Staff who use CISS and FVISS

Section overview
Overview of the Child Information Sharing Scheme (CISS)
Overview of Family Violence Information Sharing Scheme (FVISS)
Risk Assessment Entities
Sharing for family violence risk assessment
Sharing for family violence risk management
Responding to external requests for MARAM and information sharing records
Consent and seeking the views and wishes of children and relevant family members
Seeking and taking into account the views of the child and family members
Other factors to consider when sharing information under CISS
Working with diverse communities and at-risk groups to support wellbeing and safety
Complaints
Tools for staff who use CISS and FVISS

Section overview

This information is relevant for me, if:

In my role at my school or service, I use the Child Information Sharing Scheme (CISS) and Family Information Sharing Scheme (FVISS), underpinned by MARAM, to support the wellbeing or safety of children and assess or manage family violence risk.

Why is this resource important to me?

This resource tells me exactly what I need to know to:

be able to share information safely and appropriately with other prescribed services
understand how MARAM underpins information sharing.

What is my responsibility?

I am responsible for the wellbeing and safety of the students and children in my school or service, and for developing and/or contributing to plans for students and children.

What training and support do I need?

Please refer to Staff supports and other resources.

The Child Information Sharing Scheme (CISS) allows authorised organisations to share information to support child wellbeing or safety, to ensure that professionals can gain a complete view of the children and young people they work with, making it easier to identify wellbeing or safety needs earlier, and to act on them sooner.

The Child Information Sharing Scheme Ministerial Guidelines detail the legal obligations of prescribed Information Sharing Entities (ISEs). Additional resources are available at Information sharing and MARAM reforms.

Who?

Open all

Who can share and request information?

Professionals in information sharing roles at prescribed Information Sharing Entities (ISEs) can share information under CISS if the requirements of the three-part threshold are met. ISEs are prescribed by regulation.
ISEs are legally obliged to respond to a request from another ISE.
ISEs may also request information and proactively share information that meets the threshold.

Who can I share information with?

You can share information with any organisation that is a prescribed ISE. You can find more detail on the organisations and services that are prescribed ISEs at Who can share information under the information sharing and MARAM reforms. You can also search for contact details of specific ISEs at the ISE List.
You can share information with a child, a person with parental responsibility for the child, or a person with whom the child is living, for the more limited purpose of managing a risk to the child’s safety.

Whose information can I share?

If the three-part threshold is met, you may share information about any person. You should seek and take into account the views of the child and/or their family members before sharing their information, whenever safe, reasonable and appropriate to do so.

Why?

Why can I share?

ISEs can share any information for the purpose of promoting the wellbeing and safety of children as long as the requirements for sharing are met.

The requirements are set out in the three-part threshold test.

Threshold part 1: Promoting child wellbeing or safety

An ISE can request or share information about any person for the purpose of promoting the wellbeing or safety of a child or group of children.

Threshold part 2: Sharing to assist another ISE

The disclosing ISE must reasonably believe that sharing the information may assist the receiving ISE to carry out one or more of the following activities:

make a decision, an assessment or a plan relating to a child or group of children
initiate or conduct an investigation relating to a child or group of children
provide a service for a child or group of children
manage any risk to a child or group of children. Threshold part 3: No excluded information

ISEs must not share any information that is excluded information.

What?

Open all

What information can I share?

You can share confidential information about any person, including sensitive, personal and health information. For example, this may include case notes, observations, assessments, contact details, service engagement history, and any other information relevant to promoting the wellbeing or safety of a child or group of children.

What information cannot be shared?

You should not share information that does not meet the three-part threshold test. For example, you should not share irrelevant parts of a case file or health record.
You must not share information that is restricted from sharing by another law.

When?

When can I share or request information?

Information can be shared or requested any time that the threshold is met.
You can proactively share information whenever, in your professional judgement, the threshold is met.
You must share information in response to a request whenever, in your professional judgement, the threshold is met.
You should respond to requests for information in a timely manner, including when you are declining the request.

How?

