Data Security Resources

The following protective data security resources are available for download.

Start Here if you are new to information security or the VPDSF

vpdsf

Data Protection and You Video: By way of introduction to our office, and in particular to Part Four of the Privacy and Data Protection Act (PDPA) 2014, we have created a video to assist the VPS in understanding their protective data security obligations within Victorian Government.
Screen Shot 2018 04 10 at 1.47.30 pm Does the VPDSF Apply to Your Organisation?
20180314 Overview of the VPDSF and 5 Step Action Plan v1.1 Overview of the VPDSF and the Five Step Action Plan

five steps

VPDSF 5 Step Action Plan

app vpdsf

VPDSF Applicability Visual

glossary

VPDSF Glossary: Glossary of Terms used in the Victorian Protective Data Security Framework 

embedding security

Embedding security into your organisation

 

 

Victorian Protective Data Security Framework (VPDSF)

VPDSF V1.1. Icon

Victorian Protective Data Security Framework V1.1 – March 2018

 

 

Victorian Protective Data Security Standards (VPDSS)

20180314 VPDSS Standards v1.1 March 2018 OVIC branding

Victorian Protective Data Security Standards (Text version)

vpdss visual

VPDSS Posters: Visual representation of the standards

vpdss how to read

VPDSS Posters: Visual representation of the standards – How to Read

20180313 VPDSS Control reference links V1.1

VPDSS Control Reference Links

vpdsf rosetta

Rosetta Stone – Core and Supplementary (V2.0)

A mapping of the VPDSS against existing security standards adopted by Victorian public sector organisations
smf   VPDSF Security Management Framework (SMF) template (xlsx) 

 

 

 

Victorian Information Security Management Collection

ismc 

VPDSF Information Security Management Collection
sample iar

Sample Information Asset Register (IAR) Template

 

 

VPDSF Assurance Collection

assurance collection

VPDSF Assurance Collection

vpdss attestation

VPDSS Self Assessment Template

pdsp

VPDSF Protective Data Security Plan (PDSP) Template DETAILED

vpdss elements

VPDSS Elements

 

August 2018 Reporting (High-Level PDSPs)

To be compliant with the Privacy and Data Protection Act 2014, an organisation must report to OVIC by 31 August 2018 using one of the templates below:

20180226 Letter re High Level PDSP and revised attestation V1.1
Introductory Letter

Text from the letter from the Victorian Information Commissioner to:

•    Departmental Secretaries

•    Cenitex

•    Victoria Police

dated 26 February 2018

Click here to download
Factsheet Icon Attestation and PDSP
Factsheet - Attestation and Reporting Options

This fact sheet provides information to public sector agencies and bodies about options for submitting a Protective Data Security Plan (PDSP) and providing an attestation for the Office of the Victorian Information Commissioner (OVIC).

The factsheet can also be downloaded here.

Single Org Model Image
Template Option 1 - High Level PDSP (Single Organisation)

An organisation submits a high level Protective Data Security Plan (PDSP) and provides an attestation on its own behalf only (single organisation model). 

Nb. OVIC does not mandate the use of any particular approach, with the selection of either reporting option residing with each organisation.

Click here to download

This template comprises three parts:

Part A:  Agency or Body details

Part B:  Compliance status and key activities (planned or in progress)

Part C:  Attestation

Multiple Org Model Image
Template Option 2 - High Level PDSP (Multiple Organisations)

An organisation submits a consolidated high level Protective Data Security Plan (PDSP) and provides an attestation on its own behalf, and for and on behalf of one or more additional public sector agencies or bodies (multiple organisation model).

The multiple organisation model may be used in a portfolio setting where agencies or bodies fall within the portfolio of responsibilities of a Department or where a number of organisations of a similar form or function choose to consolidate their efforts.

Nb. OVIC does not mandate the use of any particular approach, with the selection of either reporting option residing with each organisation.

Click here to download

This template comprises three parts:

Part A:  Agency or Body details

Part B:  Compliance status and key activities (planned or in progress)

Part C:  Attestation

 

Online Portal

OVIC has established an online portal to enable the August 2018 submission of high level Protective Data Security Plans (PDSPs). To submit your high level PDSP, navigate to the Data Protection section of the OVIC website (www.cpdp.vic.gov.au/security).

The portal will be availabile for high level PDSP submission from 1 July 2018 to 31 August 2018.

 

CPDP Examples

ismf public.png

CPDP internal Security Management Framework (public version)

iisp public.png

CPDP internal Information Security Policy (public version)

 

 

Other

Status of WoVG documentation published by Enterprise Solutions Branch post release of the VPDSS: A list of documentation related to information security, information management and identity and access management published by Enterprise Solutions Branch http://www.enterprisesolutions.vic.gov.au/business-systems-policy-and-standards/ and their status post the release of the VPDSS for in scope agencies information.