The solution must demonstrate No provision 35.2.6 To comply with the
compliance with the VIFM Act Victorian Institute of Forensic 1985. Medicine (VIFM) Act 1985 and The solution must demonstrate No provision the Coroners Act 2008 when compliance with The Coroners dealing with forensic medical Act and related scientific services for Victoria. The solution must demonstrate No provision in relation 35.2.7 To assure compliance compliance with LC-3 NATA National Association of Testing with LC-3 National Association Accreditation. Authorities, Australia (NATA) of Testing Authorities, Australia accreditation (NATA) when required. The Solution must comply with No provision 33.1.4 The Supplier is required the following Standard: Victorian Protective Data to comply with the 18 standards - Victorian Protective Security Standards of the Victorian Protective Data Data Security Standards Security Standards (VPDSS) (VPDSS) which together provides a set of criteria for the consistent application of risk-managed security practices across Victorian government information. Supplier is required to adhere to the VPDSS in line with the compliance requirements set out in section 88 of the Privacy and Data Protection Act 2014 (PDP) Act. The Supplier is also required to comply with the 10 Information Privacy Principles (IPPs) set out in Schedule 1 of the PDP Act, which govern the collection and use of personal information by public service bodies
33.1.4 The Supplier is required
The Solution must comply with to provide a framework to at least one of the following protect and safeguard Standards: information and systems from cyber threats by applying Attorney General’s department security controls. The supplier is required to comply with either: a) Information Security Manual (ISM) issued by the Australian Signals Directorate (ASD). The risk management framework used by the ISM has six steps: define the system, select controls, implement controls, assess controls, authorize the system and monitor the system.
b) Department of Health and
Human Services 72 cybersecurity Controls for Health Service Providers, deliver mandatory training in data security to all staff, align password policies with Australian Signals Directorate guidelines, and conduct annual user access reviews to ensure that only relevant staff have access to digital patient data. - Information security No provision manual (ISM) issued by the Australian Signals Directorate (ASD) - Department of Health No provision and Human Services 72 Controls for Health Service Providers The Solution must comply with the following acts:
- Privacy and "Code of Practice" means a
Data Protection Act code of practice as defined in, 2014 (Vic) and approved under, the Privacy and Data Protection Act 2014 (Vic)
"Information Privacy Principles"
means the information privacy principles set out in the Privacy and Data Protection Act 2014 (Vic)
"Protective Data Security
Standards" means the standards issued under Part 4 of the Privacy and Data Protection Act 2014 (Vic); - Health Records 32.6 The Supplier agrees that it Act 2001 (Vic); will:
32.6.1 be bound by the
Information Privacy Principles, any applicable Codes of Practice and the Health Records Act 2001 (Vic) ("Privacy Obligations") with respect to any act done in connection with the provision of the Services in the same way as the Purchaser would have been bound had the relevant act been done by the Purchaser; - Public Records 22.4 Without limiting the scope Act 1973 (Vic); of clause 22.3, the Supplier shall cooperate with and assist the Purchaser to comply with any obligations imposed by the Public Records Act 1973 (Vic).
“Applicable Legislation”
a) Victorian Institute of Forensic Medicine (VIFM) Act 1985
b) Coroners Act 2008 c) Privacy and Data Protection Act 2014 (Vic) d) Health Records Act 2001 (Vic) e) Public Records Act 1973 (Vic)