Name of public sector agency or body
Public sector body Head
(e.g., Department Secretary, CEO)
Full Name
Position Title
Phone Number
Email Address
Postal Address
Information Security Lead
(The organisation's nominated contact regarding the VPDSS)
Full Name
Position Title
Phone Number
Email Address
Postal Address
In which part of the organisation does the ongoing management of the information security program reside?
Name of the Victorian government portfolio in which the organisation operates
(Character limit 2,500)
Please select any challenges or barriers that may be inhibiting implementation of the Standards.
Please describe any challenges of barriers towards the implementation of the Standards (Character limit 1,000)
This section assists OVIC’s understanding of the organisation’s security profile.
Number of employees within the organisation
Full-Time Equivalent
Contractors
Volunteers
Does the organisation have Industrial Automation and Control Systems (IACS)?
Does the organisation obtain, generate, receive or hold information at Business Impact Level (BIL) 3 or higher?
Provide an approximate protective marking breakdown of the organisation's information assets:
Information Security Incidents
How many information security incidents were recorded in the organisation's internal incident register over the last 24 months?
Of these incidents, how many affected information assets of a BIL 2 or higher?
Third-Party Arrangements
How many third-party arrangements currently have direct access to the organisation's information and information systems?
What is the highest protective marking that third parties are accessing?
How did the organisation validate the PDSP prior to submission to OVIC?
1. Does your organisation use Generative Artificial Intelligence (Gen AI)?
If you have selected Planning or Yes:
a. Nominate which tools are proposed or in use:
If 'Other', specify any additional tools. (300 character limit)
b. Select the types of public sector information proposed or in use as inputs into Large Language Models (LLMs) within your organisation.
If 'Other', specify any additional tools. (300 character limit)
c. Select one or more of the boxes below to indicate the BIL rating of public sector information proposed or in use as inputs into LLMs within your organisation.
2. Do any of your Contracted Service Providers (CSPs) use Gen AI, in respect of public sector information collected, held, used, managed, disclosed or transferred on behalf of the organisation?
If you have selected Planning or Yes:
a. Nominate the Gen AI tools being proposed or in use by the CSP:
If 'Other', specify any additional tools. (300 character limit)
b. Select the types of public sector information proposed or in use as inputs into Large Language Models (LLMs) within your organisation.
If 'Other', specify any additional tools. (300 character limit)
c. Select one or more of the boxes below to indicate the BIL rating of public sector information proposed or in use as inputs into LLMs by the CSP.
Under Part 4 of the Privacy and Data Protection Act 2014 (PDP Act) and Standard 9 of the Victorian Protective Data Security Standards 2.0 (the Standards),
I
attest that (E9.040) I am the public sector body Head of
and my organisation:
Print name:
Position:
Date:
Insert signature here
Each VPDSS Standard requires an assessment in the PDSP. These standards correspond to the Security Domain Categories in the VPDSF Cybersecurity Framework in Cybersecurity Office.
The report consists of a point-in-time snapshot of the Standards, which are automatically populated when the report is first created.
The current list of standards in the report correspond to the subsequent steps in this part of the wizard.
The Security Domain Categories in the VDPSF Cybersecurity Framework may change over time or during the assessment.
Hit the following button to synchronise Part A of the report. This will result in the following:
The bulk of the content is derived from the assessments previously performed and the Roadmap of Tasks and Work Packages, which takes into account the current state across the organisation, as well as any specific nuances within specific areas or systems.
The PDSP allows for additional commentary to be provided for each standard. Once Synchronized, step through each of the Standard Assessments to review the state and add any additional commentary if required.
Name of public sector agency or body
Public sector body Head
(e.g., Department Secretary, CEO)
Full Name
Position Title
Phone Number
Email Address
Postal Address
Information Security Lead
(The organisation's nominated contact regarding the VPDSS)
Full Name
Position Title
Phone Number
Email Address
Postal Address
In which part of the organisation does the ongoing management of the information security program reside?
