Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

The FOI Professional Standards Framework

As a regulator, the Information Commissioner is responsible for ensuring agencies understand and comply with the Freedom of Information Act 1982 (Vic) (the Act) and the FOI Professional Standards (the Standards).

OVIC developed the FOI Professional Standards Framework (the Framework) to be open and transparent about how it regulates compliance with Professional Standards.

The Framework details how OVIC identifies, records and monitors agency compliance with the Standards. It also outlines OVIC’s procedures for handling Professional Standard matters.

Background to the Professional Standards

The Professional Standards are a binding legislative instrument developed under section 6U of the Freedom of Information Act 1982 (Vic) (the FOI Act or the Act).

Commencing on 2 December 2019, the Standards apply to and bind all Victorian agencies subject to the Act (agencies). This includes local government, departments, statutory authorities, public hospitals, councils, TAFEs and universities but not Ministers.

The Standards elaborate on obligations under the Act, articulating expectations for FOI practitioners when performing their FOI function.

Why do we have Professional Standards?

The Standards were developed to ensure agencies administer the Act consistently with:

  • the Act’s object – to extend as far as possible the right of the community to access information in the possession of an agency subject to the Act; and
  • Parliament’s intention – that the provisions of the Act are interpreted to further its object and any discretions conferred by the Act are to be exercised as far as possible to facilitate and promote the prompt disclosure of information at the lowest reasonable cost.

The Standards help to promote best practice in performing FOI functions by prescribing obligations. They give the Act a modern interpretation, both in practice and process.

The Standards aim to:

  • improve communication between agencies and applicants;
  • ensure agencies process FOI requests in a timely manner;
  • clarify any unclear terms or tests in the Act; and
  • help agencies apply the Act in a modern way.

Overview of the FOI Professional Standards

There are 33 standards, based on 10 themes, relating to the conduct of agencies in performing functions under the Act, and the administration and operation of the Act by agencies.

A complete list of the Standards can be found here: Professional Standards

The 10 themes comprise:

  1. Access to government Information
    Standard 1 relates to proactive and informal release of information. The Standards requires agencies to consider informal release where possible and ensure information statements published in accordance with Part II are available online where possible.
  2. Receiving a request
    Standard 2 relates to receiving a request. The Standards relate to assisting applicants to make valid requests and modernising how the public may exercise their right to access government information under the Act (including by making an FOI request via email).
  3. Extensions of time
    Standard 3 clarifies when an agency may extend the time for deciding a request and ensures applicants are aware of why an extension is necessary and for how long the period is extended.
  4. Charges for access
    Standard 4 provides clarity around access charges, including providing certain information in an access charges notice and providing that notice within a specific period of time.
  5. Substantial and unreasonable diversion of resources
    Standard 5 relates to where an agency refuses an FOI request where it is satisfied processing the request would substantially and unreasonably divert the resources of the agency from its other operations. The Standards clarify when to provide, and how much information to include in, a notice to refuse a request.
  6. Searching for documents
    Standard 6 recognises the importance of good record keeping by requiring an agency to ensure it keeps a record of its document searches.
  7. Practicability of consulting third parties
    Standard 7 relates to the practicability of consulting third parties when processing a request, including factors to consider and record keeping requirements.
  8. Decisions and reasons for decisions
    Standard 8 aims to ensure an applicant receives an informative decision letter which helps the applicant to understand how and why the agency made its decision.
  9. Resources, training and awareness
    Standard 9 requires principal officers to ensure their agency has the necessary resources and training in place to support FOI officers in carrying out their functions. It also seeks to improve cooperation from all agency officers, to improve how requests are managed and the time taken by an agency to respond to requests.
  10. Working with the Information Commissioner
    Standard 10 relates to working with, and assisting, the Information Commissioner. It includes considering preliminary views from OVIC, responding to requests for documents and information within agreed timeframes, and marking up documents clearly and legibly.

Who must comply with the Standards?

