Skip to main content

Information security

The Government-wide adoption of common policy, standards, guidelines and processes for information security, including data classification and management, enables the Victorian Government to reduce the risk of inappropriate information release or access.

Enterprise Solutions commissioned BAE Systems to develop risk assessments of the Microsoft, Google and AWS Cloud Services for the Victorian Government. If you are an employee or contractor within the Victorian Government and would like electronic copies of these documents, please get in touch via the ‘Contact’ function at the bottom of this page.


  • SEC POL 01 Information Security Management Policy: Policy for the implementation of information security across specified Victorian Government departments, agencies, and State-owned enterprises.
    Download: PDF (622 KB)


Please note: annual reporting requirements relating to SEC STD 01 Information Security Management Framework no longer apply.

  • SEC STD 01 Information Security Management Framework: Standard for the implementation of an Information Security Management Framework (ISMF) which complies with SEC POL 01 Information Security Management Policy.
    Download: PDF (840 KB)
  • SEC STD 02 Critical Information Infrastructure Risk Management: Standard for the identification and protection of Critical Information Infrastructure (CII).
    Download: PDF (506 KB)
    NOTE: Under the transitional arrangements noted at the top of this page, reporting under Security Standard 02 is no longer required.
  • SEC STD 03 Information security – Penetration testing: This standard describes the minimum requirement for Victorian Government departments and agencies to conduct independent penetration testing on their information systems and infrastructure to identify vulnerabilities and weaknesses in security controls.
    Download: PDF (465 KB)
  • SEC STD 10 – WoVG Standard – Information Security – IP Address Management: This standard covers the management of publicly routable IPv4 addresses within the Whole of Victorian Government (WoVG). It also covers the transition from IPv4 to IPv6. This standard will assist with proper attribution of alerts from the Commonwealth Cyber Security Operations Centre (CSOC).
    Download: PDF (333 KB)
  • FAQs have also been developed to assist with the implementation of this standard.
  • Download: PDF (364 KB)


  • SEC GUIDE 01 ISMF Implementation Guide: Departments, agencies and State-owned enterprises can use this guideline to assist in the implementation of the Information Security Management Framework standard SEC STD 01.
    Download: PDF (821 KB)
  • SEC GUIDE 02 Business Impact Levels and Other Criteria: This guideline specifies business impact levels and other criteria which are intended for use when establishing the consequence and impact of risk in Victorian Government projects, and where a common basis is required across agencies e.g. when agencies cooperate, or share systems or information.
    Download: PDF (452 KB)
  • SEC GUIDE 03 Information security penetration testing guideline: This guideline assists departments and agencies with the implementation of SEC STD 03 (Penetration Testing).
    Download: PDF (428 KB)
    SEC GUIDE 04 Safeguarding information while travelling guideline: Assists with fulfilling information security obligations when working remotely or travelling on business.
  • Download: PDF (423 KB)
  • SEC GUIDE 06 Information security cloud computing security considerations guideline: This guideline assists departments and agencies to make an informed decision as to whether cloud computing is currently suitable to meet their business goals with an acceptable level of risk.
    Download: PDF (410 KB)
  • SEC ADV 02 1 IB CII FAQs: CII Frequently Asked Questions.
    Download: PDF (320 KB)


Victorian Government departments and agencies may be entitled to receive the following services that DPC has subscribed to on their behalf, including:

AusCERT is a trusted source of information security advice. The organisation assists members with services that aid in the prevention and detection of information security incidents. Members receive updates on emerging threats and vulnerabilities, and recommendations on how to mitigate them.

To confirm whether a Victorian Government department or agency is entitled to receive this service, contact AusCERT via their email membership[at]

Information Security Forum (ISF)
The ISF provides unique authoritative advice, guidance and resources on all aspects of information security management for the Victorian Government. This resource is available to all inner and outer budget departments and agencies. Learn more about ISF or create an account that will provide access to ISF services. Note that all new ISF accounts created for Victorian Government departments and agencies are approved by Enterprise Solutions.

Cyber security alerts
In accordance with the Australian Government, Enterprise Solutions acts as a central point of contact for the distribution of cyber security alerts for the Victorian Government.

We provide information security alerts to ensure CIOs, information security specialists and service providers are aware of current information security threats, issues and risks. Enterprise Solutions recommends that Victorian Government departments and agencies liaise with their IT service providers to identify information security threats, issues and risks, and confirm that adequate and timely remediation is undertaken.

Does your Victorian Government department or agency want to receive cyber security alerts from Enterprise Solutions? Let us know by using the ‘Contact’ form at the bottom of this page.


  • SEC TEMP 01-1 Self Assessment VG Compliance Report Agency Input
    XLS (223 KB)
  • SEC TEMP 01-2 ISMF Implementation Checklist
    Download: PDF (118 KB)
  • SEC TEMP 01-3 Inner Budget ISMF Summary Compliance Report Output
    Download: PDF (327 KB)
  • SEC TEMP 01-4 IB Self Assessment Compliance SUMMARY Report Output
    XLS(37 KB)
  • SEC TEMP 02-1 IB CII Register Template Agency Input
    XLS (15 KB)
  • SEC TEMP 02-2 IB CII Health Check Template Agency Input
    Download: PDF (239 KB)
  • SEC TEMP 02-3 IB CII Health Check Report SUMMARY Output
    Download: PDF (257 KB)