Protective Security
We work with clients across government and private enterprise where organisational resilience is critical to operations. We focus on governance, policy, and assurance, and develop systems, processes and tools that manage information risks in alignment with organisational objectives, regulatory obligations, and protective security requirements.
Our team has deep experience designing and managing security programs across government, defence, justice, and critical infrastructure sectors, where the risk of technical compromise is high. By combining technical compliance expertise with practical, operational understanding, our solutions are resilient, scalable, and responsive to evolving threat environments.
Personnel Security
Personnel security frameworks embed security into the employee lifecycle, from recruitment and onboarding to ongoing access and transition, so people remain a source of strength, not vulnerability. We apply national protective security standards such as AS4811: 2022 Workforce Screening in a day-to-day practical manner.
Our insider threat programs detect, deter, and respond to behavioural and systemic risks before they cause harm. We assist in integrating security culture, human resources, and information assurance into cohesive insider risk strategies. This includes the design of governance models, reporting channels, awareness programs, and protective monitoring processes that balance privacy, wellbeing, and organisational trust.
We help foster environments where people are engaged, informed, and accountable. By combining behavioural insight, governance, and practical measures, we create programs that build confidence, reduce risk, and strengthen the human aspect of every protective security system.
Security Culture and Awareness
Strong, positive security culture and security awareness programs move beyond traditional compliance training to create environments where people genuinely understand their role in protecting information, assets, and each other. Our programs drive engagement, accountability, and everyday vigilance, by building an awareness of the type and nature of the threats that people face. We develop comprehensive awareness strategies that align with organisational values, protective security principles, and behavioural science to drive meaningful, lasting cultural change.
We design, facilitate, and analyse security awareness frameworks, workshops, and communication campaigns that combine evidence-based behavioural insights, creative engagement methods and leadership involvement to achieve enduring buy in. Through maturity assessments, staff engagement analysis, and cultural diagnostics, we help clients understand their current security mindset and identify practical pathways for uplift.
We partner with clients to embed protective security as part of daily business practice, visible in conversations, decisions, and leadership behaviours. We help cultivate teams that are alert, trusted, and proud of their role in safeguarding people, operations, and reputation.
Physical Security
Physical security frameworks protect people, assets, and operations against a spectrum of threats, from crime and espionage to terrorism and sabotage. We integrate strategy, architecture, and technology to create environments that are secure and functional. Our focus is developing governance, standards, and assurance programs that align with national standards and better practice guidance, including the latest ASIO advice, HB 188:2024 Base-building physical security handbook, ensuring compliance while balancing usability and design intent.
Our layered protection strategies that combine attack resistance standards, access control, surveillance, and protective barriers into a single, cohesive system. Our capability extends to the specification of safes, vaults, and strongrooms, as well as secure storage and handling requirements for classified and high-value assets. We also develop performance-based design guides, security risk frameworks, and assurance tools that help organisations measure and continually improve their protective posture across portfolios and facilities.
Information Security
Information security frameworks protect the confidentiality, integrity, and availability of critical information assets. Our information security solutions are practical, scalable, and embedded across the enterprise, supporting decision-making and operational confidence.
We develop information security policies, classification and handling systems, and assurance programs aligned with national and state information security policy frameworks. By supporting the design of accreditation frameworks, security risk registers, and control assurance processes, we ensure leadership has clear visibility of information risks and control effectiveness.
We create secure, compliant, and adaptable information environments. Whether uplifting existing frameworks or establishing new governance systems, we enable organisations to manage their information with confidence, integrity, and assurance.
Technology Security
Technology security frameworks protect against the compromise or exploitation of electronic systems, devices, and communications. We adopt the Australian Government Protective Security Policy Framework to apply protective measures that are proportionate to the level of sensitivity, operational risk, and environmental context. We create governance structures, technical standards, and assurance programs that enable organisations to confidently manage technology-related vulnerabilities across their facilities and operations.
We establish and maintain personal electronic device free zones, as well as implementing detection, screening, and management programs to control unauthorised devices in secure environments. This supports the integration of technical surveillance countermeasures, secure communications planning, and the protection of information processing zones in accordance with the Protective Security Policy Framework, ASIO Technical Guidelines, and relevant international standards.
We develop structured programs for inspection, maintenance, and continuous assurance for ongoing compliance and readiness for accreditation or certification. By combining policy experience, technical acumen, and operational insight, we enable organisations to protect their critical systems, support information integrity and operate securely in an increasingly connected world.
Counter-Intelligence
For government, defence, law enforcement and critical infrastructure organisations, counter-intelligence capability is essential to maintain operational integrity and national trust. The programs we design and implement help to protect against espionage, insider compromise, and foreign interference. We also build frameworks that identify, assess, and respond to subversive threats in a lawful, coordinated, and proportionate manner.
Our insider threat and intelligence risk management frameworks, integrate identity management, behavioural analysis, technical security, and information assurance into a cohesive counter-intelligence posture. We provide structured approaches for threat reporting, liaison with national security agencies, and protective monitoring of high-risk programs, personnel, and environments.
