RED PIRANHA  ·  SOVEREIGN AUSTRALIAN DISP PROVIDER  ·  DISP-CERTIFIED MEMBER

Defence Industry
Security Program

DISP  End-to-end DISP enablement, delivered by an Australian DISP member.

Red Piranha is DISP certified, so we intimately understand the journey and the DISP ecosystem. We offer a comprehensive range of DISP solutions to get you secure and certified. Our sovereign capability provides supply chain assurance across the four key outcome areas.

Already supplying Defence, or working toward your first contract? Red Piranha is Australia's specialist DISP Membership attainment provider. Our team simplifies the full journey, from eligibility through to certification and ongoing membership, end-to-end.

As your trusted DISP partner, we can help with:

Governance
DIRECT DELIVERY
Personnel Security
GUIDED
Physical Security
GUIDED
Information Security
DIRECT DELIVERY
DISP MEMBER
All four outcome areas
ECISO™
Electronic CISO retainer, unique offering
CRYSTAL EYE
Australian-owned platform, MDR 24/7
100% AUSTRALIAN
Australian SOC, Australian jurisdiction
ONE PARTNER, ALL FOUR DOMAINS

All four DISP domains. One partner.

DISP assesses across Security Governance, Personnel Security, Physical Security, and ICT & Cyber Security. Red Piranha delivers direct service or structured guidance across every domain. No gaps in assessment.

RED PIRANHA  ·  COVERAGE STRIP  ·  ALL FOUR DOMAINS

DOMAIN 01  -  DIRECT

ICT & Cyber

Crystal Eye + TDIR Essential Eight ML2 107 control CSQ evidence 24/7 Australian SOC

DOMAIN 02  -  DIRECT

Governance

SRMP authorship Annual Security Report DSPF Principle 16 eCISO™ / vCISO retainers

DOMAIN 03  -  GUIDED

Personnel

AGSVA NV clearance pathway AS 4811:2022 screening SO / CSO delineation Insider threat policy

DOMAIN 04  -  GUIDED

Physical

Zone classification ASIO Standards alignment Facility certification Level-appropriate scoping

DIRECT DELIVERY

GUIDED SERVICE

Direct delivery where the assessment depth lies. Structured guidance where it matters most.

PROBLEM

Why DISP is harder than it looks.

DISP is a security maturity assessment, not a checklist. Three gates routinely block applications, and all three sit in Governance and Information & Cyber where Defence tests operating controls, not policy alone.

DISP APPLICATION GAUNTLET  ·  WHERE PROGRESS STALLS

START DISP MEMBER GATE 01 E8 ML2 gaps Mandatory baseline since 15 Nov 2025 Organisation-wide implementation Phishing-resistant MFA Application control GATE 02 SRMP weakness Foundation governance document Templates fail at assessment Must reflect operating controls GATE 03 Evidence without operations Defence tests operating controls 107 control CSQ needs real data Continuous detection required Acting on alarms, not just raising them
REQUIREMENTS

What DISP actually requires.

Four security outcome areas combine to form DISP membership. Governance and Information & Cyber carry the assessment depth, and they are where Red Piranha provides direct delivery.

DISP COMPLIANCE ARCHITECTURE  ·  FOUR OUTCOME AREAS

DIRECT DELIVERY

Governance

SRMP authorship
Incident Response Plan
Security training program
CSO / SO role definition
Annual Security Reporting
DSPF Principle 16
DIRECT DELIVERY

Info & Cyber

Essential Eight ML2 baseline
107 control CSQ
Continuous logging
24/7 monitoring
Incident detection
Maturity Action Plan
GUIDED

Personnel

AS 4811:2022 screening
AGSVA clearance pathway
Insider threat policy
Designated Security
Assessed Positions
GUIDED

Physical

Zone classification
ASIO T4 alignment
Facility certification
Access controls
Visitor management
DISP MEMBERSHIP

Pick the right level before you apply.

DISP membership is tiered to the classification of Defence work being pursued. Applying for a higher level than your contracted work requires is one of the most common rejection patterns. Each tier inherits and adds to the requirements of the one below.

DISP MEMBERSHIP LEVELS  ·  PROGRESSIVE REQUIREMENTS

SECURITY MATURITY · INHERITED & CUMULATIVE LEVEL · ENTRY OFFICIAL OFFICIAL:SENSITIVE + Governance baseline + Essential Eight ML2 + SRMP & IRP LEVEL 01 PROTECTED + adds to Entry + AGSVA Baseline clearances + PROTECTED-zoned environment + Higher assurance controls CSO & SO must be cleared Physical scope expanded LEVEL 02 SECRET + adds to Level 1 + AGSVA NV1 clearances + SECRET-zoned environment + Stronger assurance controls + ASIO T4 alignment Tighter access management Higher logging discipline LEVEL 03 TOP SECRET + adds to Level 2 + AGSVA NV2 + TS infrastructure + Full-spectrum security + TS-zoned facilities + Highest assurance Specialist sustainment required throughout

Apply at the level your contracted work requires, not the highest you might one day need.

APPROACH

Red Piranha approach.

Most DISP providers either document or detect. Red Piranha runs the full cycle. We deploy operational defence and we sustain it, beyond paperwork, under one Australian-owned engagement.

