We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.
Agency reporting obligations
2021 Attestations are due on 31 August 2021.
Latest updates
Attestation form has been published to use for 2021 Attestations due 31 August Updated 18/05/2021
Significant Change Notification Process has been updated Updated 21/05/2021
Form-Notification-to-the-Information-Commissioner-of-Significant-Change-V1.0 has been published Updated 13/05/2021
Reporting obligations
Organisations must annually attest to the progress of activities identified in its Protective Data Security Plan (PDSP) to OVIC.
2020 Protective Data Security Plan
Victorian public sector organisations must submit a PDSP to OVIC at least every two years, or upon significant change. If your organisation has experienced significant change.
Organisations must notify OVIC of incidents that have an adverse impact on the confidentiality, integrity or availability of public sector information with a business impact level (BIL) of 2 (limited) or higher.
When organisations experience a significant change to their operations, the risks to their information assets and their protective data security obligations can change as a result.