Victorian Numbered Regulations Victorian Numbered Regulations(1) The Principal Public Interest Monitor must develop written procedures for dealing with witness protection data, including the creation and maintenance of the following—
(a) an information security policy;
(b) an access control policy;
(c) procedures for monitoring access activities in respect of witness protection data;
(d) procedures for ensuring that all witness protection data is adequately protected;
(e) a risk management policy for identifying, analysing and treating security risks to witness protection data;
(f) reporting, escalation and response procedures for information security events or identified weaknesses in information security that may affect witness protection data;
(g) a process for the continual monitoring and improvement of an information security incident.
(2) In this regulation—
"information security event" means an identified occurrence of an information system, service or network state indicating—
(a) a possible breach of information security policy; or
(b) a failure of safeguards; or
(c) a previously unknown situation that may be security relevant;
"information security incident "means a single information security event or a series of information security events that is likely to have compromised the security of information.