How Alpine Shire Council Strengthened Data Security Governance with RTG

A council responding to rising data protection and regulatory expectations

Alpine Shire Council is a regional local government organisation providing a broad range of services to residents, ratepayers, businesses, and visitors across North East Victoria. With a strong focus on community wellbeing, Council plays an essential role in supporting local services, economic activity, and the protection of the region’s natural and cultural heritage.

Operating in a public sector environment built on trust, accountability, and engagement, Alpine Shire Council is guided by core values of leadership, integrity, productivity, and nurturing its community. Safeguarding information is a critical part of this responsibility. Protecting resident, workforce, and organisational data helps ensure services are delivered safely, responsibly, and in a way that maintains community confidence.

 

Regulatory pressure revealed the limits of ad hoc security practices

Over time, Alpine Shire Council’s information security practices had developed organically. While controls were in place, they were not always consistently documented, governed, or assessed against OVIC’s 12 Victorian Protective Data Security Standards.

Responsibility for technology and data security sat with a very small internal team, making it difficult to proactively manage risk alongside day‑to‑day operations. Compliance activities, including PDSP preparation, were often completed close to submission deadlines, increasing pressure and reducing confidence in the organisation’s ability to clearly demonstrate maturity.

Success meant moving beyond reactive reporting to gain a clear, defensible understanding of information security risk, one that council executive could rely on and sustain over time.

A clear, OVIC-aligned approach grounded in council operations

RTG partnered with Alpine Shire Council using a governance‑‑led approach designed for resource‑constrained public‑sector environments and informed by nationally recognised cyber security guidance. As a recognised partner of the Australian Signals Directorate, RTG brings insight into contemporary threat conditions and control expectations facing Australian government organisations, ensuring OVIC compliance is grounded in real‑world risk.

The engagement began with a comprehensive information security risk assessment, benchmarking existing practices against all 12 Victorian Protective Data Security Standards. The work was led by Mel Gillies, Director Risk and Security at RTG, whose depth of experience across governance, risk and compliance brought clarity and confidence to the process. RTG gathered insights through focused workshops, interviews and document review, ensuring a thorough assessment while minimising disruption to Council staff.

Findings were translated into clear, plain‑English insights that informed the Council’s PDSP and attestation. Rather than producing generic recommendations, RTG worked with Alpine to identify a practical, prioritised set of actions to reduce risk in a measured and achievable way.

To support ongoing governance, RTG also designed a tailored Data Governance Roadmap giving the Council a clear mechanism to collaboratively track, manage, and sustain security controls over time.

Clarity and confidence replaced reactive compliance

With RTG’s support, Alpine Shire Council successfully completed and submitted its Protective Data Security Plan to OVIC with greater confidence and significantly reduced pressure on internal resources.

Leadership also gained clear visibility across all 12 Protective Data Security Standards, providing a shared understanding of where risks existed and where effort should be focused. Importantly, the engagement reduced reliance on individual knowledge and last‑minute reporting, replacing it with clearer priorities and repeatable practices.

With RTG’s Statement of Applicability, the Council could establish sustainable practices, enabling the Council to monitor progress, support future reporting cycles, and embed data security governance into everyday operations. As the engagement concluded, Council reflected on the experience:

Highly skilled and experienced consultants who sought the relevant information up front and then got on with the job, with minimal impact on the time and energy required from our very stretched ICT resources.

Manager, Customer and Digital Projects, Alpine Shire Council

A trusted partner for councils navigating compliance and constraint

Alpine Shire Council chose RTG for its experience working with regulated public sector organisations and its ability to translate complex compliance requirements into clear, achievable action.

As a recognised partner of the Australian Signals Directorate, RTG brings national‑level cyber security insight into local government environments, helping councils translate regulatory expectations into practical, operational outcomes that stand up to scrutiny.

By combining governance insight with a people‑first approach, RTG helped the Council move beyond reactive reporting toward a more confident, sustainable model for managing information security that supports accountability, resilience, and community trust over time.