🤖 Ready for Sovereignty 2026: Australian Insights Report. Get your copy
MarketplaceCybersecurityPDSP
CybersecurityGuideline

PDSP

Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7

Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).

Book your strategy callView source ↗

Overview

A Protective Data Security Plan (PDSP) is a formal, risk-based information security plan required under the Victorian Protective Data Security Framework (VPDSF) and administered by the Office of the Victorian Information Commissioner (OVIC). The PDSP documents how a Victorian Public Sector (VPS) organisation protects public sector information, manages information security risks, and complies with the Victorian Protective Data Security Standards (VPDSS). It is developed following a Security Risk Profile Assessment (SRPA) and outlines the organisation’s current security posture, identified risks, implemented controls, risk treatment activities, third-party assurance measures, and planned security improvements. The plan must address governance, personnel, ICT, physical, and information security controls, including obligations relating to contracted service providers that handle government data on the organisation’s behalf. VPS organisations are also expected to regularly review and update the PDSP, particularly when significant operational, technological, legislative, or risk-related changes occur, and submit the plan to OVIC as part of ongoing compliance and assurance obligations.

Related in Cybersecurity

CybersecurityStandard

ISO/IEC 27018:2025 — ISO/IEC 27018:2025 Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27018:2025 is the global standard for managing personally identifiable information (PII) in public cloud services. It provides cloud providers with a framework to ensure privacy, security, and compliance when processing customer data.

International Organization for Standardization (ISO) • v2025

View details
CybersecurityStandard

ISM CCM — Information Security Manual Cloud Controls Matrix Template

The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

ISM SSP — Information Security Manual System Security Plan Annex Template

The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability

The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.

Australian Government • Australia • vJune 2026

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call