How should information be shared or requested?

You must follow all the data security requirements that apply to your organisation.
The Victorian Information Privacy Principles, Victorian Health Privacy Principles or Australian Privacy Principles will apply to your organisation (including data security requirements) in relation to the handling of information that is collected under CISS, depending on the type of organisation you work for.
You must meet all record keeping requirements, see the Record Keeping Checklist in Tools for staff Who Use CISS and FVISS for details.

Principles

Legislative principles to guide sharing

Give precedence to the wellbeing and safety of a child or group of children over the right to privacy.
Seek to preserve and promote positive relationships between a child and the child’s family members and people significant to the child.
Seek to maintain constructive and respectful engagement with children and their families.
Be respectful of and have regard to a child’s social, individual and cultural identity, the child’s strengths and abilities and any vulnerability relevant to the child’s safety or wellbeing.
Promote a child’s cultural safety and recognise the cultural rights and familial and community connections of children who are Aboriginal, Torres Strait Islander or both.
Seek and take into account the views of the child and the child’s relevant family members, if it is appropriate, safe and reasonable to do so.
Take all reasonable steps to plan for the safety of all family members believed to be at risk from family violence.
Only share confidential information to the extent necessary to promote the wellbeing or safety of a child or group of children, consistent with the best interests of that child or those children.
Work collaboratively in a manner that respects the functions and expertise of each ISE.

Excluded information under CISS

Excluded information

Excluded information under CISS is any information that, if shared, could be reasonably expected to do the following:

Endanger a person’s life or result in physical injury, including the child, their family or any other person. For example, if sharing the location of a child could be reasonably expected to pose a threat to the life or physical safety of the child or another person, this information should not be shared.
Prejudice the investigation of a breach or possible breach of the law or prejudice the enforcement or proper administration of the law, including police investigations. For example, any information that could unfairly influence or reveal details of a police investigation or Commission for Children and Young People investigation.
Prejudice a coronial inquest or inquiry. For example, information that could unduly influence a witness expected to give evidence before a coronial inquest.
Prejudice the fair trial of a person or the impartial adjudication of a particular case. For example, if the information would unfairly influence the outcome of a proceeding.
Disclose the contents of a document, or a communication, that is of such a nature that the contents of the document, or the communication, would be privileged from production in legal proceedings on the ground of legal professional privilege or client legal privilege. For example, if the information is legally privileged.
Disclose or enable a person to ascertain the identity of a confidential source of information in relation to the enforcement or administration of the law. For example, if that information could reveal or be used to reveal the name of a person who has confidentially provided information to police.
Contravene a court order or a provision made by or under the Child Wellbeing and Safety Act or any other Act that:

prohibits or restricts, or authorises a court or tribunal to prohibit or restrict, the publication or other disclosure of information for, or in connection with any proceeding, or
requires or authorises a court or tribunal to close any proceeding to the public. For example, if information is part of a closed court proceeding.

Be contrary to the public interest. For example, revealing information about covert investigative techniques.

For more information, see the CISS Ministerial Guidelines.

The Family Violence Information Sharing Scheme supports effective sharing of information to assess and manage family violence risk, through keeping perpetrators in view and accountable and promoting the safety of victim survivors of family violence.

For more comprehensive information, see the Family Violence Information Sharing Guidelines available from Family Violence Information Sharing Scheme.

Who?

Open all

Who can share information?

As with CISS, Information Sharing Entities (ISEs) are authorised to share information. These ISEs are prescribed by regulations.

Who can I share information with?

As with CISS, information can be shared with any organisation that is a prescribed ISE. For more details, see the online ISE list.

Some ISEs are also prescribed as Risk Assessment Entities (RAEs) that can request information for a family violence assessment purpose.

Whose Information can be shared?

Information can be shared about any person, if it is relevant to assessing or managing family violence risk.

Consent is not required from any person to share information that is relevant to assessing or managing family violence risk to a child, if there is a serious risk to any person or if sharing is permitted by another law.

