OVIC has activated its business continuity plan due to coronavirus (COVID-19) and staff are working remotely. We have published new guidance on coronavirus (COVID-19) and freedom of information, privacy and information security. Please contact us by email where possible, we ask for your patience during this time.

From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

Agency reporting obligations

Reporting obligations

Protective Data Security Plan (PDSP)

A PDSP must be given to OVIC at least every two years, or upon significant change.

If your organisation has experienced significant change, please contact the Information Security Unit by emailing security@ovic.vic.gov.au, or by contacting our enquiries team.

To find out more refer to PDSP Submissions page

Attestation

Organisations must annually attest to the progress of activities identified in its PDSP to OVIC.

To find out more refer to PDSP Submissions page.

Incident notifications

Organisations must notify OVIC of incidents that have an adverse impact on the confidentiality, integrity or availability of public sector information with a business impact level (BIL) of 2 (limited) or higher.

To find out more refer to Incident Notifications page.

Agency reporting obligations

Reporting obligations

Protective Data Security Plan (PDSP)

Attestation

Incident notifications

See also: