Figure B1
Capability levels and descriptions based on COBIT 5 ISO/IEC 15504 capability levels

We have consulted with DEDJTR, DELWP, DHHS, DJR and Victoria Police, and we considered their views when reaching our audit conclusions. As required by section 16(3) of the Audit Act 1994, we gave a draft copy of this report, or relevant extracts, to those agencies and asked for their submissions and comments. We also provided a copy of the report to the Department of Premier and Cabinet.

Responsibility for the accuracy, fairness and balance of those comments rests solely with the agency head.

Responses were received as follows:

In this part of the report, we assess whether Victoria Police can effectively recover its critical ICT systems and data if a disruption occurs.

Victoria Police's disaster recovery processes are not robust enough to effectively and efficiently recover all critical systems after a disruption. The agency currently only has capability to recover selected critical systems. Victoria Police needs to do additional work to further develop its disaster recovery processes and capabilities to minimise any loss of critical services in the event of a disruption.

In this part of the report, we assess whether DJR can effectively recover its critical ICT systems and data if a disruption occurs.

DJR's disaster recovery processes are not robust enough to effectively and efficiently recover all critical systems after a disruption. DJR currently only has capability to recover selected critical systems. The department needs to do additional work to further develop its disaster recovery processes and capabilities to minimise any loss of critical services in the event of a disruption.

In this part of the report, we assess whether DHHS can effectively recover its critical ICT systems and data if a disruption occurs.

DHHS's disaster recovery processes are not robust enough to effectively and efficiently recover all critical systems after a disruption. DHHS currently only has capability to recover selected critical systems. The department needs to further develop its disaster recovery processes and capabilities to minimise any loss of critical services in the event of a disruption.

In this part of the report, we assess whether DELWP can effectively recover its critical ICT systems and data if a disruption occurs.

DELWP's disaster recovery processes are not robust enough to effectively and efficiently recover all critical systems after a disruption. DELWP currently only has capability to recover selected critical systems. The department needs to further develop its disaster recovery processes and capabilities to minimise any loss of critical services in the event of a disruption.

In this part of the report, we assess whether DEDJTR can effectively recover its critical ICT systems and data if a disruption occurs.

DEDJTR's disaster recovery processes are not robust enough to effectively and efficiently recover all critical systems after a disruption. DEDJTR currently only has capability to recover selected critical systems. The department needs to further develop its disaster recovery processes and capabilities to minimise any loss of critical services in the event of a disruption.

The Victorian Government delivers a diverse range of services that are important to the economic and social wellbeing of Victorians—from management of state finances to child protection and criminal justice.

Information and communications technology (ICT) systems are critical for the operations of government agencies. Agencies depend on them to: