This follows recommendations from the Victorian Ombudsman in May 2020 that the department implements a procedure to periodically check the currency of user lists for CRISSP.
The primary safeguard for protecting information held in CRIS and CRISSP involves revoking user access when employees cease working in a relevant role at a funded organisation. Complying with user management procedures is a contractual requirement under the Agreement for the access to and use of information on the CRIS and CRISSP systems (‘the Agreement’).
Under the Agreement, funded organisations must appoint an Organisation Authority (OA) who is responsible for keeping CRIS and CRISSP access permissions up to date and ensuring that people only have access where it is essential for their work.
The last CRIS and CRISSP user access audit was completed in September 2023.
Formal notification of the March audit will be provided to funded organisations closer to the date.
If you have questions about the audit program, email ClientInformationSystems.Audit@dffh.vic.gov.au
Any questions about Privacy can be directed to your Agency Performance and System Support (APSS) Adviser.