How to find things on our refreshed website >>
Explore
Close up of hands typing at a keyboard

Self-Assessment Hub Terms of Use

The VMIA Self-Assessment Hub (the Hub) area of this website is operated by the Victorian Managed Insurance Authority (VMIA), which is a statutory authority established under the Victorian Managed Insurance Authority Act 1996 (Vic). The Hub is only accessible to authorised Users.

The Hub contains three self-assessments (assessments):

  • Risk Maturity Benchmark (RMB)
  • Victorian Government Cyber Maturity Benchmark (CMB)
  • Health Sector Cyber Security Assessment (HSCSA).

VMIA provides access to the Hub, including all information, assessments and services available from the Hub; to you, the User. Use of the Hub and its tools constitutes acceptance of these terms and conditions of use (Self-Assessment Hub Terms of Use) and the terms and conditions of use that apply to the other parts of VMIA’s website (the General Terms and Conditions).

1. General

  1. Each agency that wants to use the tools must nominate its User/s.
  2. The Agency agrees that each User:
    1. is authorised to access the Hub;
    2. is acting on the Agency’s behalf; and
    3. has the authority to bind the Agency to these Self-Assessment Hub Terms of Use.
  3. The Agency agrees and acknowledges that use of the Hub by its Users constitutes acceptance of these Self-Assessment Hub Terms of Use.

2. License

  1. The content used in and generated by the tools on the Hub are licensed under a Creative Commons Attribution 4.0 licence [http://creativecommons.org/licenses/by/4.0/].
  2. Agencies are free to re-use all content under that licence, on condition that the State of Victoria (VMIA) is credited as the author, any changes made are noted and the other licence terms are complied with. The licence doesn’t apply to any branding, including Government logos.
  3. VMIA retains all intellectual property rights in the tools including VMIA’s logo and materials.

3. Users

Ensuring compliance by Users

  1. Each Agency must take reasonable steps to ensure that all its Users understand and comply with these Self-Assessment Hub Terms of Use.
  2. Each Agency must not (and must take reasonable steps to ensure that Users do not):
    1. grant any sublicences to exercise any rights in respect of the Hub or permit any third party to use the Hub;
    2. reverse engineer, disassemble, or decompile any software forming part of the Hub;
    3. use the Hub or its tools for any unlawful purpose;
    4. remove, obscure or interfere with any copyright, acknowledgment, attribution, trademark, warning, disclaimer statement, rights management information or serial numbers affixed to, incorporated in or otherwise applied in connection with the Hub;
    5. directly or indirectly introduce or permit the introduction by the Agency’s personnel or any User of any virus, worm, trojan or other malicious code into the Hub, or in any other manner whatsoever corrupt, degrade or disrupt the operation of the Hub;
    6. use the Hub for anything inconsistent with the purpose that it has been made available for use; or
    7. allow Users, personnel or third parties to do anything inconsistent with the terms of these Self-Assessment Hub Terms of Use.

Registration

  1. After the Agency nominates a User in accordance with clause 1, each User will receive an email with a registration link. When the User clicks on this link, it will take them to registration where they’ll set up their own password.

Password

  1. Users must:
    1. keep their password confidential and not disclose or provide it to any other person;
    2. keep safe and secure any devices used to access the Hub or to recover a password;
    3. not allow another person to access or use the Hub except where expressly permitted by these Self-Assessment Hub Terms of Use; and
    4. not impersonate any person or entity for the purpose of misleading others when accessing or using the Hub.
  2. If the Agency, or any of the Agency’s Users, becomes aware of any possible unauthorised use of a User’s account, the Agency must notify VMIA immediately.

Uploading materials

  1. Users uploading any materials onto the Hub must do so in the format specified in the relevant section of the Hub.

Updating information

  1. Users must:
    1. ensure that any changes they make to information relating to their organisation using the Hub, including any changes to contact details, are accurate and complete.
    2. remove a User’s authorisation to access the Self-Assessment Hub immediately if the User’s employment is terminated, the User ceases to be employed by the Agency or the User doesn’t require access anymore.

4. Privacy

  1. Any personal information VMIA collects from the Agency and its Users will only be used or disclosed in accordance with VMIA's Privacy Policy (available at VMIA Privacy policy).
  2. The Agency warrants to VMIA that any personal information disclosed to VMIA has been collected in accordance with all applicable privacy laws, and that any individual whose personal information is disclosed to VMIA has been made aware that the information may be or has been disclosed to VMIA and of any other matters that the Agency is required to inform the individual under any applicable privacy law.
  3. The Agency must inform VMIA as soon as practicable if a privacy complaint is received in relation to information on the Hub. The Agency must provide reasonable assistance to VMIA in relation to the investigation or resolution of the complaint.

