Skip to content.
|Networking government in New Zealand.
 
You are here: Home » Services » SEEMail » S.E.E. PKI: Paper 6 - Impact on Agencies » 3 Conformity with Policies and Strategies

3 Conformity with Policies and Strategies

3.1 Agency's corporate strategies and policies

3.1.1 Agency IM&T: In light of the S.E.E. PKI (and other S.E.E. projects), the agency will have to review and perhaps update the following:

  • IM&T strategic plan - consider S.E.E. PKI to support agency's external business needs. Consider it for agency's internal use, e.g. Remote Access, replacement of passwords.

  • Business systems architectures - build S.E.E. PKI authentication into new applications.

  • Information management standards - authentication has minimal impact. Digital signature and encryption (future) will have significant impact in this area.

  • Information architectures - authentication has minimal impact. Digital signature and encryption (future) may have significant impact in this area, depending upon system design.

  • Information technology standards and architectures - consider the purchase of PCs with built-in USB ports, smartcard readers or other acceptable smart token reader devices. Promote the use of S.E.E. PKI over other authentication mechanisms.

3.1.2 IM&T governance: The agency may wish to provide feedback to the S.E.E. Steering Group on amendments to S.E.E. procedures.

3.1.3 Operational management: New helpdesk and operational procedures will need to be developed for installing S.E.E. PKI hardware and software, and for user support. All S.E.E. PKI agencies will have to develop their Registration Authority (RA) procedures.

3.1.4 Human resources management: Employee training and exit procedures will need to be reviewed to ensure S.E.E. Key issuance, usage and return is covered. A procedure for revocation will need to be developed.

3.1.5 Industrial relations management: No impact is anticipated.

3.1.6 Financial and asset management: Operation of a S.E.E. PKI architecture will incur more cost than an existing username/password architecture. S.E.E. PKI technology assigned to each user will not be a sigificant asset, as it will be typically $200 - $500.

3.1.7 Internal audit: The existing security audit procedures of the agency will need to be modified, to reflect the change in processes. The RA process could be subject to an external audit, at the agency's expense.


[ Previous | Next ]