Victorian public sector stakeholders
Attestation
The Attestation for 2022 is included in the 2022 Protective Data Security Plan (PDSP) form available to download on this page.
Protective Data Security Plan
Victorian public sector (VPS) organisations have a responsibility to effectively identify and manage information security risks across the information lifecycle.
The security risk profile assessment process is a foundational activity that needs to be undertaken prior to developing a PDSP.
To find out how to complete the Security Risk Profile Assessment (SRPA) process, refer to our Practitioner Guide on Information Security Risk Management.
When completing the 2022 PDSP, consider the activities undertaken during the 1 July 2020 – 30 June 2022 reporting period.
Organisations are expected to submit a copy of a PDSP to OVIC between 1 July 2022 – 31 August 2022.
Download: 2022 Single-Organisation Protective Data Security Plan (PDSP) form V3.2
SHA 256 Checksum: e8d0c15c16d468622c17ec09285fd81e744cf8ca9a1565299405a985bb2e461b
Download: 2022 How-to Guide: A guide to completing the 2022 Protective Data Security Plan
This document provides detailed guidance on completing the single-organisation PDSP form.
If you are a Class B Cemetery Trust, please visit this page to access the relevant PDSP form.
Multi-organisation PDSP
We have developed a 2022 Multi-organisation PDSP Reporting How-to Guide to step organisations through the strengthened multi-organisation reporting process.
This guide outlines key actions needed to be undertaken by a primary organisation, subsidiary organisation, and the Information Security Unit.
Download: 2022 Multi-organisation PDSP Reporting How-to Guide
Download: a copy of the SAMPLE – OVIC Information Security Multi-Org Protective Data Security Plan (Primary) V3.2.
Significant change
When organisations experience a significant change to their operations, the risks to their information assets and their protective data security obligations can change as a result.
Read more about significant change.
Incident notification
Organisations must notify OVIC of incidents with a business impact level (BIL) of 2 (limited) or higher that have an adverse impact on the confidentiality, integrity or availability of public sector information.
Information security resources
This section contains a suite of resources to assist in understanding and implementing the Victorian Protective Data Security Framework (VPDSF) and the Victorian Protective Data Security Standards (VPDSS).
Contact us
If you need help, please contact us on 1300 006 842 (1300 00 OVIC) between 9am and 5pm, Monday to Friday, or email us security@ovic.vic.gov.au