- Date:
- 28 May 2025
The VMIA Self-Assessment Hub (the Hub) is an online tool operated by VMIA. Accessible only to authorised users, the Hub contains the following self-assessment tools:
- Risk Maturity Benchmark
- Victorian Government Cyber Maturity Benchmark
- Health Sector Cyber Security Assessment
- Health Sector Medical Device Security Assessment.
We’ve developed this quick reference guide to help Victorian Government departments and agencies navigate and use the Hub effectively on the following tasks:
- navigating to your desired self-assessment
- logging in and logging out of the Hub
- exploring the different user roles
- performing user maintenance (add and change user roles).
Please note that this guide has been designed to help you find your way around the Hub and should be used alongside the specific self-assessment user guides provided below.
To help you complete the assessment you want, please refer to the specific user guides provided separately on our website:
Risk Maturity Benchmark user guide
How to log in and out
You’ll receive a welcome email that includes your login details. If the email doesn’t arrive, check your junk email folder.
- Open the email.
- Click on the link.
- Enter your username (email address) and the temporary password provided within the email.
When you log in for the first time, you’ll be prompted to change your password using the temporary password.
Access the Self-Assessment Hub from VMIA’s Homepage (vmia.vic.gov.au) via the link on the top right-hand side of the page under Quick Links.
This link takes you directly to the Login page.
Enter your username (email address) and password.
Forgotten your password? Click on the “Forgot password” link.
Handy tip
Save the website to your favourites for future access.
For users associated with multiple organisations, you’ll be prompted to select the relevant organisation after logging in.
Select the organisation you wish to access from the dropdown list. You will then be directed to the Self-Assessment Hub.
Every time you log in, you'll be prompted to supply a 6-digit, one time password (OTP).
- If you have a mobile number on your profile, the OTP will be sent via SMS.
- You may choose to have this sent to you via email.
If so, check the OTP to email box then click Resend OTP.
To log out click the circle with your initials on the top right corner of the screen, and click ‘Log Out’.
Email Digest enables you to receive emailed notifications of any changes made to an assessment.
Note: This function is only available to Client Admin roles.
- Log in to the Self-Assessment Hub and click on the Settings tab at the top banner.
- Click on the Email Digest button.
- Complete the Email Digest Settings nominating the time, frequency and types of notifications you would like to receive. Once complete, click on the Save Changes button.
Note: This enables the email digest for the entire assessment, i.e. all users allocated to that assessment will receive Email Digest unless they elect to opt out of it.
On the top right-hand corner of your screen, click the circle with your initials and select ‘View account’.
Click on the Email Digest toggle to switch email digest on or off.
Exploring the roles
There are two types of contact roles, the first is the Primary Contact for the organisation and secondly an Assessment Primary Contact. Let’s take a look at the difference between these roles:
Role Responsibilities Primary Contact This role is for communication purposes between VMIA and the organisation.
To change the primary contact, you’ll need to contact us by email contact@vmia.vic.gov.au or phone (03) 9270 6900.
Assessment Primary Contact This role is the primary contact for the relevant assessment which can be a different person for each assessment, i.e. Cyber Maturity assessment, Risk Maturity Assessment, etc.
The user is responsible for allocating access to assessments and privilege levels for assessments and receives emails relevant to the assessment.
There are two main roles in the Self-Assessment Hub and you can have multiple users in each category. The table below explains the responsibilities of these role types:
Role Responsibilities Client Admin Users assigned to the Client Admin role have access to the majority of functions within their client environment, can manage users, enable email digest and data sharing, delete actions, export data into CSV format and see assessment participants. Participant Regular client user of the system, access to assessments, actions and reports. Each assessment has three different roles that can be managed by the Assessment Primary Contact for the relevant assessment. This means that if you’re the Assessment Primary Contact for RMB, you can manage these roles within the RMB only. The roles in each assessment are as follows:
Role Responsibilities Admin Users assigned to the Admin role can assign users and privilege levels to the assessment, complete assessments and create actions plans. Assessor Assessors can complete assessments and create actions. Read Only Read only access.
Maintaining users
Click the USERS tab
From the left-hand menu, select New User.
Settings;
- first name, last name, job title and contact number fields (mobile number will be used for Multi-Factor Authentication)
- in the ‘Privilege Level’ fields, select the level required for the new user.
- enter their email address.
- check that the ‘User Active’ field is set to ‘ON’.
- ensure ‘Password’ and ‘Send email notification’ checkboxes are ticked.
Select Create User and the new user will receive an email with their login details.
In the assessment click on Participants
Select the participant you want to add by clicking on the username in the participants column and click the arrow forward to move them to the relevant assessment.
Note: You can add all participants to the assessment by clicking on the double arrow.
Click Save Changes
Note: Only the Client Admin role can maintain users.
Click on the USERS tab.
Click on a user’s name - that user’s page will appear.
Click the Confirm password reset checkbox.
Click Reset Password.
Note: Only the Client Admin role can maintain users.
Click on the USERS tab.
Click on a user’s name and that user’s page will appear
Enter a new password.
Click the Confirm password change checkbox.
Select Change Password.
Important: Remember to notify the user of the new password manually as no email is sent.
Note: Only the Client Admin role can maintain users
Click on the USERS tab.
Click on a user’s name and that user’s page will appear.
Click on the Privilege Level field.
Select a role.
Click on Save Changes to confirm.
Note: Only the Client Admin role can maintain users
Click on the USERS tab.
Click on a user’s name and that user’s page will appear.
In the User Active field, click on the slide to change it to Off.
Click on Save Changes to confirm.
Note: Only the Client Admin role can maintain users.
Every Assessment Participant receives read access only by default.
Change the user’s assessment access by selecting the user and clicking on the ASSESSMENT ACCESS tab.
In the next screen, select the access level by clicking on the appropriate radio button (i.e. Admin or Assessor).
Remember the default for everyone is Read only.
Note: This is where you can also edit an existing user’s access type.
Note: Only the Client Admin role can maintain users
To remove a participant from an assessment,
- select client in the assessment participant column
- click the back arrow
- click Save Changes.
Client 2 has now been moved back into the users column, which means they no longer have access to the assessment.
You can check if you’re an Assessment Primary Contact on the ASSESSMENT tab, in your Assessment Overview page:
Navigating the hub
There are three ways to navigate through the self-assessment hub:
- In the tabs bar along the top of the screen, select a tab.
- Use the menu paths at the top right of a page (not on the homepage).
- Use the left-hand menu located on each page (not on the homepage).
Need assistance?
Contact us by email: contact@vmia.vic.gov.au or phone: (03) 9270 6900.
Updated