5. Information Management and Data Protection

  1. The information collected and generated through the Hub will be managed and stored securely according to the Public Records Act 1973 (Vic) standards and the Privacy and Data Protection Act 2014 (Vic) Victorian Protective Data Security Standards.
  2. The stored information collected and generated through the Hub will only be used for carrying out VMIA’s functions set out in Section 6 of the Victorian Managed Insurance Authority Act 1996 (Vic) (VMIA Act). These functions include:
    1. acting as an insurer and providing insurance services;
    2. monitoring agency risk management;
    3. providing risk management advice to agencies and to the State;
    4. providing assistance to agencies to establish programs for the identification, quantification and management of risks; and
    5. providing risk management training to agencies. VMIA may perform its functions through the analysis of and research using stored information.
  3. Information analysis and research may be published in accordance with Victorian Government policy. The information collected and generated through the Hub may be subject to audits carried out by the Auditor General under the Audit Act 1994 (Vic) and freedom of information requests under the Freedom of Information Act 1982 (Vic).

6. Data Use

  1. General
    1. VMIA may use the data from the assessments to:
    • assist VMIA clients to make informed decisions about risk management;
    • inform risk-based policy and continuous improvement in the Victorian Government;
    • inform our relationships with clients and assessing products or services that we think may be of interest;
    • report de-identified benchmarking results to participating entities;
    • develop programs, products and services to meet the needs of VMIA clients;
    • develop insights to inform risk-based policy and continuous improvement in the Victorian Government;
    • monitor the effectiveness of the assessments and other VMIA products and services;
    • obtain cyber insurance for its clients in the reinsurance market at a competitive price; and
    • fulfill VMIA’s obligations under Section 23 of the VMIA Act.

Note: VMIA won’t use assessment data to calculate individual insurance premiums; and if VMIA wishes to share your identifiable data with third parties, they’ll request your permission.

  1. Specific
    The Department of Government Services Cyber Security Unit may access and use the information provided via the CMB to:
    • understand and report on cyber security maturity across the Victorian Public Sector;
    • make informed decisions about where to invest in improving cyber security across the Victorian Government; and
    • develop targeted capability and peer sharing programs to assist agencies to improve cyber security in priority areas.

Note: If the Cyber Security Unit wishes to share your identifiable data with third parties, they will request your permission.

  1. Digital Health may access and use the information provided via the HSCSA to:
  • consume standard reporting, access all data; and
  • manage data requests relating to cyber security maturity.

7. Termination

  1. If the Agency or a User breaches any provision of these Self-Assessment Hub Terms of Use, VMIA may immediately issue a warning, temporarily suspend or permanently prevent the Agency’s access or the access of any User to the Hub.
  2. VMIA may, at any time, terminate access to the Hub without prior notice if VMIA determines, in its sole discretion, that the Agency or its Users does not intend to, or is unable to comply with these Self-Assessment Hub Terms of Use.

8. Disclaimer

  1. Except as provided by law, the Hub is provided “as is” and without any guarantee, warranty or condition, express or implied.
  2. VMIA does not represent, warrant or guarantee that:
    1. access to or use of the Hub by the Agency or any User will be secure, continuous, uninterrupted, error-free or timely;
    2. errors or defects in the operation of the Hub will be able to be corrected; or
    3. the Hub will be free from computer errors or viruses, trojan horses, worms, time bombs, cancelbots or other malicious programs or code.
  3. The Agency acknowledges that access and use of the Hub (including the software operating in connection with the Hub) may be interfered with by factors outside of VMIA’s control.
  4. VMIA does not make any representation or warranty regarding the accuracy or completeness of the information on or accessible using the Hub.
  5. The information collected by and generated through the self-assessments within the Hub may be based on subjective views and opinions and may not be a statement of an agency’s true position.
  6. A report produced using the information collected and generated isn’t intended to be comprehensive and its contents and conclusions are subject to the limitations created by the nature of the information upon which it is based.
  7. Any use of a report and its contents should take these limitations into account.
  8. No tool on the Hub is to be used as a substitute for an audit; or to provide assurance on an agency’s risk management framework, compliance with the Victorian Government Risk Management Framework (VGRMF) mandatory requirements, or cyber security.

9. General

  1. Amendment of Self-Assessment Hub Terms of Use. VMIA is entitled, at its sole discretion, to amend, add or remove any part of these Self-Assessment Hub Terms of Use at any time without notice. To avoid doubt, the continued use of the Hub by a User constitutes an agreement by the Agency and its Users to abide by and be bound by these Self-Assessment Hub Terms of Use, as amended.
  2. Governing law. These Self-Assessment Hub Terms of Use shall be governed by and construed in accordance with the laws of the State of Victoria.
Back to top