Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

Incident Notification

header image for the Information Security Incident Notification Scheme

Overview of the information security
incident notification scheme

The scheme has been developed to centrally coordinate notification of information security incidents within Victorian government. It requires agencies or bodies to notify OVIC of incidents that compromise the confidentiality, integrity or availability of public sector information with a ‘limited’ business impact or higher on government operations, organisations or individuals.

Incident notification assists OVIC with developing a comprehensive security risk profile of the Victorian government which can be used for trend analysis and understanding of the threat environment. OVIC will share de-identified outcomes of the analysis with Victorian government agencies and bodies which will in turn inform their own risk assessments.

Please note: Notifying OVIC of information security incidents under the scheme relates to those incidents discovered/identified from October 2019 onwards, regardless of how long before October 2019 the incidents occurred.

Refer to the current VPDSF BIL table for further information.

How to notify OVIC

Need to notify OVIC of an information security incident?

Incident Notification Form

To download a copy of the Incident Notification Form, click here.

Please fill in as many details on the form as possible. Submissions options vary, depending on the protective marking of the content on the Incident Notification Form.




OFFICIAL or OFFICIAL: Sensitive, please email a copy of the form to;




PROTECTED or above, contact OVIC for further advice.


OVIC does not provide a 24/7 service so if you require immediate assistance for cyber incidents please contact the Cyber Incident Response Service directly on 1300 278 842.

Collection of personal information

This form collects personal information in the way of contact details. This includes your name, position title, organisation, contact number and email address for the purpose of follow up, research projects or activities set out in OVIC’s Regulatory Action Plan.

Where you provide personal information, OVIC may use it to provide you with return confirmation of receipt of your form, seek clarification on the contents of your form or report on any trends.

We ask that you do not include personal information anywhere other than the designated fields on this form.

When submitting your form via email, we may be able to identify you from your email address.

OVIC will not disclose your personal information without your consent, except where required or authorised to do so by law. You may contact OVIC to request access to any personal information you have provided to us by emailing

For further information on how OVIC handles personal information, please review our privacy policy here.


Back to top
Back to Top