

report back to the Committee on the methodology and results of this review

implement improvements to strengthen the security training program as necessary

Recommendation 8

3.10

The Committee recommends that the Department of Foreign Affairs and Trade:

mandate the completion of cyber security training for locally engaged staff

make available to the Committee a summary of key initiatives under the department’s security communications program, and outline for the Committee how this program contributes to staff education on cyber security

List of Recommendations