Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

News

Audit report published on the identification and security value assessment of public sector information

The Victorian Protective Data Security Standards (Standards) provide a risk-based approach to information security designed to protect public sector information. Organisations subject to Part 4 of the Privacy and Data Protection Act 2014 (Vic) (PDP Act) must adhere to the Standards.

OVIC has completed an audit that assessed four Victorian public sector (VPS) organisations’ adherence to Standard 2. Standard 2 requires VPS organisations to identify and assess the security value of public sector information.

OVIC audited the Department of Treasury and Finance, Barwon Region Water Corporation, the Victorian Institute of Forensic Medicine and CenITex.

OVIC assessed each organisation against the elements under Standard 2 and examined whether the organisations had accurately reported in their 2020 Protective Data Security Plans to OVIC.

OVIC assessed documentation provided by each agency including Information Asset Registers, and policy and procedure documents. OVIC staff also conducted interviews with key personnel at each agency.

All audited agencies had practices, procedures, and systems in place to assess the security value of information they hold. OVIC observed that each organisation used security value assessment outcomes to inform appropriate security measures needed to protect public sector information.

In some cases, the audit found some differences between how organisations assessed themselves against some elements of the Standards and OVIC’s assessment of their information.

The audit report outlines a range of recommendations for each agency to strengthen the identification and security value assessment of public sector information.

For guidance on identifying and assessing public sector information refer to:

For media enquiries contact:

Simone Martin
t:      (03) 8684 7585
e:     simone.martin@ovic.vic.gov.au or media@ovic.vic.gov.au

For enquiries about information security in Victoria contact:

Office of the Victorian Information Commissioner (OVIC)
t:    1300 006 842
e:    security@ovic.vic.gov.au

Related News

OVIC and PROV issue joint statement on minimising the privacy impacts of an incident

The Office of the Victorian Information Commissioner (OVIC) and Public Record Office Victoria (PROV) have issued a joint statement regarding… Continue Reading

New changes to Victoria’s Freedom of Information and Privacy Laws

The Justice Legislation Amendment (Integrity, Defamation and Other Matters) Act 2024 (the Act) recently commenced. The Act makes changes to… Continue Reading

OVIC publishes audit report on managing personnel security risks during pre-engagement screening for VPS employees

The Victorian Public Sector (VPS) employs thousands of personnel who work across multiple organisations, carrying out a large number of… Continue Reading
Back to top
Back to Top