We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.
Agency reporting obligations
2021 Attestations are due on 31 August 2021.
Latest updates
Attestation has been updated to include a video message from the Information Commissioner Updated 06/09/2021
Attestation form has been published to use for 2021 Attestations due 31 August Updated 06/09/2021
Significant Change Notification Process has been updated Updated 06/09/2021
Form-Notification-to-the-Information-Commissioner-of-Significant-Change-V1.0 has been published Updated 06/09/2021
Attestations
Victorian public sector organisations must annually attest to the progress of activities identified in its Protective Data Security Plan (PDSP) to OVIC.
Protective Data Security Plans
Victorian public sector organisations must submit a PDSP to OVIC at least every two years, or upon significant change.
Incident Notification
Organisations must notify OVIC of incidents that have an adverse impact on the confidentiality, integrity or availability of public sector information with a business impact level (BIL) of 2 (limited) or higher.
Significant change
When organisations experience a significant change to their operations, the risks to their information assets and their protective data security obligations can change as a result.