Case Study: SIAM and ITSM Maturity  Improving Governance and Service Performance

Client: Defence Industry Security Program (DISP)

Project: SIAM & ITSM Governance for DISP

The Defence Industry Security Program (DISP) provides assurance that organisations working with the Australian Department of Defence meet required standards in governance, personnel, physical, and cyber security. It helps manage security risks across the defence supply chain, particularly where access to classified information or sensitive projects is involved. Through a tiered membership system, DISP accredits businesses based on their capability to protect Defence information and assets, and supports ongoing compliance through structured roles, reporting, and risk management obligations.

Background
The DISP Project required a comprehensive uplift in service management practices.

With a new vendor onboard and a maturing IT environment, DISP needed to establish an integrated operating model that balanced internal and external capabilities while aligning with SIAM principles.

Objective
Profectus was engaged to implement a new service operating model aligned with SIAM, uplift all ITIL-based service functions (Service Design, Transition, and Operations), and embed robust governance structures. Key goals included onboarding and educating internal and vendor-based service management roles and operationalising clear responsibilities and processes.

Approach
Profectus worked closely with the Defence Industry Security Branch to design and implement a phased transformation plan:

  • Operating Model Development: Reviewed the System Support Model Plan and developed a hybrid SIAM model. Defined roles, decision-making pathways, and governance tiers. Delivered training and support materials to embed the new framework.
  • Process and Procedure Uplift: Assessed maturity across Service Transition and Operations using the ITIL Maturity Model. Updated and authored new Process Definition Documents, standard operating procedures, and governance artefacts. Introduced CSI sprint cycles tracked via a Kanban board.
  • Tool and Process Alignment: Conducted a gap analysis between ITSM tool capabilities and updated process documents. Facilitated integration discussions to align platform functionality with operational needs.
  • Performance and Governance Structures: Established Critical Success Factors and KPIs per ITIL process. Built live dashboards, introduced SLAs into vendor contracts, and developed a Service Level Management process.
  • Governance Forums: Designed a multi-layered governance structure with strategic, tactical, and operational forums. Created a centralised SIAM governance portal and streamlined meeting cadences.

Challenges
Navigating a diverse stakeholder environment with varying levels of service management maturity required targeted education, negotiation, and change advocacy.

Aligning vendor operations with DISP’s new frameworks also necessitated extensive collaboration and tool/process reconciliation.

Achievements

  • Clear accountability and improved adoption of SIAM practices
  • Reduced unplanned outages through standardised processes
  • Increased efficiency via ITSM tool automation
  • Greater CSI engagement and process improvement activity
  • Streamlined stakeholder involvement and resource allocation
  • Better visibility and follow-through on actions via Kanban boards
  • Improved risk management and Change & Release processes

Conclusion
Profectus’ delivery of a robust, scalable SIAM-aligned operating model enabled DISP to significantly lift its ITIL maturity. Beyond metrics, the transformation brought a tangible improvement in service delivery, operational clarity, and cultural engagement with continual improvement. The model now supports DISP’s strategic trajectory through structured governance, empowered roles, and a clear service framework.