High Level Compliance Review of CLEDS Standard 31: Risk Management

April 2008

The intent of Standard 31 is to ensure Victoria Police has implemented a process to identify and manage risks to the security of law enforcement data.

The Commissioner noted that Victoria Police is recognised as the benchmark for risk management best practice in Government by the Victorian Managed Insurance Authority. With regard to CLEDS Standard 31, however, Victoria Police needs  to pay more specific attention to information security as an area of risk exposure.

To be fully compliant with the Standard, the Commissioner has recommended that Victoria Police treat information security in a uniform manner across the Force as a general business risk, rather than just an IT risk; improve on-going monitoring where information security risks are identified; and encourage information security risk management  by external agencies with direct access to Victoria Police law enforcement data systems.

The Risk Management report can be downloaded using the box at the topr right of this page.