The principal officer, and any officer or employee of the agency, must comply with the Standards when performing FOI functions: section 6W(1) of the Act.

The principal officer of an agency is also responsible to ensure any officer or employee concerned with the operation of the Act complies with the Standards.

How are Professional Standards engaged, identified and recorded by OVIC?

Professional Standards are ‘engaged’ when potential or actual instances of non-compliance with the Professional Standards are identified and recorded in OVIC’s case management system. These records are referred to as “engagements”.

OVIC’s Public Access Branch assesses each review and complaint it accepts for Professional Standards engagements and when handling a review or complaint matter.

Most Professional Standard engagements are identified by OVIC, but they can also be identified by:

  • an applicant to a review application before OVIC;
  • a complainant by way of a complaint to OVIC; or
  • an agency, by way of self-reporting.

Both potential and actual instances of non-compliance with the Standards are recorded in OVIC’s case management system.

What happens after a Professional Standard engagement is recorded?

After OVIC records a Professional Standard engagement, the next step is to consider if OVIC has enough information to determine whether there has been a breach of the Standards.

In some instances, non-compliance will be apparent based on the information OVIC already has, and further inquiries will not be required to confirm if a breach has occurred.

Preliminary inquiries

Where OVIC needs more information about the Professional Standards engagement, OVIC will make preliminary inquiries with the agency and the applicant/complainant. For example, OVIC may ask an agency to provide notification details, such as a copy of email sent or correspondence posted, where the Standard requires an agency to notify an applicant within a specified period of time.

Where non-compliance is established, OVIC will consider the nature and extent of the breach; and determine what action, if any, to take.

Where an agency’s actions are found to be compliant with the Standards, no further action is taken.

How does OVIC deal with non-compliance?

OVIC uses a range of compliance and enforcement ‘tools’ to address non-compliance of the Standards such as:

  • educational;
  • informal; and/or
  • formal.

OVIC’s approach will depend on the nature and seriousness of the conduct, the impact of the non-compliance, and the circumstances of each case.

OVIC adopts a graduated approach to compliance and enforcement. This means that, generally, the more serious the breach, the more interventionist the response.

See the visual process flowchart below for further information.

Types of breaches

OVIC classifies breaches into two categories:

Minor or technical breaches

A minor or technical breach is where an agency’s action or inaction results in a minimal risk of detriment to members of the public or OVIC (such as a minor delay in providing information where an agency must provide it in a specified period of time).

Substantial, persistent or systemic breaches

Substantial, persistent or systemic breaches relate to an agency’s action or inaction where there is moderate to high risk of detriment to members of the public or OVIC (such as significant and ongoing delays, repeated and persistent breaches, or the identification of wider systemic concerns).

Action OVIC may take

Educational and Informal action

OVIC most often uses educational and informal tools to try to informally resolve issues. This reflects that most agencies are willing and able to comply with their statutory obligations but may need guidance to help them.

OVIC may engage in any of the following targeted educational and informal activities:

  • liaise with FOI practitioners to educate and support them in meeting their obligations under the Standards. For example, OVIC may meet with the agency’s FOI Practitioner to discuss the issue and how it could have been avoided and how to avoid it in the future;
  • request that an agency participate in an educational activity, such as completing the Professional Standards Self-Assessment Tool or referring an agency to OVIC’s online resources; and/or
  • request evidence from the agency to show how it intends to comply with the Standards in the future (for example a policy, procedure, template letter or other information).

OVIC will generally take educational and informal action to resolve minor or technical instances of non-compliance.

OVIC may take any of the following informal actions to resolve a minor or technical breach:

  • An OVIC Case Manager may write to the agency’s FOI Officer about the non-compliance seeking a response or written submission to explain how the breach occurred.
  • OVIC’s Assistant Commissioners may request a meeting with the agency’s FOI Unit to discuss its obligations and responsibilities under the Standards.
  • Instances of non-compliance with the Professional Standards may be addressed in the covering letter of a Notice of Decision to an agency. For example, an agency may be reminded of its obligations under the Standards in the covering letter of a Notice of Decision; and/or
  • OVIC may refer an agency to OVIC’s online resources to educate and improve compliance.

