IPC MNDB Scheme Maturity Self-assessment Tool

IPC MNDB Scheme Maturity Self-assessment Tool – Management Document June 2026

IPC MNDB Scheme Maturity Self-assessment Tool – Survey June 2026

IPC MNDB Scheme Maturity Self-assessment Tool – Maturity Matrix June 2026

Mandatory Notification of Data Breach (MNDB) Scheme Maturity Self-assessment Tool Instructions

The tool has been designed for NSW government agencies to perform a self-assessment of their MNDB Scheme maturity and track their progress in improving MNDB practices.

Components of the Tool 

  • A Maturity Matrix to assess MNDB Scheme maturity within the agency
  • Surveys aligned with the MNDB Scheme Maturity Matrix for different stakeholders to report their understanding of MNDB Scheme maturity
  • A Management Document to track goals, progress and improvements in MNDB Scheme maturity. That is this document. 

Step I. Preparation 

  1. Understanding the Maturity Matrix - Agencies should read the Maturity Matrix to understand what MNDB Scheme maturity looks like within the agency. The Maturity Matrix describes what various MNDB Scheme management areas of practice look like at each stage of maturity. Understanding what is required across these various areas of practice for your Agency to achieve your desired level of maturity.
  2. Reviewing the Management Document - Agencies should review the Management Document, including the available reference information. This Management Document will be used to track MNDB Scheme maturity target levels and progress. Each area of practice of MNDB Scheme maturity has a corresponding tab which can be used to record and track your maturity in that area of practice. Determine which level(s) of the agency the management document best sits at. For smaller agencies, you may want to only manage a management document, as you can be confident that you can centrally assess maturity for the entire agency. For larger agencies, multiple management documents may be more usefully distributed and managed at division, business units or any other unit level. This allows for assessment and tracking of maturity to be performed at a more meaningful level. Once distribution and management approach has been made, fill in the agency name and, if relevant, the division and business unit names on the index tab.
  3. Setting MNDB Scheme Maturity Target Levels - Officers should set a maturity target level for each area of practice area on the relevant tab, understanding that Level 2 is required to be compliant with NSW legislation, but higher levels minimise risks and deliver increased benefit both to the agency and to the public.

Step 2. MNDB Scheme Assessment 

  1. Completing the Surveys - Agencies should perform the MNDB Scheme assessment for each area of practice using the surveys, which can be completed by privacy officers or released for wider participation. The surveys can be kept together or broken down by MNDB areas of practice and can be uploaded to Microsoft Forms using the Quick Import function, or to other survey tools for easy collection of responses and viewing of response data. Surveys are used as a tool to support privacy officers in understanding the nature and effectiveness of MNDB practices. The target audience for the surveys is to be determined by officers. Some areas of practice may require widespread distribution to get accurate responses while other may only need to be sent to a set of specific individuals. In smaller agencies, the surveys may only need to be completed by the privacy officer themselves. Surveys and assessment are advised to be completed regularly in order to track maturity levels over time.
  2. Reviewing the Results of the Survey - Agencies should review the results of the survey against the Maturity Matrix to determine the MNDB Scheme maturity level. For each area of practice surveyed, complete a new row of the assessment on the relevant tab. The table provides a space to record the date, as well as an aggregate of the results of the survey for each question. Privacy officers should not only use the survey responses as collected, but also their own understanding and judgement, when entering an overall level of MNDB Scheme maturity for that area of practice in the 'Overall' column. Each time a round of  surveys is sent out and responses are received, a new row can be entered into the assessment table. This provides a demonstrable way to benchmark the MNDB Scheme maturity of the agency, division or business unit.
  3. Determining MNDB Scheme Maturity Level - Agencies should determine the MNDB Scheme maturity level for each practice area based on the results of the latest survey, as well as the judgement and confidence level of the privacy manager. This is to be manually entered into the 'Current' cell at the top of the spreadsheet. This is not automatically determined by the sheet. This tool assists agencies in managing self-assessment but it does not provide an automated evaluation. It is the responsibility of agencies to make confident and accurate assessments about their MNDB Scheme maturity based on their own understanding.

Step 3. Improving MNDB Scheme Maturity 

  1. Understanding Areas for Improvement - For areas where the agency's maturity level is below its target level, the referenced resources should be used to understand where improvements can be made. The questions in areas which are of lower maturity should identify where in particular to target your investigation into how maturity can be improved.
  2. Tracking Improvement Activities - Agencies should use the action plan to record maturity improvement activities associated with each MNDB area. Each area of practice sheet has an action plan section where tasks to improve maturity for that MNDB area(s) can be planned. This allows for the area of practice sheet to act as a tracking tool which measures the impact of MNDB intervention actions on associated maturity. It is advised that after a major action is completed, that a new assessment be performed to capture any improvement.

Step 4. Ongoing MNDB Scheme Assessment 

  1. Performing Ongoing Assessments - Agencies should perform ongoing MNDB assessments and record each assessment in the management spreadsheet by repeating the above steps as often as is required to keep an accurate view of your Agency's MNDB Scheme maturity.
  2. Tracking Progress and Changes - Agencies should use the Management Document to track progress and changes in MNDB Scheme maturity in the appropriate sections in order to measure progress and show improvement over time. Repeated reassessment after intervention actions will allow agencies to understand where efforts to improve and maintain maturity are best targeted.  
  3. Using the Maturity Matrix Summary - Agencies should continually use the Maturity Matrix Summary to observe and report on their MNDB Scheme maturity target levels and progress. The purpose of the Maturity Matrix Summary is to show on one page where the agency, division or business unit is at in terms of MNDB Scheme maturity, in relation to their target levels. It can be presented as a report or artefact for a range of audiences, including as a tool to demonstrate MNDB Scheme maturity to Executive levels, risk and audit committees or across the agency. 
Aboriginal and Torres Strait Islander Flags
We acknowledge Aboriginal and Torres Strait Islander peoples as custodians of Australia and pay our respects to Elders, past and present. We also acknowledge the ongoing connection to land, sea and communities throughout Australia, and the contributions to the lives of all Australians. 

IPC logo.

© IPC

CC logo

Navigate

Useful links

IPC Social Media

   Linkedin

 

IPC Social Media Terms of Use