Delivering SSP and SRMP Documentation for a Classified Defence Project

Client

Defence Harman – Classified Program

Challenge

Defence Harman required robust and compliant System Security Plan (SSP) and Security Risk Management Plan (SRMP) documentation to underpin a classified capability project. These documents were critical for achieving accreditation, maintaining compliance with the Australian Government Information Security Manual (ISM), and ensuring that classified systems could be deployed securely and effectively.

The challenge lay in balancing strict security and compliance requirements with the need for project agility, ensuring that risks were identified, managed, and documented without slowing down capability delivery.

Azooa’s Approach

System Security Plan (SSP)

Azooa collaborated with Defence stakeholders to produce a comprehensive SSP, detailing:

• Security controls mapped to Defence and ISM standards.

• System authorisation boundaries, information flow diagrams, and architecture overlays.

• Data handling requirements across classified environments.

The SSP established a secure baseline for the project, providing assurance that the capability aligned with Defence’s stringent security expectations.

Security Risk Management Plan (SRMP)

Azooa developed an SRMP to embed risk governance throughout the project lifecycle. This included:

• Conducting structured threat and vulnerability assessments.

• Documenting residual risks, treatment strategies, and mitigation timelines.

• Establishing an ongoing monitoring and reporting framework.

The SRMP ensured transparency, accountability, and proactive management of risks in a highly sensitive environment.

Outcome

By delivering the SSP and SRMP, Azooa enabled Defence Harman to:

• Achieve security accreditation for the classified capability.

• Embed risk governance into project delivery, ensuring confidence at executive and assurance levels.

• Accelerate capability deployment by reducing compliance bottlenecks.

Why Azooa

Azooa brings a proven record of supporting Defence with security compliance, risk management, and classified capability delivery. Our expertise in aligning project documentation with Defence standards ensures that mission-critical projects are delivered securely, on time, and with confidence.