Name of the Victorian government portfolio in which the organisation operates
(Character limit 2,500)
Please select any challenges or barriers that may be inhibiting implementation of the Standards.
Please describe any challenges of barriers towards the implementation of the Standards (Character limit 1,000)
This section assists OVIC’s understanding of the organisation’s security profile.
Number of employees within the organisation
Full-Time Equivalent
Contractors
Volunteers
Does the organisation have Industrial Automation and Control Systems (IACS)?
Does the organisation obtain, generate, receive or hold information at Business Impact Level (BIL) 3 or higher?
Provide an approximate protective marking breakdown of the organisation's information assets:
Information Security Incidents
How many information security incidents were recorded in the organisation's internal incident register over the last 24 months?
Of these incidents, how many affected information assets of a BIL 2 or higher?
Third-Party Arrangements
How many third-party arrangements currently have direct access to the organisation's information and information systems?
What is the highest protective marking that third parties are accessing?
How did the organisation validate the PDSP prior to submission to OVIC?
1. Does your organisation use Generative Artificial Intelligence (Gen AI)?
If you have selected Planning or Yes:
a. Nominate which tools are proposed or in use:
If 'Other', specify any additional tools. (300 character limit)
b. Select the types of public sector information proposed or in use as inputs into Large Language Models (LLMs) within your organisation.
If 'Other', specify any additional tools. (300 character limit)
c. Select one or more of the boxes below to indicate the BIL rating of public sector information proposed or in use as inputs into LLMs within your organisation.
2. Do any of your Contracted Service Providers (CSPs) use Gen AI, in respect of public sector information collected, held, used, managed, disclosed or transferred on behalf of the organisation?
If you have selected Planning or Yes:
a. Nominate the Gen AI tools being proposed or in use by the CSP:
If 'Other', specify any additional tools. (300 character limit)
b. Select the types of public sector information proposed or in use as inputs into Large Language Models (LLMs) within your organisation.
If 'Other', specify any additional tools. (300 character limit)
c. Select one or more of the boxes below to indicate the BIL rating of public sector information proposed or in use as inputs into LLMs by the CSP.
Under Part 4 of the Privacy and Data Protection Act 2014 (PDP Act) and Standard 9 of the Victorian Protective Data Security Standards 2.0 (the Standards),
I
attest that (E9.040) I am the public sector body Head of
and my organisation:
Print name:
Position:
Date:
Insert signature here
An organisation establishes, implements and maintains an information security management framework relevant to its size, resources and risk posture.
| VPDSS Standard 1 Elements | Entity Risk Status Reference(s) |
Supporting Control Library |
Status | Proposed Completion (financial year) |
|---|
| Current | 2024 Target | 2026 Aspiration |
|---|---|---|
| Informal | Basic | Core |
Use this space to provide any additional commentary around the organisation's implementation of this Standard (optional) No character limit
An organisation establishes, implements and maintains an information security management framework relevant to its size, resources and risk posture.
| VPDSS Standard 1 Elements | Entity Risk Status Reference(s) |
Supporting Control Library |
Status | Proposed Completion (financial year) |
|---|
| Current | 2024 Target | 2026 Aspiration |
|---|---|---|
| Informal | Basic | Core |
Use this space to provide any additional commentary around the organisation's implementation of this Standard (optional) No character limit
Deleting this entity is permanent.
Are you sure you wish to continue?
AADSTS650052: The app needs access to a service ('https://azure.securearc.com/cybersecurityapi') that your organization '95502fe3-6bc2-4cdb-b64a-344f8d85034d' has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions.
Trace ID: 4a729fb4-d4d1-4374-aa2c-ce0c2b2c3300
Correlation ID: 4837ad37-9a94-4bbb-ba82-baeef1310d76
If you have an alternative user account associated with an organisation that has subscribed to the service, please Log Out and Log In again with the required account.
The content of your modal.
The selected entities are in the process of being deleted. Please wait...
Please wait while we determine where the delay is coming from...
1.7.1
Loading...
Progress
Analysing...