Security and Risk Experts

Outcomes and Benefits Focused

Unique Documentation Approach

Vital Advisory work with you to bring your
VPDSF in on time, with real security benefits

Getting benefit from your VPDSF requires more than filling templates. It needs depth of understanding around your organisation, its goals, information assets and security risks. We work with you to build understanding of your risk profile. Our experts then help determine effective and efficient measures to assess and manage those risks – processes which become part of your work routine. This is the real aim of your VPDSF.

How we assist

Regardless of where you are in your VPDSF project, Vital Advisory can prepare a structured and comprehensive framework which addresses your key information security risks. We help by:

  • Identifying your full set of stakeholders and information assets.
  • Identifying which risks pose a genuine threat to your goals
  • Selecting the right mix of technical and procedural measures to protect your data
  • Documenting your Information Asset Register (IAR), Security Risk Profile Assessment (SRPA) and  Protective Data Security Plan (PDSP)
  • Ensuring smooth operation of your VPDSF through monitoring, maintenance and organisation-wide understanding of your VPDSF goals.

Our focus reaches beyond simple compliance to making sure you achieve benefits in processes and cost structures. Expert review of your security and governance practices is key to making these benefits real. See below for our Assistance and Organisational Packages.

Assistance Packages

Select from the following assistance packages. Fixed-pricing options are available for most packages. If you require assistance based around your organisational role, see our Function Packages further down the page.

Information Asset Register

We conduct workshops with your key stakeholders to identify and document the full range of information assets (both electronic and hardcopy) to be included in your IAR.

Security Risk Profile Assessment

We build a complete understanding of your organisation, systems, processes, clients, suppliers and threat landscape. We then identify relevant and critical risks to your information assets and compile your SRPA, making the risks and responsibilities clear to all stakeholders in your organisation.

Protective Data Security Plan

Following the Risk Analysis of the SRPA, we identify and prioritise the right security measures (both procedural and technical) to address your key risks. We document the outcomes in your PDSP and ensure stakeholders understand the role they play in supporting these controls.

Capabilities and Gap Analysis

We work with your technology and business process staff to identify the strengths and weaknesses in your information security implementation and how they map to your VPDSF goals.

Monitoring and Maintenance Planning

We identify and document the metrics and indicators which track the success of your VPDSF implementation. We guide you on the processes needed to take action on these findings and maintain your implementation into the future.

VPDSF Awareness

To ensure that the goals of the VPDSF (and broader Information Security) are instilled into your organisation, we run awareness workshops and campaigns with your technology and business staff. Maintain your VPDSF and make the changes stick.

Contact us to discuss how we can assist with your VPDSF implementation.

Organisational Function Packages

If you need information security assistance for your organisational division, select from the following function packages. Fixed-pricing options are available for most packages.


We help HR identify personnel-related information assets and risks. We then work with you to analyse your risk and develop and document the processes and policies needed to address them.

Project Management

We work with your Project Management team to understand the requirements of the VPDSF. We help identify project milestones, develop communication strategies, and prioritise your implementation efforts to ensure your VPDSF submission is comprehensive and on time.


We help your IT division to correctly identify the full range of information assets they support. We assist you with understanding the complete risk landscape IT faces and how to find the right mix of technical and procedural solutions to address data threats. We document your SRPA with a realistic snapshot of where information security in IT currently is, and what it will realistically accomplish within the reporting timeframes.


We offer a full range of internal and external audit services to determine how well your current security measures are functioning and ensure that your organisation is focused on delivering the requirements of the VPDSF.

Small Agencies

Smaller-sized agencies are faced with considerable hurdles in understanding their information assets and risk landscape. Our expertise in information security and risk can take on much of the knowledge and task burdens of your VPDSF. We offer modest fixed-pricing options for smaller organisations and can handle your submission with only small workshop sessions required from your team.

Training and Awareness

To help ensure VPDSF processes are embedded into your organisation and understood, we offer a range of information security training, awareness and role playing activities which drive the VPDSF message home, whether across your agency or within internal divisions or management.

Contact us to discuss how we can help your team achieve their role in your VPDSF implementation. 

PARI Risk Methodology

Vital Advisory’s approach to risk has the key benefits of simplifying the management and documentation of your VPDSF. Our methodology produces an easy to understand framework which engages stakeholders by making clear their role in securing your information assets.

PARI (Process, Asset and Risk Identification) uses an A3 on-a-page approach to document how your organisation operates, what information assets you manage, what systems you rely upon, who your internal and external stakeholders are, and finally what are your key information security risks.

We capture this information through a series of workshops with the primary business heads of your business and IT operations. The end product is an ISMG (Information Security Mandates and Guidances) Handbook which presents the risk and control landscape for your agency in a way that any internal or external stakeholder can use to quickly understand your security priorities and what their part in the process is.

For samples of our documentation approach, please use the above contact button.

Who are Vital Advisory?

We are a team of risk professionals who have assisted government and private sector organisations, of all sizes, to achieve their information security objectives.

Vital Advisory’s expertise covers Risk Management, Information Security, Business Continuity, Strategic Planning and Assurance. We have assisted many government and private organisations to implement information security projects – from small gap assessments through to full Information Security Management Systems, achieving certification for the ISO-27001 global standard.


We can offer a fixed-price model for each assistance or function package, based around small, medium and large organisations. We have extensive experience in working with government organisations of all sizes and are able to accurately scale our engagement to match your specific requirements. If VPDSF project work has already been completed by your organisation, we can adjust pricing to reflect your level of preparedness.

Contact us today to discuss how we can assist you.