If none of the above apply, consent is required to share the information of an adult victim survivor, including a student over 18 years of age, or a third party.

You should seek and take into account the views of the child and/or family member before sharing their information, whenever safe, reasonable and appropriate to do so. Consent is never required to share information about a perpetrator, alleged perpetrator or adolescent using or at risk of using family violence.

Why?

Why can I share?

ISEs can share information for two purposes:

to establish and assess family violence risk (family violence assessment purpose)
to manage family violence risk, including via ongoing risk assessment. All ISEs can share information for a management purpose. Only ISEs that are also prescribed as RAEs can request information for a family violence assessment purpose. All ISEs can share proactively with RAEs for a family violence assessment purpose.

What?

Open all

What information can be shared?

ISEs may only share information that is relevant to assessing or managing family violence risk.

What information cannot be shared?

ISEs must not share excluded information (see Excluded information under FVISS below).
ISEs cannot share information that would contravene another law that has not been specifically overridden by FVISS.
ISEs cannot share information if the applicable consent requirements have not been met. See the Family Violence Information Sharing Guidelines for more information.

When?

When can information be shared?

If the information is not excluded and is relevant to assessing or managing family violence risk, an ISE:

can proactively share information for a family violence management purpose with other ISEs, including RAEs
can share information relevant to a family violence assessment purpose with RAEs
can request information for a family violence management purpose from other ISEs, including RAEs
must respond to information requests from other ISEs and RAEs by providing relevant information.

How?

How should information be shared or requested?

You must follow all data security requirements that apply to your organisation.
The Victorian Information Privacy Principles, Victorian Health Privacy Principles or Australian Privacy Principles will apply to your organisation (including data security requirements) in relation to the handling of information that is collected under FVISS, depending on the type of organisation you work for.
You must meet all record keeping requirements, see the Record Keeping Checklist in Tools for Staff Who Use CISS and FVISS for more details.

Principles

Legislative principles to guide sharing

ISEs should:
work collaboratively to coordinate services in a manner that respects the functions and expertise of each ISE
give precedence to the right to be safe from family violence over the right to privacy
only collect, use or disclose a person’s confidential information to the extent that the collection, use or disclosure of the information is necessary:
to assess or manage risk to the safety of a person from family violence
to hold perpetrators of family violence accountable for their actions.
collect, use or disclose the confidential information of a person who identifies as Aboriginal or Torres Strait Islander in a manner that:
promotes the right to self-determination and is culturally sensitive
considers the person’s familial and community connections.
have regard for and be respectful of a person’s cultural, sexual and gender identity and religious faith.
When sharing any person’s information to assess or manage risk to a child, ISEs should:
promote the agency of the child and other family members at risk of family violence by ensuring their views are taken into account (having regard for the appropriateness of doing so and the child’s age and maturity)
take all reasonable steps to ensure the information is shared in a way that:
plans for the safety of all family members at risk of family violence
recognises the desirability of preserving and promoting positive relationships between those family members and the child.
take into consideration the age and stage of the child, and their cultural, sexual and gender identity.

Excluded information under FVISS

Excluded information

Excluded information under FVISS is any information that could be reasonably expected to:

endanger a person’s life or result in physical injury (e.g. if sharing the address of the victim survivor could alert a person known to pose a threat to their whereabouts then this information should not be shared)
prejudice the investigation of a breach or possible breach of the law or the enforcement or proper administration of the law in a particular instance (e.g. if information reveals the details of a police investigation)
prejudice a coronial inquest or inquiry or the fair trial of a person or the impartial adjudication of a particular case (e.g. if the information was cited as evidence in a closed session of the court)
disclose the contents of a document or a communication that would be privileged from production in legal proceedings on the ground of legal professional privilege or client legal privilege
disclose, or enable a person to ascertain, the identity of a confidential source of information in relation to the enforcement or administration of the law (e.g. where certain information is known only to a particular person, their identity as a confidential source could be ascertained if that information was shared)
contravene a court order or law that prohibits or restricts, or authorises a court or tribunal to prohibit or restrict, the publication or other disclosure of information for or in connection with any proceeding
contravene a court order or law that requires or authorises a court or tribunal to close any proceeding to the public (e.g. if the court closes proceedings under section 30 of the Open Courts Act 2013 (Vic) or section 68 of the Family Violence Protection Act 2008 (Vic) (FVPA) on the basis that an affected family member, protected person or witness may be caused distress or embarrassment, then an ISE would not be able to share information about the proceedings that took place in closed court)
be contrary to the public interest (e.g. information that could reveal covert investigative techniques).

