Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

News

Audit report published on the identification and security value assessment of public sector information

The Victorian Protective Data Security Standards (Standards) provide a risk-based approach to information security designed to protect public sector information. Organisations subject to Part 4 of the Privacy and Data Protection Act 2014 (Vic) (PDP Act) must adhere to the Standards.

OVIC has completed an audit that assessed four Victorian public sector (VPS) organisations’ adherence to Standard 2. Standard 2 requires VPS organisations to identify and assess the security value of public sector information.

OVIC audited the Department of Treasury and Finance, Barwon Region Water Corporation, the Victorian Institute of Forensic Medicine and CenITex.

OVIC assessed each organisation against the elements under Standard 2 and examined whether the organisations had accurately reported in their 2020 Protective Data Security Plans to OVIC.

OVIC assessed documentation provided by each agency including Information Asset Registers, and policy and procedure documents. OVIC staff also conducted interviews with key personnel at each agency.

All audited agencies had practices, procedures, and systems in place to assess the security value of information they hold. OVIC observed that each organisation used security value assessment outcomes to inform appropriate security measures needed to protect public sector information.

In some cases, the audit found some differences between how organisations assessed themselves against some elements of the Standards and OVIC’s assessment of their information.

The audit report outlines a range of recommendations for each agency to strengthen the identification and security value assessment of public sector information.


For guidance on identifying and assessing public sector information refer to:

For media enquiries contact:

Simone Martin
t:      (03) 8684 7585
e:     simone.martin@ovic.vic.gov.au or media@ovic.vic.gov.au

For enquiries about information security in Victoria contact:

Office of the Victorian Information Commissioner (OVIC)
t:    1300 006 842
e:    security@ovic.vic.gov.au

Back to top
Back to Top