About the notification process
The process below provides general guidance about the steps third parties should take in the event of a cyber incident which impacts Departmental data, information and systems. It is not intended to replace or vary your existing legal obligations to the Department, including your obligations under your agreement with the Department with respect to confidentiality, privacy and data protection.
Third party breach notification process
The process provides general guidance on how to notify the Department. It is not intended to replace or vary your existing legal obligations to the Department, including your obligations under your agreement with the Department with respect to confidentiality, privacy and data protection.
The process provides guidance for what third party providers should do:
- If your business experiences a cyber incident and DTP information, data and systems have been breached/compromised.
- If your business experiences a cyber incident and DTP information, data and systems haven’t been breached/compromised.
An easy to follow checklist is available for you to follow in providing incident details to DTP.
Once you have notified your primary DTP contact, an internal process will begin.
Our obligations to notify OVIC about cyber incidents
Additionally, the Department has obligations to notify the Office of the Victorian Information Commissioner (OVIC) of certain information security incidents. So that the Department can fulfil its obligations, we are requesting all contractors follow the notification procedures and workflows outlined above, in situations where they become aware data provided by, or on behalf of, the Department may be breached.
Contact us
Contact the DTP Cyber Security branch for further information or questions.
Updated