Melbourne Polytechnic

Content Security helps Melbourne Polytechnic strengthen its information security posture with the adoption of VPDSF

Want to learn more?

Contact us for more information

project info


Content Security helps Melbourne Polytechnic strengthen its information security posture with the adoption of VPDSF. 

Client:
Melbourne Polytechnic
Industry:
Education

melbourne-polytechnic-logo-300x123

 

Content Security helps Melbourne Polytechnic strengthen its information security posture with the adoption of VPDSF. 

One of Victoria’s largest higher education and vocational training providers, Melbourne Polytechnic offers a wide array of certificate, diploma and degree courses to 30,000 students across seven campuses in the city’s north.

The institution is one of the largest TAFEs and is funded by the Victorian State government.

 

The challenge

Released in June 2016, the Victorian Protective Data Security Framework provides direction to the
state’s public sector agencies and bodies on their security obligations.

Melbourne Polytechnic, being a public sector agency, is required to adhere to the Victoria Protective
Data Security Framework (VPDSF). This act recommends a five-step process to develop effective
data security. This means developing, implementing and maintaining their own Security Risk Profile
Assessment to help build the protective data security plan.

VPDSF provides a minimum set of protective data security requirements across governance, information
security, personnel security, ICT security and physical security. These requirements, coupled with
assurance actions, are designed to assist public entities such as Melbourne Polytechnic mitigate
information security risks.

With limited resources and a short time frame, Melbourne Polytechnic was facing the challenge to
comply with these significant regulatory demands unaided.

 

The solution

While Melbourne Polytechnic maintains an internal cyber-security team, it did not have the capacity to
comply with these significant regulatory demands unaided.

Following a procurement process, Melbourne Polytechnic elected to work with Content Security, an
IT security consultancy firm with offices in Brisbane, Sydney and Melbourne. The Australian-owned
organisation helps companies through their journey towards compliance and risk, as well as technology
solutions, security architecture and secure cloud.

“The VPDSF process was very well structured but did have reasonably tight deadlines. We did a fair
bit of early work ourselves and had made good progress but we realised we needed some additional
expertise,” says Peter Brusco, former CIO, Melbourne Polytechnic.

“We went to tender for consultancy services and decided to work with Content Security. They came on
board with some really experienced people, tried and tested processes and helped us navigate the end
to end VPDSF course.”

Many of the compliance activities Melbourne Polytechnic needed to undertake were outside the scope
of traditional cyber-security operations.

Brusco says, “It’s not efficient for us to maintain extensive security resources in-house and we do rely on
external partners for assistance with specialised and demanding work like this.”

“At the same time, we had never undertaken the VPDSF compliance activities before, whereas Content
Security had been through the process a number of times. Thanks to the expertise of the Content
Security personnel, we were able to move along at speed and with greater confidence.”

 

The benefits

The assessment exercise was a valuable one as it encouraged organisations to become more aware of
their security posture and to commit to improvement plans where necessary.

“Melbourne Polytechnic performed well against the external benchmarks,” Brusco says. “The
implementation of additional measures identified through the VPDSF process has strengthened our
capacity to withstand cyber-attacks and prevent data breaches."

“The excellent outcomes resulting from our work with Content Security are, for us, just another
phase on a continuous cycle reviewing, hardening and monitoring our security."

“It demonstrates Melbourne Polytechnic’s commitment to cyber security and shows our teaching and
student communities that we prioritise the safe handling and storage of their personal data.”

Contact Us!

What will it take to protect your organisation?

get in touch