Skip to content.
|Networking government in New Zealand.
You are here: Home » About e-govt » Programme » E-government Agency Checklist » Mandatory Requirements

Mandatory Requirements

You are viewing an ARCHIVED version of these Requirements. For the latest version, click here.

Public Service departments

The following aspects of e-government are mandatory for all Public Service departments:

Online authentication

Government Logon Service

In October 2004, Cabinet agreed, among other things:

  • "that, once the service is available and proven, all public service departments and other relevant state services agencies will be expected to use the [Government Logon Service] when implementing online authenticated services or upgrading/changing existing services, unless otherwise agreed between the Minister of State Services and the responsible Ministers;
  • "that all public service departments and other relevant state services agencies take account of the development of the [Government Logon Service] when considering any plans to invest in authentication infrastructure, and in particular consider opportunities to defer any planned expenditure to align with the planned rollout of the [Government Logon Service]".

In the same meeting Cabinet directed

  • "the State Services Commission to monitor the plans for development of individual authentication systems by all public service departments and other relevant state services agencies, and identify opportunities for alignment with the timetable of the [Government Logon Service] project." [EXG Min (04) 10/3; CAB Min (04) 35/2 refers].

In 2007 Cabinet agreed that the Government Logon Service was now available and proven and therefore the above direction now applies. [CAB Min (07) 26/2A refers]

Identity Verification Service

In 2007 Cabinet agreed that:

  • "No department should make an investment in its own identity verification capability, outside of the Identity Verification Service, even if funded from within baselines or depreciation, without first consulting the State Services Commission and Treasury, and seeking Cabinet approval." [CAB Min (07) 12/1 (46) refers]

refer www.e.govt.nz/services/authentication/

Revised E-government Strategy

On 16 October 2006, Cabinet:

  • Agreed that all Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office and the New Zealand Security Intelligence Service should ensure that their planning shows appropriate alignment with the E-government Strategy.
  • Agreed that, in developing their plans, these agencies should encourage contracted service providers and non-government organisations that they work with to adopt e-government as and where appropriate.

refer: http://www.e.govt.nz/about-egovt/strategy/nov-2006/ [CAB Min (06) 38/4A refers]

Government Web (formerly the Government Web Standards) Guidelines

On 15 December 2003 Cabinet:

  • directed all Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office, and the New Zealand Security Intelligence Service to implement the Web Guidelines [CAB Min (03) 41/2B refers]
  • Following a thorough review and consultation process, the Web Guidelines were published as the New Zealand Web Standards and Recommendations version 1.0 on 21 March 2007. The Standards apply from 1 January 2008.  Government agencies who are mandated to comply with the Standards must:
    • Make any existing web site compliant with version 1.0 by 1 January 2008, and
    • Comply with any subsequent versions of the New Zealand Government Web Standards and Recommendations produced after 1 January 2008

Funding processes for E-Government Initiatives

Cabinet has agreed that:

  • For all individual or multi-agency e-government initiatives that are funded from baselines, new initiative funding, or any other funding source, agencies must be able to demonstrate that: o in addition to normal consultation requirements, consultation with SSC over alignment of any proposed e-government initiatives with the e-government strategy has occurred. [CAB Min (02) 8/2A refers]

All Public Service and Non-Public Service Departments

Cabinet has made the following mandatory for all Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office, the Parliamentary Service, the Office of the Clerk, the New Zealand Security Intelligence Service, and the Government Communications Security Bureau:

New Zealand e-Government Interoperability Framework (e-GIF)

Cabinet has directed that agencies adopt the e-GIF on the following basis:

Application of e-GIF

  • Current information systems, software applications, or electronic data/information resources do not need to immediately comply with the NZ e-GIF.
  • Any new information system, software application, or electronic data/information resource (or current instances of these being redeveloped or replaced); or systems for interfacing with the same; must comply with the e-GIF except in instances where:
    • it is certain that interoperability will never be a requirement; or
    • the current version of the e-GIF does not, and could not, include policies, standards or guidelines concerning the technologies the agency needs (not wants) to employ; or
    • an alternative approach to achieving interoperability (e.g. EDI) is justified.

Exemptions from e-GIF

  • Where an agency believes there are grounds for exemption from the e-GIF, it must:
    • conclusively demonstrate, to the satisfaction of the e-GIF Steward, where the current version of the e-GIF cannot meet requirements, or why an alternative approach to achieving interoperability is justified; and
    • where sensible, contribute to the updating of the e-GIF. - Where an exemption is approved it will only apply to a specific information system, software application, data/information resource or business process; not the entirety of an agency's information and technology environment and/or business processes.

Special provisions

  • Specialist systems employed by, or sponsored by, the security and intelligence agencies are automatically exempted where compliance with the e-GIF is inappropriate.
    (These requirements apply to the Parliamentary Service and the Office of the Clerk.)
  • Organisations in the wider State sector (such as Crown entities and state-owned enterprises) are encouraged to adopt the e-GIF, and local government organisations are invited to use it.

refer: www.e.govt.nz/standards/egif/ [CAB Min (02) 18/2C refers]. See also CO (02) 12 - New Zealand e-Government Interoperability Framework (NZ e-GIF): adoption by government agencies.

