New funded agency information security incident triage and reporting (ISITR) guide

19 May 2023
The Department of Families, Fairness and Housing (DFFH) and Department of Health (DH) have developed a guide to assist organisations with reporting information security incidents, including ransomware attacks and intrusion activities to the department.

As part of the service agreement obligations, organisations must report information security incidents to the department (Clause 17). This extends to any third parties who support your agency and may hold government/public sector data (for example, an IT contractor that the organisation engages). Reporting ensures the department has oversight of information security incidents involving public sector data and can support organisations during an information security incident.

The guide contains information, templates and guidelines on reporting an information security incident (Privacy-related or Cyber-related incidents) methodically and effectively.

The Victorian Protective Data Security Standards (VPDSS) principles and relevant frameworks inform the structure and content of the handbook. Information Security incidents managed as per the handbook comply with the Victorian State Government legislation and regulations.

For further information, visit the Information Security and Funded Agency SharePoint site.