These Terms of Reference set out the objectives, composition, roles and responsibilities, reporting, administrative arrangements, and review process for the CSIRO Security Committee.
These Terms of Reference set out the objectives, composition, roles and responsibilities, reporting, administrative arrangements, and review process for the CSIRO Security Committee (the Committee).
The Committee is accountable through the Executive Team to the Chief Executive and the Board (as CSIRO’s accountable authority), for ensuring that CSIRO has implemented effective security strategies, programs and measures to protect CSIRO’s people, information and assets.
As a corporate Commonwealth entity CSIRO is not required to comply with the Commonwealth Protective Security Policy Framework (PSPF) or the Information Security Manual (ISM) however these provide best practice frameworks.
The CSIRO Security Committee is responsible for:
- ensuring that CSIRO has in place an effective Enterprise Security Program (ESP) to protect CSIRO’s people, information and assets
- monitoring and overseeing the implementation of CSIRO’s ESP and CSIRO’s Enterprise Security Risk Framework
- setting the direction and priority, and providing guidance for the development andimplementation of improvements to the security infrastructure and associated procedures and guidelines
- providing regular reports to the Chief Operating Officer (COO), theExecutive Team and the Board about progress against the ESP and on significant security incidents
- ensuring that an annual security assessment is undertaken as contemplated by the PSPF
- overseeing CSIRO’s response to major security incidents.
Committee membership comprises:
- Chief Operating Officer, (Chair)
- Executive Director, Digital, National Facilities and Collections
- Director, Data61
- Director, IM&T
- Director, Governance
- Director, Business & Infrastructure Services
- Director, Human Resources
- Business Unit Leader (rotated bi-annually) (initially the Director, CSIRO Services)
- General Counsel
The Committee will meet quarterly, with meetings scheduled to support the delivery of reports to the COO for presentation to the ET and/or the BARC as required. The Security Committee will maintain minutes of its meetings.
Attendance at meetings and quorums
A quorum will comprise the Chair and a majority of the Committee members (or their representatives).
The Administrative Officer, Governance will act as the Secretariat to the Committee.
The Chair will review the terms of reference and functional performance of the Committee every three years or earlier if required and present the results of the review to the Executive Team.