For more information, see the FVISS Ministerial Guidelines, available from Family Violence Information Sharing Scheme.

Risk Assessment Entities

Under FVISS, there is a subset of specialist ISEs known as Risk Assessment Entities (RAEs) that can request and receive information for a family violence assessment purpose. Only RAEs can request information for a family violence assessment purpose.

RAEs have specialised skills and authorisation to conduct family violence risk assessment. Examples of RAEs include:

Victoria Police
Child Protection
family violence services
the Orange Door.

Figure 6: The relationship between ISEs and RAEs

This image shows the relationship between ISEs and RAEs. RAEs are a subset of ISEs.

One way in which you will be able to identify and respond to family violence is by making referrals for specialist services or professionals to complete a comprehensive family violence risk assessment. Some of these specialist services are prescribed as RAEs, such as family violence services, Child Protection and Victoria Police.

Under FVISS, ISEs such as school and service workforces can proactively share risk-relevant information with RAEs for risk assessment purposes. That is, in order to:

confirm whether family violence is occurring
enable RAEs to assess the level of risk the perpetrator poses to the victim survivor
correctly identify the perpetrator of family violence and victim survivors (see section 11.3 of the MARAM Foundation Knowledge Guide for more information about misidentifying the predominant aggressor)
respond to a request made by an RAE for information from your school or service.

Family violence risk assessment is an ongoing process, and assessment is required at different points in time from different service perspectives. Nominated staff have a role in working collaboratively with other services to contribute to ongoing risk assessment and management.

School and early childhood workforces can proactively share information with and request information from other ISEs, including RAEs, if sharing is necessary to:

remove, reduce or prevent family violence risk
understand how risk is changing over time
inform ongoing risk assessment and management through:

secondary consultation with, or referrals to, specialist services
developing and implementing safety plans
managing changing risk levels over time by collaborating with other services for ongoing risk assessment and management.

Example - When to use CISS or FVISS

This image gives an example of when to use CISS or FVISS. It uses an example of an authorised professional at a school. They want to share information about Mark, a child who attends the school, with the kinder his sister Alice attends.

There are many laws in Victoria governing the security of records that you create for a child or young person at your school or service. These laws have in-built protection mechanisms that prioritise the safety of victim survivors whenever there is an application seeking the release of their information. For example, the Freedom of Information Act 1982 (Vic) has exemptions that may prevent information being released to certain alleged or confirmed perpetrators, to protect victim survivors and to ensure relevant documents are not shared with perpetrators or alleged perpetrators.

There may be a time where your school or service receives a request for information to be released externally, for example from a parent by way of Freedom of Information or subpoena during legal proceedings. These applications may include seeking access to MARAM tools and information sharing requests.

Schools and services must respond to requests for information. The department’s Requests for Information about Students Policy provides advice to government schools on how to manage requests for documents, including when to release documents directly and when to advise the person to make a FOI request to the department’s FOI Unit. This policy is consistent with Victorian privacy and information sharing law. Services and non-government schools should refer to their organisation’s policies in relation to requests for information (including FOI requests).

Under CISS, you can share any person’s information without their consent to promote the wellbeing or safety of a child or group of children. However, you should seek the views and wishes of the child and/or family members before sharing their information where it is safe, reasonable and appropriate to do so.

Sharing information to promote the wellbeing or safety of a student over the age of 18 would need to take place under other laws. Their consent may or may not be required depending on the privacy laws that apply.