Formal action

In the case of a significant, persistent or systemic breach, the matter will be escalated to a senior member of OVIC’s Public Access Branch for consideration of formal action.

Formal action might include:

  • writing to the agency’s Principal Officer, as the person responsible for ensuring the agency meets its obligations under the Standards, to notify them of the potential or actual breach and inviting a response:
    • correspondence to the Principal Officer will include background information, details of the breach or issue, OVIC’s proposed findings on the breach and any proposed actions that OVIC directs the agency to undertake;
    • the agency will be given an opportunity to respond, rectify or improve processes;
    • after considering the agency’s response, OVIC will communicate its final decision relating to the proposed breach with the agency. For example, after considering the agency’s response, OVIC may decide to record a breach against the agency and request it complete the Professional Standards self-assessment tool.
  • OVIC may consider publishing findings of an agency’s breach of the Standards in its annual report tabled in Parliament.

Ongoing monitoring

Where appropriate, OVIC may subject an agency’s performance and compliance with the Standards to ‘ongoing monitoring’.

Ongoing monitoring refers to OVIC observing an agency’s performance and compliance with the Standards for a period of time. OVIC does this via stakeholder engagement activities, analysing annual report data and examining records of non-compliance with the Standards recorded in OVIC’s case management system.

Monitoring agency performance allows OVIC to identify and address systemic issues in an agency so that OVIC can measure the extent of an agency’s non-compliance and support them to improve their practices.

Recommendations under section 61L

When OVIC is dealing with a complaint, OVIC may make recommendations in accordance with section 61L of the Act.

Section 61L provides that the Information Commissioner may make recommendations to an agency, the principal officer or Minister in relation to the complaint.

Recommendations may include suggestions for improvements to the policies, procedures and systems of the agency in relation to compliance with the FOI Act. The Information Commissioner must give the agency, principal officer or Minister, an opportunity to comment on and respond to the draft recommendation.

The Information Commissioner may also determine to refer the matter to another that body for investigation.

Referral for consideration of an own motion investigation

Where appropriate, OVIC may consider whether to conduct an own motion investigation into the breach of the Standard.

OVIC’s Regulatory Action Policy sets out the process of an own motion investigation.

Reporting in OVIC’s Annual Report

Where OVIC records a breach of the Professional Standards against an agency (after giving the agency the opportunity to respond to the proposed finding of a breach), OVIC may report the breach in its annual report which is tabled in Parliament. OVIC may report breaches of the Professional Standards as an educative tool for other agencies.

Process Flowchart

Support and guidance for agencies

OVIC has developed a suite of guidance materials for agencies and members of the public, these are available on our website.

Practice Notes

OVIC has published a suite of Practice Notes to assist agencies in facilitating access to information under the FOI Act and the Standards.

These include:


OVIC regularly hosts a range of free webinars and events to assist agencies and the public understand their rights and responsibilities in relation to how the public sector collects, uses and discloses information.

Online learning

OVIC offers a range of free eLearning modules available to VPS staff and the public on our online learning portal


OVIC offers free monthly training webinars for agency staff in relation to the Act. The training has been developed to provide agencies with a general understanding of the Act and guide them through how to process a FOI request.

Agency FOI Information Service

OVIC’s Agency FOI Information Service is an email service designed to provide Principal Officers and FOI practitioners free and tailored advice and guidance about the Act and the Standards.

Agencies seeking information on the administration and operation of the Act and the Standards can email OVIC at

OVIC will generally respond within 24 hours from the time OVIC received the email enquiry. However, responses may take between 1 – 5 business days, depending on the complexity of the enquiry.

Click here for the Agency FOI Information Service Guidelines

Read the Guidelines to the Agency FOI Information Service.








Back to top
Back to Top