Date
March 2022 — June 2023
The challenge
Commonwealth Scientific and Industrial Research Organisation (CSIRO) is Australia’s national science agency and innovation catalyst, solving the greatest challenges through innovative science and technology.
The organisation wanted to ensure it was managing security risk in line with Government standards, and setting a security culture that would protect the organisation’s people, research and assets.
Proximity was engaged to conduct an independent review and advise on how to integrate security functions across CSIRO, to ensure responsibilities and accountabilities for security functions and decision-making were clear and appropriate.
Approach
As a trusted sidekick, Proximity set to work first evaluating the existing security framework (policies, procedures, previous evaluation outcomes, and role/functional descriptions) against Commonwealth Government security requirements. We consulted deeply across CSIRO’s leadership group and with comparable organisations such as Australian Nuclear Science and Technology Organisation (ANSTO), Defence Science and Technology Group, and the university sector.
Desktop review and consultation findings were analysed qualitatively and quantitatively to identify areas for urgent remediation and opportunities for slower reform. Based on the Proximity team’s close engagement with the client, each of our observations and findings were framed to fit CSIRO’s unique context and mandate.
The recommendations delivered in our final report were accepted and Proximity subsequently led the implementation process, working alongside the CSIRO’s security team to uplift security capabilities. The scope of the implementation work was diverse: from shaping strategic changes (drafting executive-level communications and providing input to the new corporate plan) through to drafting new governance materials and policies, developing learning and development strategies, and providing a framework to reform CSIRO’s use and prioritisation of security data.
Value
delivered
The initial review was conducted intensively over three months and delivered a defensible, fit-for-purpose approach for revitalising the CSIRO security architecture. The subsequent reforms that Proximity worked with the CSIRO security team to design and introduce significantly reduce CSIRO’s security risks by strengthening the essential frameworks for good security in the short-term, and laying the groundwork for embedded security settings and continuous improvement over time.
