Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

News

Audit report published on the identification and security value assessment of public sector information

The Victorian Protective Data Security Standards (Standards) provide a risk-based approach to information security designed to protect public sector information. Organisations subject to Part 4 of the Privacy and Data Protection Act 2014 (Vic) (PDP Act) must adhere to the Standards.

OVIC has completed an audit that assessed four Victorian public sector (VPS) organisations’ adherence to Standard 2. Standard 2 requires VPS organisations to identify and assess the security value of public sector information.

OVIC audited the Department of Treasury and Finance, Barwon Region Water Corporation, the Victorian Institute of Forensic Medicine and CenITex.

OVIC assessed each organisation against the elements under Standard 2 and examined whether the organisations had accurately reported in their 2020 Protective Data Security Plans to OVIC.

OVIC assessed documentation provided by each agency including Information Asset Registers, and policy and procedure documents. OVIC staff also conducted interviews with key personnel at each agency.

All audited agencies had practices, procedures, and systems in place to assess the security value of information they hold. OVIC observed that each organisation used security value assessment outcomes to inform appropriate security measures needed to protect public sector information.

In some cases, the audit found some differences between how organisations assessed themselves against some elements of the Standards and OVIC’s assessment of their information.

The audit report outlines a range of recommendations for each agency to strengthen the identification and security value assessment of public sector information.

For guidance on identifying and assessing public sector information refer to:

For media enquiries contact:

Simone Martin
t:      (03) 8684 7585
e:     simone.martin@ovic.vic.gov.au or media@ovic.vic.gov.au

For enquiries about information security in Victoria contact:

Office of the Victorian Information Commissioner (OVIC)
t:    1300 006 842
e:    security@ovic.vic.gov.au

Related News

OVIC publishes audit report on managing personnel security risks during pre-engagement screening for VPS employees

The Victorian Public Sector (VPS) employs thousands of personnel who work across multiple organisations, carrying out a large number of… Continue Reading

60th Asia Pacific Privacy Authorities forum discusses privacy, regulation, enforcement and more.

The Office of the Australian Information Commissioner (OAIC) hosted the 60th Asia Pacific Privacy Authorities (APPA) forum from 30 November… Continue Reading

OVIC’s 2022-23 Annual Report tabled in Victorian Parliament

Then. Now. Next. OVIC’s 2022-23 annual report was tabled in the Victorian Parliament on Wednesday 4 October 2023. In 2022-23, Victorians made 48,117… Continue Reading
Back to top
Back to Top