Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

Victorian Protective Data Security Standards V2.0

The Victorian Protective Data Security Standards (VPDSS) establish 12 high level mandatory requirements to protect public sector information across all security areas including governance, information, personnel, Information Communications Technology (ICT) and physical security.

The VPDSS are consistent with national and international standards and describe the Victorian Government’s approach to protecting public sector information. They focus on the outcomes that are required to enable efficient, effective and economic investment in security measures through a risk-managed approach.

What do the Standards cover?

The Standards cover:

  • governance
    • executive sponsorship of and investment in security management, utilising a risk based approach, security policies and procedures, training, business continuity and disaster recovery, security incident management, external party engagement and oversight;
  • information security
    • protection of information across the information life cycle from when it is created to when it is disposed or destroyed;
  • personnel security
    • engagement and ongoing management to ensure the continued eligibility and suitability of people accessing public sector information;
  • ICT security
    • secure communications and technology systems processing or storing information; and
  • physical security
    • secure physical environment including facilities, equipment and services and the application of physical security measures to protect information.

More information

The Standards:

  • take into account the policy and operational responsibilities of the Victorian government;
  • respect the important role that Victorian public sector organisations play in delivering services;
  • reflect national and international approaches to security but are tailored to the Victorian government environment;
  • focus on the security of public sector information; and
  • require contracted service providers with direct or indirect access to information to adhere to the standards.

The Standards support a risk management approach that empowers government business to identify and manage its unique risks. This in turn informs good decision making, supports the achievement of business objectives, and effective information sharing whilst protecting public sector information.

Issue of the Standards V2.0

On 11 October 2019, The Honourable Gavin Jennings MLC, Special Minister of State, agreed to revoke the Victorian Protective Data Security Standards issued in July 2016 and approved the updated Standards in accordance with sections 86 and 87 of the Privacy and Data Protection Act 2014 (Vic).

Following this, on 28 October 2019, Sven Bluemmel, Victorian Information Commissioner, revoked the Victorian Protective Data Security Standards issued in July 2016 and issued the Victorian Protective Data Security Standards V2.0 in accordance with sections 86 and 87 of the Privacy and Data Protection Act 2014 (Vic).

The Standards have been tabled in Parliament and published in the Gazette, bringing them into full effect.



VPDSS V2.0 Standards and Objectives - DOCX
Size 385.77 KB


Size 538.07 KB



Back to Index
Back to top
Back to Top