FVISS covers victim survivors of all ages. Consent is not required from any person to share information relevant to assessing or managing family violence risk to a child, young person and/or adult victim survivor. However, you should seek the views of the child, young person and/or adult victim survivor or a family member who is not a perpetrator where it is safe, reasonable and appropriate to do so.

Where a student over the age of 18 is experiencing family violence, and no child is at risk, consent is required from the student and any third parties to share their information unless sharing is necessary to lessen or prevent a serious threat to an individual’s life, health, safety or welfare.

In situations where an adolescent is using family violence against an adult family member, you should seek consent of the adult victim survivor and any third parties to share their information unless there is a serious threat or the information relates to assessing or managing a risk to a child.

For further information about consent, please see the Family Violence Information Sharing Guidelines and the Child Information Sharing Scheme Ministerial Guidelines.

Seeking and taking into account the views of the child and family members

Even when consent is not required, you should seek and take into account the views of the child, young person and/or any relevant family members who do not pose a risk before sharing information under CISS or FVISS if it is safe, reasonable and appropriate to do so. This is a key principle of CISS and FVISS.

There are several reasons to seek and consider the views of a child, young person or family member before sharing their information:

working collaboratively helps develop and maintain trusting, positive relationships with the child, young person and their family, and improve and maintain service engagement
people feel more empowered when they are included in the process and aware of and in agreement with the actions taking place
obtaining the views of the children, including a child victim survivor, is an integral part of assessing and managing risk to the child and other family members
children and families are often best placed to provide insight into safer, more effective ways of sharing information.

You should also inform the child or parent that their information has been shared, unless it would be unsafe, unreasonable or inappropriate to do so. Keeping them informed is best practice and helps to promote positive engagement.

The child or parent must also be supported with safety planning and other necessary services.

When seeking the views and wishes of the child, young person and their family, the discussion should explain:

the requirements that need to be met before information can be shared
who information can be shared with
their consent is not required for you to share information if you believe that sharing would promote the wellbeing or safety of a child
the benefits of information sharing, and how information may be used to promote child wellbeing or safety.

It is important to support and encourage the expression of any concerns, doubts or anxieties. You should respond sensitively, with due consideration of the circumstances children and families may be facing.

Discussing these concerns may help to inform the assessment of any risks to children’s wellbeing and safety and help to avoid unintended outcomes of information sharing. You should be aware of your own preconceptions and biases when engaging with children and families navigating barriers to wellbeing and safety.

For example, you should promote cultural safety, and demonstrate awareness of the accumulation of trauma across generations of Aboriginal communities as a result of colonisation and the dispossession of land and children.

The department has developed resources to help schools, services and other organisations discuss the child information sharing scheme with families and communities, including resources for Aboriginal families. You can view them at Child Information Sharing Scheme.

You should not seek the views and wishes of a child, young person or family member in the following circumstances:

If it is unsafe. For example, if it is likely to jeopardise a child’s wellbeing or safety or place another person at risk of harm. Or if timeliness is an issue, such as when there is an immediate risk. Or if you are assessing or managing risk to another person
If it is unreasonable. For example, if the child or their relevant family member does not have a service relationship with the ISE. Or if you are unable to make contact with them
If it is inappropriate. For example, if a young person is living independently and their family members no longer have access to their personal information.

When sharing information to promote child wellbeing and safety, you should:

consider the child’s best interests
promote the immediate and ongoing safety of all family members at risk of family violence in line with MARAM, noting safety includes responding to needs and circumstances that promote stabilisation and recovery from family violence
engage specialist services as required, and promote collaborative practice around children and families
give precedence to the wellbeing and safety of a child or group of children over the right to privacy
preserve and promote positive relationships between a child and the child’s family members and persons of significance to the child
be respectful of and have regard to a child’s social, individual and cultural identity, the child’s strengths and abilities and any vulnerability relevant to the child’s safety and wellbeing
promote the cultural safety and recognise the cultural rights and familial and community connections of children who are Aboriginal, Torres Strait Islander or both
seek to maintain constructive and respectful engagement with children and their families.

