The primary safeguard for protecting information held in CRIS and CRISSP involves revoking user access when employees cease working in a relevant role at a funded organisation. Complying with user management procedures is a contractual requirement under the Agreement for the access to and use of information on the CRIS and CRISSP systems (‘the Agreement’).
Under the Agreement, funded organisations must appoint an Organisation Authority (OA) who is responsible for keeping CRIS and CRISSP access permissions up to date and ensuring that people only have access where it is essential for their work.
The last CRIS and CRISSP user access audit was completed in September 2025.
If you have questions about the audit program, e-mail ClientInformationSystems.Audit@dffh.vic.gov.au.