Cultural awareness programs embed accountability, ensuring staff understand their role in identifying and reporting suspicious approaches, behaviours, or anomalies.
Information Assurance
Information assurance frameworks build trust and confidence in the integrity, availability, and reliability of information and systems. Our approach focuses on keeping information protected, accurate, and accessible throughout its lifecycle.
We design and maintain robust information assurance programs and support the development of policies, accreditation frameworks, and control assurance tools that provide leadership with visibility of the effectiveness of information protection measures. This includes system classification, information handling and storage requirements, accreditation pathways, and risk-based assurance planning.
Our sustainable programs include periodic review, audit, and improvement cycles. By embedding assurance principles into governance and operational processes, we enable organisations to maintain confidence in their information environments and demonstrate compliance with regulatory and protective security expectations. Our goal is to enable leaders to make informed decisions, backed by trustworthy, protected information.
Security Operations
Security operations programs should deliver proactive monitoring, coordination, and response across the protective security environment. We build governance, processes, and capability frameworks that enable consistent, intelligence-led decision-making at strategic and operational levels. Our operating models align with organisational risk profiles and integrate people, technology, and procedures into a cohesive, responsive system.
Real-time visibility of risks and events is essential to secure operations. We develop security operations centres, control room governance, and incident management systems to achieve operational objectives. We also define policy and operating frameworks for guard services, clear post orders and site instructions, escalation and communications pathways, evidence handling, and seamless integration of patrol/static duties with control room operations.
Enduring capability is achieved through training and competency frameworks, practical exercises, and fit-for-purpose rostering and workforce management that ensure coverage, compliance, and readiness. Whether uplifting existing operations or creating new command-and-control frameworks, we enable organisations to anticipate threats, respond decisively, and provide leadership with transparent, auditable results.
Supply Chain Security
We focus on security governance, policy, and assurance across the full supplier lifecycle, including onboarding and due diligence, contract controls, in-contract monitoring, and orderly offboarding. Programs can then be aligned with organisational risk appetite and relevant guidance (e.g., national protective security policies and critical infrastructure obligations).
Our practical frameworks for supplier due diligence and tiering, conflict-of-interest and foreign-interference checks, information handling and facility security requirements, and secure-by-design procurement provide assurance across dynamic operations. We develop contractual controls (SLAs, KPIs, right-to-audit, data and asset handling clauses) and provide processes and training to apply them consistently.
Our continuous monitoring and verification regimes, supplier performance reporting, and issue/incident escalation pathways integrate with enterprise risk and security operations. Whether you manage a complex global supply network or small critical vendor set, we can create a scalable, auditable supply chain security program that protects people, information, and assets, while enabling delivery and compliance.
Process Security
Process security frameworks are essential for activities that involve controlled or regulated items, including pharmaceuticals, weapons and ammunition, cash and valuables, evidence and exhibits, and other high-risk materials. We build clear governance, role accountability, and end-to-end process controls so critical items are requested, issued, used, transferred, stored, and disposed in a way that is consistent, auditable, and legally defensible.
We translate risk and regulatory obligations into practical controls: chain-of-custody procedures, segregation of duties, dual-control issuance, reconciliation and inventory verification, exception handling, and escalation pathways. We design tamper-evident measures and packaging standards, custody logs (digital or paper), transport and transfer protocols, and secure storage rules that integrate with physical and personnel security.
We establish performance and compliance monitoring, periodic stocktakes and spot checks, trend analysis for shrinkage/divergence, and lifecycle reviews to keep controls effective as operations change. The result is a auditable process security system that protects people and reputation while meeting regulatory and enterprise obligations.
Critical Infrastructure Protection
SCG assists public and private sector clients to develop frameworks for the protection of critical infrastructure and essential services from disruption, and to meet regulatory compliance obligations under the Security of Critical Infrastructure Act 2018 and Australia-New Zealand Counter-Terrorism Committee national guidelines.
We provide threat and vulnerability assessments, risk management frameworks, and design and implementation of security solutions tailored to the infrastructure-specific needs for critical sites. Our experience spans energy, transport, water, communications and government sectors—ensuring secure, resilient and regulation-compliant outcomes.
Crowded Places Protection
We help owners and operators of crowded places, our city streets, precincts, venues, transport interchanges, campuses, and public-realm developments, build proportionate, practical, design-led counter-terrorism programs that protect people without undermining the experience of place.
We translate threat and vulnerability into clear protective design requirements, integrating planning and architecture so protection is built in. Our frameworks align with national crowded-places and protective security guidance, ensuring measures are risk-led, defensible, and auditable.
From concept to detail, we design layered protection that deters, detects, and delays hostile acts while keeping places usable: geometry-led speed management and stand-off; legible pedestrian/vehicle flows and observable high-dwell areas; architectural elements that double as protection; sightlines, lighting and camera-ready coverage; and where justified screening points for people, bags and vehicles.
