⚙️Build trust faster with streamlined custody and AI-driven assurance. Register now
Back to marketplace
MarketplaceCybersecurity
CybersecurityGuidelineIn 6clicks App

PDSPProtective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7

Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).

Talk to a GRC ExpertView source ↗

A Protective Data Security Plan (PDSP) is a formal, risk-based information security plan required under the Victorian Protective Data Security Framework (VPDSF) and administered by the Office of the Victorian Information Commissioner (OVIC). The PDSP documents how a Victorian Public Sector (VPS) organisation protects public sector information, manages information security risks, and complies with the Victorian Protective Data Security Standards (VPDSS). It is developed following a Security Risk Profile Assessment (SRPA) and outlines the organisation’s current security posture, identified risks, implemented controls, risk treatment activities, third-party assurance measures, and planned security improvements. The plan must address governance, personnel, ICT, physical, and information security controls, including obligations relating to contracted service providers that handle government data on the organisation’s behalf. VPS organisations are also expected to regularly review and update the PDSP, particularly when significant operational, technological, legislative, or risk-related changes occur, and submit the plan to OVIC as part of ongoing compliance and assurance obligations.

#information security#reporting requirements#incident notification#public sector#victoria

Related in Cybersecurity

CybersecurityGuidelineIn 6clicks App

CISA ZTMM V2 — CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

Issuer
US Department of Homeland Security (DHS)
Jurisdiction
United States
Version
2
Updated
Apr 2023
View detailszero trust · cybersecurity
CybersecurityGuidelineIn 6clicks App

Guidelines on ICT and Security Risk Management

The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.

Issuer
European Banking Authority (EBA)
Jurisdiction
European Union
Version
2025 update
Updated
Jul 2025
View detailsict risk · security management
CybersecurityFrameworkIn 6clicks App

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

Issuer
U.S. Department of Energy
Jurisdiction
United States
Version
2.1
Updated
Jun 2022
View detailscybersecurity · maturity model