ASQA is aware of a cyber incident involving the student management system VETtrak.
ASQA has been advised that as a result of the incident, providers using the system have been unable to access it, in full or in part, since 17 October.
VETtrak's provider ReadyTech is working to restore it as soon as possible and has been working with Australian National Office of Cyber Security (NOCS) and other relevant agencies, as well as notifying the Office of the Australian Information Commissioner (OAIC).
Providers are reminded that they must notify ASQA of the occurrence of an event that would significantly affect the organisation's ability to comply with any of its obligations (also known as a material change) under the National Vocational Education and Training Regulator Act 2011, and that this notification must be given within 10 business days after the event occurs.
These events include (but are not limited to) any impact on your ability to achieve the following Compliance Requirements:
- 9 - Issuance of AQF certification documentation
- 10 - Records of AQF certification documentation and assessments
- 11 - Issuance of VET qualifications and VET statements of attainment
- 20 - Compliance with laws (including privacy laws) - particularly in circumstances where student information has been compromised.
ASQA expects impacted providers to continue to actively monitor and address their obligations, including ensuring that student wellbeing is supported where individuals are impacted. The April edition of ASQA IQ contains more information to assist you to understand your obligations (see 'Have you met your obligations as an RTO?').
ReadyTech is providing updates on work to restore the system
