Case Study

Victorian Ombudsman

The Victorian Ombudsman investigates complaints about state government departments, most statutory authorities and local government. The Ombudsman is independent and impartial and provides a free service. The Ombudsman has the power to investigate decisions, actions and conduct of Victorian government departments and statutory bodies and employees of local government (councils). This includes reviewing the lawfulness of those agencies’ actions or decisions, as well as the reasonableness and fairness of the actions.

How we helped them

How we helped

Investigations conducted by the Victorian Ombudsman can involve very sensitive information. To protect this information, Blueprint Information Security was engaged to assist with the implementation of an Information Security Management System (ISMS) aligned to the ISO 27001 international standard. This engagement included the development of information security policies and procedures, as well as a set of tools to assist with the ongoing management of the ISMS.

The ISMS will enable ongoing visibility and effective treatment of information risks at Victorian Ombudsman. It will also provide assurance that the Victorian Ombudsman is dedicated to the secure handling and storage of information and has implemented a well-managed, international best practice management system to achieve this goal.

Following the completion of the ISMS project, Blueprint Information Security was engaged to redevelop the organisation’s risk management framework, including the risk management policy, risk management procedure, and risk assessment criteria. The framework was developed based on the ISO 31000 international standard for risk management, and the Australian standards HB 436 and HB 89.