OVIC has raised the bar, as any good regulator should, by lifting the VPDSS Elements up from a supporting document and into the standards themselves.
We think this is somewhat controversial, as it appears to make the VPDSS more prescriptive,owing to it taking away some of the flexibility for Victorian departments/agencies to adopt an alternative (i.e.a more mature and stable control framework) to achieve the same –or indeed better– outcomes.
But wait, there’s more. The increased emphasis on the VPDSS Elements continues, with updated PDSP Protective Data Security Planreporting. Instead of a high-level summary for each of the 18 standards used previously, you will need to assess (and provide) the status of all 95 Elements… by 31 August 2020…surprise!
Oh, don’t forget to prepare a Security Risk Profile Assessment (SRPA) that supports the PDSP you submit to OVIC. You can find the requirements for an SRPA and PDSP in the Victorian Privacy and Data Protection Act (2014). That’s the compliance bit that remains steadfast.
Don’t worry, it’s good news!
We’re happy that the reporting against VPDSS Elements is very much the equivalent of a Statement of Applicability (SOA) used by industry for ISO/IEC 27001 and by the Australian Government in its information security assessments. That’s a good thing in our book! It makes the uplift workable.
Here’s how to make your VPDSS task easier…much easier.
We’re here to help.Our combined assessment and management system functionality will help you continually improve over time.
With 6clicks, you can quickly and easily perform assessments of compliance against the VPDSS 2.0 (95 Elements) internally or of third parties.
Assessment can be conducted by your own organisation or by working collaboratively with any number of Service Providers (consultancies) that now choose 6clicks when performing assessments for you.
Use of a service provider can help bring independence, expert opinion and credibility to your assessment of compliance.
Our platform can also help you:
– Record your information assets and classifications,
– Create risks and treatment plans,
– Report progress of control implementation and security incidents and issues including assessment results, and you can even
– Translate between the VPDSS and other frameworks such as ISO/IEC 27001.
Grab a free trial account below. We’re happy to help make this easier.