Domain Name Moderation

The .govt.nz namespace is moderated by the State Services Commissioner in partnership with ALGIM (Association of Local Government Information Managers). The moderators have the authority to approve or decline entry to the .govt.nz namespace.

refer: www.e.govt.nz/policy/moderation/index.html

Information security

Agencies are required to implement Security in the Government Sector (SIGS) promulgated by the Department of the Prime Minister and Cabinet on 1 July 2002 (see: www.security.govt.nz). This includes a set of minimum internet security standards, and references SEEMail.

Trusted Computing and Digital Rights Management

In September 2006, Cabinet confirmed the Cabinet Economic Development Committee's minute EDC Min (06) 14/1 Trusted Computing and Digital Rights Management Priciples and Policies which approved the TC/DRM Principles and Policies as New Zealand government policy.

Monitoring Regime for Major Information Technology (IT) Projects

http://www.dpmc.govt.nz/cabinet/circulars/co01/4.html

Cabinet agreed on 10 April 2001(Cabinet office circular CO (01) 4 ), that;

  • The public sector IT Monitoring Regime be consolidated and updated to incorporate the recommendations from the INCIS inquiry that reported to Ministers in November 2000. Circular CO (01) 4 sets out the IT Monitoring Regime confirmed by Cabinet [CAB Min (01) 10/2B].
  • The IT Monitoring Regime applies to all public service departments and to the New Zealand Defence Force, the New Zealand Police, the Office of the Clerk of the House of Representatives, the Parliamentary Counsel Office and the Parliamentary Service.
  • The requirements set out in the circular should be read in conjunction with the guidelines on principles, processes, standards and practices for developing and managing IT projects published from time to time by the State Services Commission and the Treasury. http://www.ssc.govt.nz/display/document.asp?DocID=2787
  • Chief executives are asked to ensure that all staff involved in information technology and information management are familiar with the requirements of this circular.
  • Chief executives are also asked to draw to the attention of Crown entities for which their Minister is responsible, both the regime and Cabinet's recent decision that responsible Ministers may consider directing that the IT monitoring regime apply to specific projects undertaken by Crown entities.
  • Cabinet also agreed that the relevant responsible Minister may also consider directing that the regime apply to specific projects undertaken by the Government Communications Security Bureau or the New Zealand Security Intelligence Service.

For the approval process for major IT business cases, Ministers agreed that, unless otherwise agreed by the department and Treasury, a two-stage approval process should be adopted for major IT business cases (details in Annex 1). This process will consist of:

  • stage 1: on the basis of indicative costs and benefits, seek approval for developing a detailed scoping and finalisation of costs and benefits associated with the project;
  • stage 2: final consideration of the business case, based on more fully developed costs and benefits.

In addition, Ministers agreed on 30 June 2000 that

  • unless central agencies and the department agree that there are compelling reasons to retain a single large project, major IT projects should be broken down into modules, with each module considered as an independent business case within the department's overall IT strategy; and
  • quantitative risk analysis should be used as the basis for appropriations, access to contingency funding, and cash draw-downs for major IT projects, unless relevant Ministers agree that the size and nature of the project do not warrant this approach.

Refer CE Circular 2000/010 http://www.ssc.govt.nz/display/document.asp?docid=2303

Crown Agents

The following whole of government direction is applicable to all Crown agents:

Whole of government direction regarding all-of-government shared authentication services

1. The Minister of State Services and the Minister of Finance, pursuant to section 107 of the Crown Entities Act 2004, direct all Crown agents as follows:

  1. before developing a proposal to invest in or build online credential management or identity verification capability as an alternative to using all-of-government shared authentication services (known upon the giving of this direction as the Government Logon Service and the Identity Verification Service), whether the proposal is to be funded from retained depreciation funding or from new funding, to consult with the State Services Commission; and
  2. if, after such consultation:
    1. the Crown agent still intends to invest in or build alternative online credential management or identity verification capability; and
    2. the State Services Commission has not agreed, either in the individual case or by reference to a generic class consent, to the Crown agent investing in or building alternative online credential management or identity verification capability,

the Crown agent must obtain the approval of its responsible Minister and the Minister of State Services before taking action to implement the proposal,

unless any requirement in this clause 1 would be inconsistent with section 113 of the Crown Entities Act 2004.

2. For the purposes of this direction:

  1. "online credential management" means the use of logons, such as (but not limited to) passwords or two-factor authentication, for ongoing confirmation of identity when accessing a secure online service, whether the service is made available to audiences external to the Crown agent or is only accessible to audiences within or serving the Crown agent itself;
  2. "identity verification" means the establishment and re-confirmation of the identity and identity attributes of a person; and
  3. "generic class consent" means a decision, made by the State Services Commission, to grant consent to a particular class of online service, application or use-case for the purposes of clause 1(2)(ii) of this direction without the need to consider the individual circumstances of individual proposals falling within that class.

[Refer New Zealand Gazette Notice No. 6913 - published 18 September 2008]

See PDF http://e.govt.nz/about-egovt/programme/agency-checklist-2007/govt-direction-08.pdf