New Victorian Protective

Data Security Standards Compliance

New Victorian Protective
Data Security Standards

On 28 October 2019, Sven Bluemmel, Victorian Information Commissioner, issued the Victorian Protective Data Security Standards (VPDSS V2.0).


The VPDSS V2.0 establish 12 high level mandatory requirements to protect public sector information across all security areas including governance, information, personnel, Information Communications Technology (ICT) and physical security.


The VPDSS V2.0 are consistent with national and international standards and describe the Victorian Government’s approach to protecting public sector information. They focus on the outcomes that are required to enable efficient, effective and economic investment in security measures through a risk-managed approach.

Is your organisation compliant with VPDSS V2.0 and ISO 27001?

The Citadel Group provides a range of highly secure information management systems to support organisations in complying with VPDSS V2.0 and other important international standards for information security.


Citadel’s Content Manager as a Service platform, Citadel-IX, is fully compliant with all 12 mandatory requirements of the VPDSS V2.0 as well as being certified to ISO 27001, the international standard for Information Security. Citadel-IX’s unique value proposition is that it is ISO 27001 certified from end-to-end, whereas many other vendors are claiming ISO 27001 compliance simply by hosting their application on an underlying hosting platform that is ISO 27001 certified.


Popular global cloud hosting platforms specifically exclude applications hosted on their platform from the scope of their ISO 27001 certification. In order to achieve full compliance, vendors must implement and maintain a rigorous Information Security Management System that addresses all security risks associated with hosting an application in a secure manner. The security features of Citadel-IX include:


  • A dedicated 24/7 Security Operations Centre based in Australia that provides cyber security protection and detection capabilities
  • A robust Information Security Management System that enforces ISO 27001 standards to ensure a defence-in-depth approach to security including extensive security and access controls to improve privacy for managed content
  • Access controls to the Citadel-IX environment that follow industry best practices using modern authentication methods
  • Secure hosting infrastructure that applies the industry recognised Centre for Internet Security (CIS) Hardening Benchmarks
  • Incident management and response processes that ensure attempted breaches are appropriately handled and acted on in a timely manner
  • Disaster Recovery achieved through geo-redundancy using the built-in Azure services spread over multiple datacentres

Download our “Citadel-IX VPDSS Compliance Whitepaper” to find out more about how Citadel-IX can help your organisation comply with these new Victorian Government Standards.


Colin Anderson, Business Development Manager at Kapish