Victorian Protective Data Security Standards

The Victorian Protective Data Security Standards (VPDSS) establish 18 high level mandatory requirements to protect public sector data and provide for governance across the four domains of information, personnel, ICT and physical security.

Each standard is supported by four protocols. This follows the continuous improvement process of plan, do, check, and act (as represented in the VPDSS posters - visual representation of the standards). This enables your organisation to continually assess your security controls against any new or updated threats and vulnerabilities.

The standards:

  • take into account the policy and operational responsibilities of the Victorian government
  • respect the important role that Victorian public sector organisations play in delivering critical services
  • reflect national and international approaches to security but are tailored to the Victorian government environment
  • focus on the security of information, rather than all official assets
  • identify information security and ICT security as individual yet equally important security domains
  • require contracted service providers with direct or indirect access to information to adhere to the standards.

The standards are durable and take a risk management approach that empowers government business to function effectively, safely and securely.

Issue of the Standards

The Victorian Protective Data Security Standards (VPDSS) were formally issued on 26th July 2016.

The issue of the standards follows the approval and sign off by the Special Minister of State, Gavin Jennings and the formal issue by the Commissioner for Privacy and Data Protection, David Watts. A copy of these signatories can be found here.

To download your own copy of the Victorian Protective Data Security Standards, navigate to the following links:

20180314 VPDSS Standards v1.1 March 2018 OVIC branding

 Text version of the VPDSS – March 2018


20180313 VPDSS Posters V1.1


VPDSS Posters - visual representation - March 2018

What does this mean for your organisation?

To understand what the formal issue of the standards mean for your organisation, please consider:

CPDP also encourages organisations to consider supplementary security guide and supporting resources contained on our website and in the CPDP mobile app.