The Victorian Protective Data Security Framework requires a number of ongoing, operational activities to ensure adequate protection of information.

Loop can assist with validating progress against targets and compliance goals advised when the mandatory compliance reporting submissions were provided to OVIC prior to August 31, 2018.



We have extensive experience helping Victorian Government Organisations plan out and deliver progress against VPDSS compliance, through a range of consulting services focused on implementing the following foundational elements of your VPDSS Compliance Program:

  • Standard 1 – Security Management Framework
  • Standard 2 – Security Risk Management
  • Standard 3 – Security Policy and Procedures

Managed Security Services

In addition to Consulting assistance, Loop has a number of Managed Security Services which address components of the standard, some of which are outlined below:

Standard 4 - Information Access

  • IAM-080 Organisations actively manage privileged access accounts and ensure separation from normal access accounts. 
How Loop Assists:

Our Managed Detection & Response (MDR) Service helps detect changes to normal and privileged accounts, aiding in automating and auditing this management.

Standard 7 - Security Incident Management

Security Incident Management requires, among outcomes:

  • SIM-040 Security incident management policies and procedures, which
  • SIM-070 Organisations monitor and review security incidents and investigations to validate and update security incident management procedures and activities.
How Loop Assists:

Our MDR service which includes Incident Response capabilities, delivers compliance with these specific components of Standard 7.

Standard 17 – Information Communications Technology (ICT) lifecycle

  • ICT-040 Organisations have an ICT system accreditation framework for systems transmitting, processing or storing security classified information. [Loop's Vulnerability Management Service (VMS) and Penetration Testing services are useful precursors to accrediting platforms]
  • ICT-050 Organisations manage vulnerabilities to their ICT systems throughout the ICT system lifecycle. [Loop VMS delivers this outcome]
  • ICT-100 Organisations have hardened standard operating environments (SOEs) for workstations and servers commensurate with security risk. [Loop VMS automates auditing that these SOEs remain in place and effective]
  • ICT-120 Organisations have system logging and monitoring to record events. [A key outcome of Loop MDR]

Standard 6 – Security Training and Awareness

  • STA-010 Organisation’s training policies and procedures include security training and awareness.
  • STA-020 Security training and awareness is delivered to all persons, upon engagement and regular intervals thereafter.
How Loop Assists:

We can develop a customised Security Training and Awareness policy and procedure that is compliant with Standard 6.
We also have training and phishing platforms to help deliver the training in line with Standard 6 requirements, for both employees and developers.


If you would like to discuss any of this further please reach out and we can arrange a time to talk.