VIC.GOV.AU | Policy and Advisory Library

Information security

All school and corporate staff must take reasonable steps to protect personal and health information they create, handle or for which they have responsibility.

Schools must make sure that personal and health information is:

  • stored securely
  • protected from loss
  • protected from unauthorised access, changes or sharing
  • destroyed or disposed of according to department policies when no longer required.

Information and communication technology security policies

Several department policies guide how to use information and communication technology (ICT).

Information Security explains the requirements for protecting school information.

Software and Administration Systems outlines the requirements for schools before buying or renewing software contracts and when auditing existing software.

Portable Storage Device Security Policy (staff login required)External Link explains how to protect portable storage devices that have sensitive or protected information.

Digital Technologies – Responsible Use policy explains how schools should help students to use technology safely and responsibly.

Procurement of ICT systems

When schools procure third-party systems, all legal obligations must be covered in the contract. For example, it should include requirements relating to privacy, data protection and records management.

For details, refer to Software and Administration Systems.

Includes information on ICT security policies and procurement of ICT systems.

Reviewed 10 July 2025

Was this page helpful?