On this page
Enter the assessment
From the Self-Assessment Hub homepage, there are two ways to navigate to ‘Assessments’.
1. From the HOME tab, go to ‘ACTIVE ASSESSMENTS’.
2. Click on the Assessment tile and the campaign page will appear.
1. From the tabs bar at the top of the window, click on the ‘ASSESSMENTS’ tab.
2. Click on the assessment name and the campaign page will appear.
Completing assessments and profile questions
There are three requirements to complete once entered in the Cyber Maturity Benchmark assessment: Main assessment (Enter Assessment), Additional Assessment Questions and Assessment Profile Questions.
Follow the below steps if Individual Access or Individual Access/Approver appears at the top right of the Assessment Overview screen.
- Click “Enter Assessment” action button to complete the main assessment.
To answer each of the eight self-assessment questions, select the appropriate level of maturity from the options provided. To help you select the right maturity level, there is a detailed description of the control at the top of the screen, and a description of the relevant control maturity for each of the levels under the Essential Eight (maturity levels zero, one, two and three).
Choose ‘Current’ and ‘Desired’ maturity levels for each of the eight questions.
Definition guide
Current: Select the maturity level for your agency at this current point in time.
Desired: Select the option that best fits the maturity level your agency is working towards.
Navigate the questions
Unanswered questions will have a grey dash next to them in the left-hand question menu.
Status of Assessments
Green Tick: Completed Assessment
Orange Tick: Partially completed Assessment
Red Exclamation Mark: Incomplete Assessment
Control Effectiveness section
To help you assess the effectiveness of the controls in place, there are four additional questions for each of the eight control areas, in the form of dropdown menus. Simply select the option which most accurately represents the arrangements for each type of control. This is a mandatory requirement in this assessment.
- Select your coverage and assurance ratings.
Definition guide
Coverage: The number/percentage of systems in scope which have implemented the security control and the risk impact of systems in scope that are not covered.
Assurance: Who is responsible for maturity assessment of the control (e.g. self-assessed or audited) and how recently.
- Enter any explanatory notes.
You can add information about why the maturity level was chosen for each of the eight control areas, as well as notes about coverage and assurance. This is not a mandatory field.
- Upload supporting evidence you think may be relevant to this topic assessment.
This is not a mandatory field.
To enhance the benchmarking process, additional assessment questions have been introduced. Your responses to these questions will support the Victorian Government in comparing cyber maturity across departments, agencies, and industry sectors. This will provide valuable insights into performance levels and help identify improvement opportunities.
- Click “Enter Assessment” action button to complete the main assessment.
2. Select the appropriate answer from the dropdown box.
3. Once completed, click ‘Okay’.
Each year, we report aggregated results annually to all state government Departments. We have an opt-in option to agencies to share their identified results with their portfolio department. This can be accessed from your Assessment Overview Page under Assessment Profile Questions.
Here, you can opt-in to the data sharing and update other profile specific questions.
- From the Assessment Overview page, click on ‘Assessment Profile Questions’.
- Answer the questions in the pop-up and press ‘Okay’ to save.
Once all assessment questionnaires have been completed, the ‘Waiting for Approval’ orange label will appear next to the assessment name, as well as the “Send for Approval” action button next to the Assessment Profile Questions button.
- Click on the ‘Send for Approval’ action button
- Once modal pop-up appears, check the tick box ‘I confirm sending the notification to the designated Approver’ and click ‘Okay’.
Once a completed assessment has been submitted, the approver can proceed to review and approve it. On the approver’s Overview page, an Approve Assessment action will become available next to the Assessment Profile Questions button. This action allows the approver to finalise the assessment approval after thoroughly reviewing the submitted responses.
- Click on the "Approve Assessment" action button.
- Check the statement “I understand…”
Once all assessment questionnaires have been approved, the "Waiting for Approval" orange label will change to a green tag label.
Reports can be generated after the assessment is approved.
On any of your assessment overview pages, select “Report List” from the sub-menu to view reports specific to that assessment.
To generate a particular report that is available, click on the selected report, i.e. Cyber Maturity Benchmark Results – Executive Summary.
From the dropdown boxes selections;
- Assessment Year: select the “current” value in the dropdown box.
- Profile Category: Keep default box “Empty” ticked.
- Category Value: Keep default box “Empty” ticked.
- Note: For Profile Catergory and Category Value if you require one of the profile question to show in the report, un-tick the “Empty” box and select the required question to be shown in the report.
- Once all value are selected from the dropdown boxes, the report will automatically generate.
To export this report, select the desired format and click “Export” for download.
Checking and approving
Select the required steps for approvers to check and approve the Cyber Maturity Benchmark assessment.
Use these steps if you approve the assessments. You will know this if you see "Approver" at the top right of the Assessment Overview screen.
You will receive an email if an assessment is awaiting your approval.
Click on link in the email to take you to the Assessment Overview page.
Click the "Enter Assessment" action button.
Check 'Current' and 'Desired' maturity levels for each of the eight questions. You can update any responses if required.
Navigate the questions by clicking on ">" to move forward or "<" to move back.
Check the coverage and assurance in the "Control Effectiveness" section for each question.
Check that any Explanatory notes or Evidence supplied are correct. Note: These are not mandatory fields.
Click the "Additional Assessment Questions" action button.
Check the responses in the "Assessment Survey" pop-up. You can update any responses if required.
Click the "Assessment Profile Questions" action button.
Check the responses in the "Assessment Survey" pop-up. You can update any responses if required.
Once a completed assessment has been submitted, the approver can proceed to review and approve it. On the approver’s Overview page, an Approve Assessment action will become available next to the Assessment Profile Questions button. This action allows the approver to finalise the assessment approval after thoroughly reviewing the submitted responses.
- Click on the ‘Approve Assessment’ action button.
2. Check the statement “I understand….”
Once all assessment questionnaires have been approved, the ‘Waiting for Approval’ orange label will change to a green tag label.
You may want to discuss the assessment with the assessor prior to approving it.
If a change needs to be done after the assessment has been approved, please contact the Cyber Service team at cyberservice@vmia.vic.gov.au
Need assistance?
Contact us by email: cyberservice@vmia.vic.gov.au or phone: (03) 9270 6900.
Updated