01ASSESSEligibility checkGap analysiseCISO™ scopedOUTPUTDISP gap snapshot 02IMPLEMENTAuthor SRMP, IRPDeploy Crystal EyeOperationalise E8 ML2OUTPUT107 control evidence pack 03SECURECrystal Eye TDIR24/7 Australian SOCMITRE ATT&CK alignedOUTPUTContinuous detection 04SUSTAINAnnual Security ReportOSA / DDA readinesseCISO™ retainerOUTPUTOngoing membership CONTINUOUS · ANNUAL CYCLE
CAPABILITY

How Red Piranha delivers across the four outcome areas.

Governance and Information & Cyber are direct delivery; we build, deploy, and run them. Personnel and Physical are guided; we tell you what good looks like.

DIRECT DELIVERY

Governance

SRMP authorship and review
Incident Response Plan
CSO / SO role definition
eCISO™ retainer
DIRECT DELIVERY

Information and Cyber

Essential Eight ML2 (organisation-wide)
107 control CSQ evidence
Crystal Eye platform
MDR · 24/7 Australian SOC
GUIDED

Personnel Security

AGSVA clearance pathway
AS 4811:2022 screening
Insider threat policy
GUIDED

Physical Security

Zone classification mapping
ASIO T4 standards alignment
Facility certification readiness

Governance

DIRECT DELIVERY

SRMP authorship. Incident Response Plan. Security training program. CSO and SO role definition. Annual Security Report preparation and submission.

Ongoing governance retainer available through eCISO™ (remote) or vCISO (on-site). One of several Red Piranha advisory offerings.

Personnel Security

GUIDED SERVICE

AGSVA NV clearance pathway, AS 4811:2022 workforce screening, insider threat policy.

Information & Cyber

DIRECT DELIVERY

Crystal Eye platform deploys Essential Eight ML2 organisation-wide. Modules: NDR, EDR, Managed Firewall, Vulnerability Scanning, DAS, Crystal Eye SOC.

MDR (Managed Detection and Response) runs 24/7 from the Australian SOC. Produces 107 control CSQ evidence on demand. Detection content mapped to MITRE ATT&CK.

Physical Security

GUIDED SERVICE

Zone classification mapping, ASIO T4 standards alignment, facility certification readiness.

WHY RED PIRANHA

Credentials that matter to Defence assessors.

DISP is a high-trust engagement. The applicant is staking contract eligibility on the vendor's evidence trail. These are the proofs that count.

GET STARTED

Where are you in the DISP cycle?

Three entry points, depending on where you are today. Each starts with a 30 minute conversation with the DISP advisory team.

STARTING OUT

Get your DISP Readiness Score.

Gap snapshot. Maturity Action Plan starter. eCISO™ engagement scoping.
MID-APPLICATION

Book a CSQ Evidence Review.

Walk through your 107 control submission. Identify gaps before lodgement.
ALREADY A MEMBER

Book an OSA / DDA Readiness Check.

ASR preparation. OSA gap closure. DDA evidence pack.
GRANT ASSISTANCE

One Defence grant program. Four funded streams.

The Defence Industry Development Grants (DIDG) program funds Australian SMEs building sovereign capability for the Defence sector. Up to $1 million per project at 50% cost-share, across four streams: Exports, Security, Skilling, and Sovereign Industrial Priorities. Red Piranha assists with applications and delivers what the grant funds.

RED PIRANHA   ·  DEFENCE INDUSTRY DEVELOPMENT GRANTS

FUNDED BY THE AUSTRALIAN GOVERNMENT DIDG Defence Industry Development Grants Program $5K to $1M 50% cost-share per project eligible defence-sector SMEs STREAM 01 Exports FUNDS Acquisition and commissioning of new capabilities for defence domestic or exports projects RED PIRANHA Eligible delivery partner STREAM 02 Security FUNDS Implementation and maintenance of security posture required for defence-sector suppliers RED PIRANHA Application support and delivery STREAM 03 Skilling FUNDS Technical and trade skill development for the defence workforce RED PIRANHA Eligible training provider STREAM 04 Sovereign IP Sovereign Industrial Priorities FUNDS Achievement of international accreditations and certifications aligned to SDIP priorities RED PIRANHA Application and delivery support
DIFFERENTIATION

What end-to-end DISP actually looks like.

Most DISP providers do half the work. Consultancies cover the early stages. MSSPs cover the middle. Red Piranha covers all four, under one Australian-owned engagement.

DISP LIFECYCLE JOURNEY   ·  WHO TRAVELS HOW FAR

PATH Covered Not covered Red Piranha Pre-app Eligibility & gap Build SRMP & deploy Live Ops 24/7 detection Reporting ASR · OSA · DDA Continuous TDIR underneath Document-only Consultancy-only providers ✕ HANDOFF SRMP authored Documents Submission only Hands off No follow-up 3 / 5 Detect-only MSSP / tooling-only providers No governance No DISP build Generic SOC No ASR/OSA FOCI risk 1 / 5 END-TO-END · NO HANDOFFS Red Piranha End-to-end DISP enablement eCISO™ scoping Crystal Eye + SRMP TDIR · 24/7 SOC ASR · OSA · DDA Australian SOC 5 / 5 stages covered
FAQ

Frequently asked questions.

Start your DISP journey with Red Piranha.

Whether scoping eligibility for the first time, mid-application, or already a member preparing for the next ASR, the conversation starts the same way. Thirty minutes. No obligation. A specialist who has lived the DISP cycle from inside.