Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

Victorian public sector stakeholders

Attestations 2023

In 2023, organisations are required to submit an Attestation in which they attest to the continuation of information security activities outlined in their previous Protective Data Security Plan (PDSP).

For those organisations that have not undergone a significant change, a single organisation Attestation form is now available.

Attestations should cover the reporting period of 1 July 2022 to 30 June 2023.

Organisations are expected to submit a copy of their Attestation to OVIC between 1 July 2023 and 31 August 2023.

The single organisation Attestation form should be used where an organisation submits a PDSP on its own behalf.

The multi-organisation Attestation form should be used where an organisation previously submitted a PDSP on its own behalf and on behalf of one or more additional organisations in 2022.

If you require a Multi-organisation Attestation form please contact us at

However, if an organisation has undergone a significant change to their operating environment or information security risks (such as a restructure or Machinery of Government), they are required to notify OVIC and may be required to submit a full, out-of-cycle PDSP.

Read more information on significant change or contact us at

Protective Data Security Plan

Victorian public sector (VPS) organisations have a responsibility to effectively identify and manage information security risks across the information lifecycle.

The security risk profile assessment process is a foundational activity that needs to be undertaken prior to developing a PDSP.

To find out how to complete the Security Risk Profile Assessment (SRPA) process, refer to our Practitioner Guide on Information Security Risk Management.

If your organisation is newly formed in 2023, please contact the Information Security Unit via to discuss your reporting obligations.

If you require a PDSP template, please contact the Information Security Unit via

Significant change

When organisations experience a significant change to their operations, the risks to their information assets and their protective data security obligations can change as a result.

Read more about significant change.

Incident notification

Organisations must notify OVIC of incidents with a business impact level (BIL) of 2 (limited) or higher that have an adverse impact on the confidentiality, integrity or availability of public sector information.

Information security resources

This section contains a suite of resources to assist in understanding and implementing the Victorian Protective Data Security Framework (VPDSF) and the Victorian Protective Data Security Standards (VPDSS).

Contact us

If you need help, please contact us on 1300 006 842 (1300 00 OVIC) between 9am and 5pm, Monday to Friday, or email us



Size 160.12 KB


Size 400.43 KB


Size 839.48 KB



Back to Index
Back to top
Back to Top