JavaScript is required

New third party cyber incident notification process

The Department of Transport and Planning has implemeted a cyber security incident and data breach notification process for third party providers. All third party providers who work with the Department should follow the process.

Flowchart showing the Third party breach notification process

About the notification process

The process below provides general guidance about the steps third parties should take in the event of a cyber incident which impacts Departmental data, information and systems. It is not intended to replace or vary your existing legal obligations to the Department, including your obligations under your agreement with the Department with respect to confidentiality, privacy and data protection.

Third party breach notification process

The process provides general guidance on how to notify the Department. It is not intended to replace or vary your existing legal obligations to the Department, including your obligations under your agreement with the Department with respect to confidentiality, privacy and data protection.

The process provides guidance for what third party providers should do:

  1. If your business experiences a cyber incident and DTP information, data and systems have been breached/compromised.
  2. If your business experiences a cyber incident and DTP information, data and systems haven’t been breached/compromised.

An easy to follow checklist is available for you to follow in providing incident details to DTP.

Once you have notified your primary DTP contact, an internal process will begin.

Our obligations to notify OVIC about cyber incidents

Additionally, the Department has obligations to notify the Office of the Victorian Information Commissioner (OVIC) of certain information security incidents. So that the Department can fulfil its obligations, we are requesting all contractors follow the notification procedures and workflows outlined above, in situations where they become aware data provided by, or on behalf of, the Department may be breached.

Contact us

Contact the DTP Cyber Security branch for further information or questions.

Updated