Working with diverse communities and at-risk groups to support wellbeing and safety

You need to consider the barriers to wellbeing and safety that some groups experience due to structural inequality and discrimination. Diverse communities and ‘at-risk groups’ are broadly defined to include:

diverse cultural, linguistic and faith communities (also collectively called CALD communities)
people living with a disability
people experiencing mental health issues
lesbian, gay, bisexual, trans and gender diverse, intersex, queer and questioning (LGBTIQA+) people
women in or exiting prison
people who work in the sex industry
people living in regional, remote and rural communities
older people (aged 65 years, or 45 years for Aboriginal people)
children (0–4 years of age are most at risk)
young people (12–25 years of age).

It will be helpful for you to consider both the individual circumstances of the child and parent or carer, and their specific family and community contexts. This will improve your ability to engage with children and families.

When sharing information about people with disabilities, you should consider:

asking what supports they need to ensure they understand the information you provide and can respond with an informed opinion. Avoid making assumptions about what supports they may require
asking if they would like to seek the support of a trusted person or advocate to ensure they understand the reason for information sharing.

When sharing information about CALD communities, including refugees, you should consider:

there may be language and literacy considerations. This requires sensitivity around ways of communication. For example, you may need an interpreter
there may be complex family and community dynamics to consider, as well as complex migration experiences
when sharing information about people from a refugee background, there is often an added layer of trauma.

When sharing information about LGBTIQA+ communities, you should consider:

the impact sharing information about sexuality, sex or gender identity may have on safety in the family or community
that services may discriminate against, further abuse, or exclude individuals because of sexuality, or gender identity
that sexuality, sex and gender identity may not be recognised by services, or that individuals’ needs will not be understood
that homophobia, biphobia or transphobia by family members is recognised as family violence.

For more information, see the MARAM Foundation Knowledge Guide.

Complaints

If you are concerned that information might have been shared in a way that is not permitted, you have the right to provide feedback and make a complaint.

To make a complaint in the first instance, speak to the organisation who shared the information. All organisations should have procedures in place for dealing with complaints.

If you are not satisfied that the matter has been resolved, a complaint may be made to:

The Office of the Victorian Information Commission (OVIC) if the complaint relates to personal information or the Health Complaints Commissioner (HCC) if the complaint relates to health information under Victorian Law
The Office of the Australian Information Commissioner (OAIC) under Commonwealth Law.

Tools for staff who use CISS and FVISS

View interactive tools and templates to help education workforces implement the information sharing schemes at Tools for staff who use CISS and FVISS.

This includes examples of information sharing in school and service settings, decision trees and downloadable Word templates to help you:

better understand how to use CISS and FVISS
keep accurate records
request information
share information
decline requests
record complaints.

Updated 27 March 2026

Information Sharing and Family Violence Reforms Guidance and Toolspdf2.15 MB

Information sharing and MARAM reforms

Economic Growth Statement

Staff who use CISS and FVISS

On this page

Section overview

This information is relevant for me, if:

Why is this resource important to me?

What is my responsibility?

What training and support do I need?

Overview of the Child Information Sharing Scheme (CISS)

Who?

Why?

What?

When?

How?

Principles

Excluded information under CISS

Overview of Family Violence Information Sharing Scheme (FVISS)

Who?

Why?

What?

When?

How?

Principles

Excluded information under FVISS

Risk Assessment Entities

Figure 6: The relationship between ISEs and RAEs

Sharing for family violence risk assessment

Sharing for family violence risk management

Example - When to use CISS or FVISS

Responding to external requests for MARAM and information sharing records

Consent and seeking the views and wishes of children and relevant family members

Consent under CISS

Consent under FVISS

Seeking and taking into account the views of the child and family members

Other factors to consider when sharing information under CISS

Working with diverse communities and at-risk groups to support wellbeing and safety

Complaints

Tools for staff who use CISS and FVISS

Related links