IT support for DISP member organisations in Canberra
Blue Arc provides managed IT support to Canberra Defence-industry businesses that are DISP members or working towards membership. We build and maintain the ICT controls the Defence Industry Security Program assesses, lift your corporate systems to Essential Eight Maturity Level 2, and keep them there. We have supported Australian businesses since 2004.
What DISP requires of your IT
The Defence Industry Security Program is run by Defence under the Defence Security Principles Framework. It has four domains, governance, personnel security, physical security, and ICT and cyber security, and four membership levels from Entry Level through to Level 3, matched to the sensitivity of the Defence information you handle. For the authoritative requirements, see the Defence DISP eligibility and suitability page.
The domain that lands on IT is cyber. Since 30 September 2024, DISP requires the full ASD Essential Eight at Maturity Level 2 as the minimum for every membership level, including Entry Level, across the ICT corporate systems you use to correspond with Defence. In practice that means multi-factor authentication, application control, patching within set timeframes, restricted admin privileges, and the rest of the Essential Eight, implemented and evidenced, not just documented. For the detail, see what Essential Eight Maturity Level 2 involves.
ASD has announced the Essential Eight will move to a new Essentials series over the next two years. Work you invest in ML2 now carries across, and it remains the current DISP requirement. See is the Essential Eight being retired?
You do not have to reach ML2 before you apply. You submit a Cyber Security Questionnaire with your application, Defence issues a Maturity Action Plan, and you are guided towards ML2 through the uplift programme. The closer your IT already is to ML2, the shorter that path.
How Blue Arc helps
We run a gap assessment against Essential Eight ML2, implement and maintain the eight controls across your environment, and produce the evidence you need for your annual DISP self-assessment. This is delivered through our managed service and our ML2 Uplift Programme, so the controls are not stood up once and left to drift.
Governance, personnel and physical security usually involve specialist security advisers. We work alongside them and own the ICT and cyber piece.
Why Canberra Defence businesses choose us
We have supported Australian businesses since 2004. Clients complete a short survey after every job: we currently sit at 96% for response speed, 94% for resolution speed and 97% for overall satisfaction. We answer the phone in about five seconds, and for Canberra clients we are onsite fast when it matters. We are experienced supporting DISP member organisations and familiar with the requirements.
How much does IT support cost for a DISP member business?
Frequently asked questions
Do we need DISP membership to work with Defence?
If your contract involves Defence information, or you handle classified material, weapons or base security, DISP membership is generally required before work starts. Many suppliers need at least Entry Level.
What Essential Eight maturity level does DISP require?
Maturity Level 2. Since 30 September 2024 DISP requires the full Essential Eight at ML2 as the minimum for every membership level, including Entry Level, across the ICT systems you use to correspond with Defence.
Can Blue Arc get us DISP-ready?
We build and maintain the ICT controls DISP assesses and lift your corporate systems to Essential Eight ML2. We support DISP member organisations and are familiar with the requirements. The governance, personnel and physical domains usually involve specialist security advisers alongside us.