Completing a DVS business user compliance statement

This information guides organisations using the Document Verification Service (DVS) on how to complete a compliance statement. You must complete a compliance statement each year to continue to use the DVS.

Who needs to complete a compliance statement

A compliance statement is a questionnaire that documents your organisation’s compliance with its DVS business user participation agreement, the Identity Verification Services Rules 2024 and the DVS Access Policy. It ensures that your organisation has implemented the necessary technical, privacy and security safeguards to sufficiently protect individuals’ personal information.

Your organisation must submit a compliance statement each year – even if you haven’t accessed or used the DVS in the 12‑month reporting period. This is outlined in clause 6 of your DVS business user participation agreement.

The Attorney-General’s Department will request that you complete your compliance statement within a set timeframe. We will then review your compliance statement.

Not completing a compliance statement within the timeframe may result in your access to the DVS being suspended or terminated.

To address the questions in the compliance statement, you will need to complete an annual self-audit. Your compliance statement will document the outcomes of your audit. For more on self-audits, visit Understanding your compliance reporting requirements.

When you will receive your compliance statement

Each reporting period, we will email you a compliance statement template. We may update templates from year to year, so it’s important to use the template we send you for the current reporting period. Do not reuse a compliance statement from a previous year.

How to complete your compliance statement

Your compliance statement template will include instructions on how to complete your statement. Read the instructions and complete the questions as prompted. You must complete:

every multiple-choice question
extended response questions when applicable.

We will send you the compliance statement template as a fillable PDF so you can complete it electronically. You can print, complete and sign the statement by hand if your organisation prefers. A senior representative of your organisation must sign the compliance statement.

How the compliance statement is structured

The compliance statement contains 2 types of questions.

‘Yes/no’ questions

These questions confirm whether your organisation is following our best practice. We encourage best practice procedures that demonstrate compliance with the DVS business user participation agreement.

If your organisation does not adhere to this best practice, you will be given an opportunity to supply an extended response to explain how you otherwise comply with the requirements of your participation agreement.

Extended responses

The template will prompt you to complete extended responses based on your answers to the ‘yes/no’ questions. The extended response must give clear and specific details of how you comply (or haven’t complied) with the requirements of your participation agreement.

What you need to report

You will be asked to report on your compliance with the following aspects and corresponding clauses in your DVS business user participation agreement:

Question 1: Personnel training (clause 4.1)
Question 2: Privacy information and processes (clause 5.5)
Question 3: Consent statements (clause 5.4)
Question 4: Alternative methods of identity verification (clause 12.1)
Question 5: Security requirements (clause 10.1)
Question 6: Breach reporting (clause 10.3)
Question 7: Audit and compliance reporting (clause 6)
Question 8: Information Match Data use and retention (clauses 4.7 and 5.6)
Question 9: Public statements about the DVS (clause 4.7)
Question 10: Privacy Impact Assessment (clause 5.3)
Question 11: Overseas personnel (clause 4.7)

The information in your compliance statement must apply to the reporting period we specify. We will outline the dates for this period when we send your compliance statement template at the beginning of the reporting process.

How to lodge your compliance statement

When we send you the compliance statement template at the start of your reporting period, we will include instructions on how to lodge your completed statement.

What to do if you report non-compliance

All non-compliance must be documented in your compliance statement.

If you report non-compliance, you must send us a management response detailing how and when you will address the non-compliance. You must submit the management response within 14 calendar days of lodging your compliance statement. We can help you work out what steps to take to become compliant.

Visit Audit and compliance remediation process for more on remediating non-compliance.

Contact us

If you need help completing or submitting your compliance statement, please email us at ivscompliancereporting@ag.gov.au.

The information on this page is not and should not be taken as legal advice.