Victorian Protective Data Security Framework (VPDSF)

The office of the Victorian Information Commissioner (OVIC) provides a 5 Step Action Plan to assist in managing information security risks for Victorian Public Sector (VPS) organisations.

Five Step Action Plan
01 02 03 04 05
Identify your information assets Determine the 'value' of this information Identify any risks to this information Apply security measures to protect the information Manage risks across the information lifecycle

How-to: A guide to completing the 2024 Protective Data Security Plan (PDSP)

The five steps above are complemented by the pre-requisites required for VPS organisations to produce a Protective Data Security Plan (PDSP), in the How-to guide, which states:

Before developing a PDSP, you need to have: 

  • an understanding of the organisation’s information assets and systems;
  • undertaken a security value assessment for these information assets and systems;
  • undertaken a SRPA (information security risk assessment) for these information assets and systems; and
  • understand the security controls already in place to protect the organisation’s information assets and systems to develop a risk treatment plan.

Cybersecurity Office: Streamlining Your PDSP Preparation

Cybersecurity Office supports each of the 5 Steps in the Action Plan and all of the pre-requisites for the PDSP in a simple, point and click interface via a centralised enterprise-ready SaaS solution.