Insights and innovation survey
Delivering insight into information security behaviours across the VPS
We are inviting organisations from across the Victorian public sector to participate in an anonymous survey to help strengthen our data protection efforts.
Participation in the survey is entirely voluntary, with questions exploring levels of understanding around information security practices and exploring personnel security behaviours.
What is the Insight and Innovation Survey?
The Insight and Innovation Survey provides members of your organisation the opportunity to express their views and relate their experiences on information security practices.
The survey is designed to gather insights about the current state of information security culture across the VPS and co-design material with our stakeholders to help cultural transformation across the VPS. Specifically, the broader project seeks to:
- frame a representation of cohorts in the VPS audience, including the development of personas, user stories and journey maps.
- develop a simple shared model or narrative around information security that resonates with us and participating agencies.
- deliver insights into the current state of information security culture across the VPS and frame potential measures to help improve this.
Our approach seeks to:
- ensure Executive buy-in from stakeholder agencies to increase the impact of the project.
- produce new insights into the unique perceptions of data security within the VPS.
- facilitate co-design of a statement of intent and corresponding activities to improve security culture in the VPS.
The survey aims to measure employees understanding of information security and their experience within the organisation. A broad suite of demographic questions is asked to understand the employment experience of the groups within the workforce, with all responses de-identified.
Why are we doing this?
The research is part of our broader assurance activities, aiming to:
- measure the level of staff engagement with information security;
- identify opportunities for improvement in information security;
- co-design solutions with our stakeholders;
- help inform targeted training and awareness material for the VPDSF;
- support engagement opportunities;
- provide insight into the security posture and experiences of various VPS organisations; and
- support engagement opportunities for the VPDSF.
When will the survey run?
The survey is set to commence in late September/early October 2018, with a final go live date due to be confirmed in August. It will be open for a period of three weeks, in which staff are encouraged to complete a 10 – 15 minute questionnaire.
How is the survey being run?
We have engaged an independent social research consultancy, ThinkPlace to help deliver and run this survey. They will be using a survey web platform called Qualtrics. All responses will be anonymous, and the data collected will be de-identified before being shared with us. Responses will be analysed at the aggregate level only.
Advising us of your intent to participate
We encourage all VPS organisations to participate in this survey, as it provides a unique opportunity for your voice to be heard.
If your agency does want to participate, you will need to advise us of your intention to be part of this interesting project.
Nominate a survey coordinator
If you are participating, you will need to nominate a survey coordinator for your organisation. This may be your information security lead, a work unit or office manager.
Please send the details of your survey coordinator (their email address and contact number) to email@example.com by 7th of August, to help us liaise with them in the lead up and throughout the survey.
Agencies who are participating will receive further communications in August, advising of next steps. Survey coordinators for each participating agency will be provided additional supporting material to help facilitate the dissemination of the survey material to staff.
Participation in the survey
By participating, you agree that the survey data collected can be used by the Office of the Victorian Information Commissioner and research partners, to undertake research to benefit the public sector. The provision of any data to research partners or other parties will be in accordance with the Privacy and Data Protection Act (2014). To ensure compliance with legislative requirements, we will only conduct analysis or release data where the identity of individuals is protected and cannot be reasonably ascertained.
Is the survey voluntary?
Yes. Participation is entirely voluntary.
Are organisations being targeted?
No. All VPS organisations are invited to participate and we welcome responses from all agencies or bodies.
Is the survey confidential?
Yes. All survey responses are anonymous. Survey participants are not required to individually register. A generic link to the survey will be provided for users use. A Privacy Impact Assessment and Security Risk Assessment are currently being scoped for this project.