The Australian Government Security Vetting Agency is considering a range of advice from the constellation of companies that do its leg-work as it devises a plan to speed up its security clearance services.
Simpler procurement arrangements are the name of the game and suppliers among the 23 who currently have contracts with AGSVA have proposed better ways to structure contracts, improvements to the way the agency allocates and pays for jobs, as well as alternatives for training and certification of outsourced vetting services.
It’s not just an issue for the feds, either; AGSVA processes security clearances to most state and territory government agencies as well.
Following the release of a discussion paper on AusTender earlier this year, the Department of Defence assistant secretary responsible for vetting has thanked respondents, who collectively provided 29 pieces of advice on how the agency could push the pace.
“AGSVA is currently analysing the formal responses and working with Defence procurement and contracting specialists to develop a strategy for market engagement,” writes Dan Fortune, who hopes to go back to the market with opportunities to get into the new system by the end of 2018.
“As part of this planning, AGSVA will continue to consult with stakeholders, including the other Commonwealth agency representatives through the AGSVA Governance Board, and other authorised vetting agencies, as we develop the procurement strategy.”
The AGSVA has improved its timeliness slightly in recent years for most clearance levels, according to a recent audit, but its average timeframe for completing high-level Positive Vetting had increased significantly since the audit office last poked around its business in mid-2015.
The recent audit report also implied the pressure on the agency to avoid holding up recruitment of important personnel could have affected the integrity of the system. It found nearly all applications were being approved without special conditions, and workarounds like waivers were being used by agencies without the relevant controls mandated by the Protective Security Policy Framework.
According to the discussion paper, AGSVA decided “more innovative approaches” were required to improve capability and capacity, and it wanted to work on a new system with its contractors.
Defence calls the project Vetting Transformation, and its aim is to improve in both areas — efficiency and security assurance. The discussion paper says this will require AGSVA to forge “a more collaborative and workable partnership with its service providers” and carry out “fundamental reforms to … business processes” along with IT upgrades starting in 2021, and expected to run until 2023.
Setting ambitious benchmarks
In future, the agency wants to set ambitious benchmarks, like 10 business days for the return of baseline clearance reports, 40 for Negative Vetting 1, 50 working days for NV2 and 80 for Positive Vetting.
AGSVA believes its current system, which involves the service providers bidding for a number of clearance jobs every week, is one cause of the delays because the bids don’t always line up with the agency’s needs, and the contractors don’t have to accept all the work they are allocated.
Some contractors only work in certain parts of the country, and there is little to link their performance with how many jobs they are allocated in future.
Other issues from AGSVA’s perspective include a lack of formal training for the people assessing applications for PV clearances, “arduous” administration around travel reimbursements and inefficient processes such as invoicing for each individual job separately.
The discussion paper also lists common problems for service providers in the current system, and explains the agency wants to work towards a mutually beneficial future state, leading to “flexible, agile, responsive and assured delivery of security vetting services assisting AGSVA to meet its whole of government requirements including timeframes” as well as growth and capability uplift among the firms doing most of the work.
Meanwhile, a wider set of reforms to the PSPF that were slated to come into effect on July 1 have been delayed until October 1, and the transition period for certain elements of that — such as new document classification rules — has been extended to October 2020.
“The reforms will introduce a new principles-based policy architecture, separating mandatory requirements and guidance material,” The Attorney-General’s Department protective security website explains.
“This is intended to better support the achievement of risk-based security outcomes. The new policy framework will not fundamentally change entities’ responsibilities to protect their people, information and assets.”
The commencement of the new PSPF has been pushed back to give agencies “more time to consider the implications of the reforms for their security risk environment, and assess any necessary changes to current entity practice and procedure” according to the AGD statement.
The department will provide some communication and training materials to help agencies guide their staff and is planning information sessions for federal security personnel in September and October this year.