Skip to content
A glowing digital shield symbolising Defence assurance stands at the centre, surrounded by four illuminated pillars. Each pillar features an icon representing a DISP domain: governance, physical security, personnel security, and information & cyber security. The image uses blue and teal tones with subtle circuitry patterns to convey trust, structure, and compliance.

Defence Industry Security Program (DISP)

The Defence Industry Security Program (DISP) is the Australian Government’s framework for ensuring organisations working with Defence can protect sensitive information, assets, and capability.

It sets the baseline security expectations for companies across the Defence supply chain — covering governance, personnel, physical security, and cyber security.

Whether you are bidding into Defence, supporting a prime, or already delivering capability, DISP provides assurance that your organisation can operate securely and responsibly.

Learn more about DISP on the official Defence website

Why DISP Matters

DISP is more than a compliance requirement. It is a signal of trust.

Membership demonstrates that your organisation can:

  • Protect Defence information and assets
  • Manage cleared personnel responsibly
  • Operate secure facilities and systems
  • Meet Defence security expectations
  • Participate confidently in Defence supply chains

For many organisations, DISP membership is a prerequisite for contract eligibility or a key differentiator in competitive bids.

Chrome padlock embossed with the Southern Cross constellation on a dark navy background, symbolising Australian sovereign security and Defence Industry assurance.

Who DISP Applies To

You may need DISP if your organisation:

  • Works directly with Defence
  • Supports a Defence prime contractor
  • Handles Defence information or assets
  • Requires security cleared personnel
  • Provides ICT or engineering services into Defence environments

Even where not mandatory, DISP demonstrates maturity and strengthens your credibility with Defence customers.

The Four DISP Security Domains

Defence assesses organisations across four core security areas:

Security Governance

Policies, leadership oversight, and risk management.

Personnel Security

Clearances, insider threat awareness, and personnel management.

Physical Security

Facilities, access controls, and asset protection.

Information and Cyber Security

Secure ICT environments aligned to Defence expectations.

DISP Membership Levels

Membership levels align to the sensitivity of work performed:

  • Entry Level — OFFICIAL information
  • Level 1 — PROTECTED
  • Level 2 — SECRET
  • Level 3 — TOP SECRET

Most SMEs begin at Entry Level or Level 1 depending on contract requirements.

How Calexi Supports DISP

Calexi provides practical, Defence-aligned support across the DISP lifecycle. From initial readiness through to ongoing compliance.

We understand how the Defence Industry Security Program works in real delivery environments and focus on pragmatic, evidence-driven outcomes.

Our support includes

  • DISP readiness assessments
  • Gap analysis across all four security domains
  • Uplift program design and delivery
  • Membership application support
  • Evidence pack development
  • ICT security architecture
  • Renewal and ongoing compliance support

We don’t just interpret the framework. We help you implement it in a way that works operationally.

When Should You Start Preparing?

Ideally before you need it. An uplift can take several months depending on maturity, particularly where ICT or governance improvements are required.

Starting early reduces risk and prevents delays in contract opportunities.

Frequently Asked Questions

DISP is a Defence program that ensures organisations working with Defence meet appropriate security standards across governance, personnel, physical security, and cyber security.

DISP is mandatory where contract requirements specify it or where organisations need to access certain Defence information or facilities. Many organisations pursue membership to improve competitiveness and demonstrate security maturity.

Most SMEs require Entry Level or Level 1 depending on whether they handle PROTECTED information or require cleared personnel.

Timelines vary depending on organisational maturity but typically range from a few months to longer where significant uplift is required.

ICT environments supporting DISP must demonstrate appropriate cyber security controls. Essential Eight Maturity Level 2 is mandatory for companies seeking DISP membership.

Yes. We support organisations through readiness assessments, uplift, documentation, and application preparation across all security domains.

Often yes. Many primes require their suppliers to hold DISP membership depending on the nature of work and information access.

Organisations must maintain compliance, manage changes, and demonstrate ongoing security maturity. Renewal and assurance activities are part of maintaining membership.

Proven Capability in the Field

We’ve helped multiple Defence SMEs achieve Membership and Essential Eight cyber security maturity uplift within tight budgets and timeframes. Our work has improved client security postures, reduced overlapping technologies, and established sustainable, evidence-based compliance processes.

  • cyber lights and padlock as well as a handshake of trust

    ASX Hybrid Cloud

    An ASX-listed critical infrastructure company faced major risks from an aging, non-compliant ICT environment. Calexi staff delivered a hybrid cloud transformation during COVID-19, enabling 100% remote work, achieving E8 compliance in under a month, and ensuring no staff layoffs while strengthening security and scalability.

    Learn More

  • A glowing digital shield with a central padlock symbol, surrounded by eight evenly spaced turquoise-blue nodes connected in a circular pattern. The background features a dark blue gradient with subtle circuit lines, symbolizing cyber security, Essential Eight compliance, and Defence-level protection.

    SME Essential Eight Compliance

    A Defence industry SME required Essential Eight compliance to execute a Defence contract. Calexi delivered a full uplift in just four weeks, achieving ML1 across all areas, ML3 in key controls, and DISP membership within 3 months — reducing risk from very high to low/medium.

    Learn More

  • A glowing digital shield symbolising Defence assurance stands at the centre, surrounded by four illuminated pillars. Each pillar features an icon representing a DISP domain: governance, physical security, personnel security, and information & cyber security. The image uses blue and teal tones with subtle circuitry patterns to convey trust, structure, and compliance.

    DISP – Defence Industry Security Program Uplift

    A Defence SME needed DISP compliance but faced limited resources and low security maturity. Calexi delivered a full uplift within 6 months, achieving Maturity Level 2, Defence approval, and cost savings all while improving security culture and posture.

    Learn More

Ready to start your DISP journey?

Understand your requirements, reduce risk, and build Defence-ready security foundations.

Contact Us
View Capability Statement