Frequently Asked Questions

What is the overall objective of the strategy?

The overall objective of the strategy is to protect the lives of people working in, using, and visiting places that become crowded and making those places more resilient against a terrorist attack.

What is a Terrorist act?

The act or threat of an act, that intends to advance a political, ideological or religious cause against a Government entity or the public.

A terrorist act intends to endanger, cause panic, serious physical harm or death to a person or cause interruption, disruption, destruction or serious property damage or serious risk to public health and safety by any means, including electronic.

Where can I find the Australian definition of a Terrorist act?

The Australian legislative definition of a Terrorist act can be located within the Commonwealth Criminal Code Act 1995.

What are the foundations of the strategy?

The four pillars of the strategy are:

  • Building stronger partnerships
  • Enabling information sharing and guidance
  • Implementing effective protective security
  • Increasing resilience

Who has a role in protecting Crowded Places?

  • Owners and operators of crowded places
  • Local governments
  • State and Territory governments
  • Jurisdictional police
  • The Australian-New Zealand Counter-Terrorism Committee (ANZCTC)
  • The Crowded Places Advisory Group (CPAG) and Business Advisory Group (BAG)
  • The Commonwealth Government
  • Private security providers
  • The community

What is a Crowded Place Self-Assessment?

The Crowded Places Self-Assessment is a tool that aims to help owners and operators of crowded places to understand how attractive their location may be for a terrorist to attack and then provides guidance on what steps to take next.

What is a Crowded Place Security Audit?

The Crowded Place Security Audit primarily aims to:

  • Present a menu of security issues, some of which may be relevant to the type, size and risk profile of a crowded place
  • Provide a prompt for you to identify and address any security gaps in a proportionate manner

What does the Crowded Place Security Audit not address?

The Crowded Places Security Audit has not been designed to fully address cyber security issues. Further, the Audit does not fully address issues and mitigation strategies in regards to improvised explosive devices, active armed offenders and hostile vehicle attacks.

However, you may seek further advice via ASIO Outreach: 

Are the Self-Assessment and Security Audits actual risk assessments?

No. The Self-Assessment is a self-perspective security evaluation of a site, event or venue. The Security Audit is a guide to provide you as the owner/operator with a prompt to identify and address any security or mitigation gaps in a proportionate manner

What level of information will the Self-Assessment and Security Audit Provide me?

The information provided in the Self-Assessment and Security Audit is intended to be used as general guidance material only and is not provided for any other purpose. In particular, it is not intended to provide comprehensive advice. Organisations or individuals using or relying upon the information contained in these documents should do so in conjunction with their own judgement and assessment of the information in light of their particular needs and circumstances.

What does it mean if I score 40 or more in the Self-Assessment?

This means that you should contact your jurisdictional policing organisation for further discussions in relation to your score. These discussions are not about lowering your score or re-conducting the self-assessment but discussing hazard specific management strategies and improvements that may assist your site, venue or event regarding mitigation from a terrorist attack.

ACT Policing: [email protected]

What does it mean if I scored 39 or less in the Self-Assessment?

A score of 39 or less does not indicate that your site, venue or event is safe from a terrorist attack. It simply indicates that some of the common potential risk variables when looking at your site, venue or event have scored in a lower bracket. Remember, the Self-Assessment Tool is not an exhaustive list, and each site, venue or event will have specific differences and risks.  A licenced, independent and suitable qualified security provider that can assist with risk assessments should still be engaged to enhance your emergency management plans.

Further, you can still contact your jurisdictional police service for any questions you may have or risk strategies you wish to discuss.

What are the ANZCTC threat specific guidelines for?

These Guidelines set out several broad guiding principles which public and private sector stakeholders should consider to reduce the vulnerability of their site to the threat of terrorism. Further, the Guidelines are designed to increase your understanding of the threat posed by specific weapons and tactics.

How should I assess Security Consultants?

Owners and operators of Crowded Places should consider when selecting a security consultant:

  • Security Licence
  • Education, qualifications, skills, and experience
  • Referee reports
  • Security clearance (where required)
  • Professional association and affiliations
  • Previous experience conducting security reviews
  • Ability to effectively undertake the security review (subject matter knowledge)
  • Impartially of advice (consider any commercial affiliations)
  • Published professional work

What is the approach to layered security to crowded places?

The goal of layered security is to reduce the likelihood of a successful terrorist attack by building multiple layers of redundancy into specific sites architecture. A layering approach means that a failing in any single layer will not significantly compromise the overall security of the place being protected.

Deter: Obvious physical and electronic target hardening measures e.g. fences; electronic access control.

Detect: Visual detection and alert systems, e.g. CCTV cameras.

Delay: Physical counter measures and process, e.g. Bollards, trained staff interventions.

Respond: Timely and coordination reaction by security forces.

What role and responsibilities do owners and operators of crowded places have?

All owners and operators of Crowded Places have the primary responsibility for protecting their sites, including a duty of care to take steps to protect people that work, use or visit their site from a range of foreseeable threats, including the threat of a terrorist attack. Owners and operators have a responsibility to conduct a risk assessment and/or vulnerability assessment of their site.

What role and responsibilities do State and Territory Police have regarding crowded places?

State and territory police are responsible for providing threat information to owners and operators of Crowded Places. This includes material developed by the states and territories, Commonwealth agencies, police and overseas partners. Police provide specific information on the local threat context to help owners and operators develop appropriate protective security measures. State and territory police may also provide protective security guidance in some (limited) instances.

What can police consultation provide me?

Planning considerations: Police can discuss with you a number of factors relevant to event planning to consider when developing protective security options to address terrorism vulnerabilities at events.

Event procedures: Police can discuss with you terrorist attack mitigations that may assist in the detection, deterrence, delay and response to an active armed offender, basic weapons, explosive attack both from a person and vehicles.

Further, discussion can also be explored in relation to:

  • Soft vehicle access restrictions
  • Authorised vehicle access restrictions
  • Re-deployable vehicle barriers
  • Detecting & responding to suspicious vehicle
  • Hostile reconnaissance and surveillance
  • Patron search and screening
  • Managing delivers
  • Waste management
  • Venue search and inspections, and
  • Policing response

Where can I obtain further information?

Should you need more than the material provided here, there are further avenues for Crowed Places information.

Depending on the needs of your organisation, it may be appropriate to apply to ASIO Outreach. ASIO Outreach are regular presenters at Crowded Places Forums facilitated by ACT Policing. 

ASIO Outreach is the principal interface between the Australian Security Intelligence Organisation (ASIO) and government and industry stakeholders. ASIO Outreach provides information via a number of means including a subscriber-controlled website. ASIO Outreach will review each application for access to its website on a case by case basis.

ASIO Outreach:

In 2018 the Australian Institute for Disaster Resilience published the Safe and Healthy Crowded Places Handbook. Event planners considering crowded places event planning may find this Handbook a useful companion document to the Crowded Places Strategy and associated documents.


If you would like to attend a Crowded Places Forum and your organisation has not previously been invited to attend, send an email to ACT Policing Crowded Places to register your interest in attending a Forum in the future.

ACT Policing: [email protected]


ACT Policing Online News

Need help with family violence?

Quick Exit