Overview of the information security
incident notification scheme
The scheme has been developed to centrally coordinate notification of information security incidents within Victorian government. It requires agencies or bodies to notify OVIC of incidents that compromise the confidentiality, integrity or availability of public sector information with a ‘limited’ business impact or higher on government operations, organisations or individuals.
Incident notification assists OVIC with developing a comprehensive security risk profile of the Victorian government which can be used for trend analysis and understanding of the threat environment. OVIC will share de-identified outcomes of the analysis with Victorian government agencies and bodies which will in turn inform their own risk assessments.
Please note: Notifying OVIC of information security incidents under the scheme relates to those incidents discovered/identified from October 2019 onwards, regardless of how long before October 2019 the incidents occurred.
Refer to the current VPDSF BIL table for further information.
How to notify OVIC
Need to notify OVIC of an information security incident?
OVIC does not provide a 24/7 service so if you require immediate assistance for cyber incidents please contact the Cyber Incident Response Service directly on 1300 278 842.
Collection of personal information
This form collects personal information in the way of contact details. This includes your name, position title, organisation, contact number and email address for the purpose of follow up, research projects or activities set out in OVIC’s Regulatory Action Plan.
Where you provide personal information, OVIC may use it to provide you with return confirmation of receipt of your form, seek clarification on the contents of your form or report on any trends.
We ask that you do not include personal information anywhere other than the designated fields on this form.
When submitting your form via email, we may be able to identify you from your email address.
OVIC will not disclose your personal information without your consent, except where required or authorised to do so by law. You may contact OVIC to request access to any personal information you have provided to us by emailing email@example.com.