Skip to content.
|Networking government in New Zealand.
 
You are here: Home » Services » SEEMail » SEEMail - Terms and Conditions

SEEMail - Terms and Conditions

You are viewing an ARCHIVED page.


Terms and Conditions v01.02

SEEMail is a club. All members must abide by the terms and conditions of the club, to ensure the security of all members. These terms and conditions will evolve to ensure that SEEMail members follow good security practices, so as to establish a minimum acceptable standard of security.

Before you join

  • Contact the SEEMail Manager, to establish a relationship.
  • You must agree to abide by decisions made by the S.E.E. Steering Group, and the terms and conditions of the SEEMail club.

Purchasing

  • Only use a SEEMail accredited vendor.
  • Only install SEEMail accredited software versions (not all versions are accredited).
  • To reduce costs, obtain the template SEEMail contract, available from the SEEMail Manager.
  • Ask other SEEMail agencies what price they paid.

Before Installation

Ensure that:

  • your agency's network and gateway satisfies the Government requirements for protection of SENSITIVE information.
  • you have contacted the SEEMail Manager to indicate you wish to join SEEMail.
  • you know all domain names that your agency uses to send/receive e-mail from.
  • you have purchased your public key pairs and certificates from a commercial Certification Authority
  • provided your public key and a formal membership application to the SEEMail Manager
  • arranged a date/time for interim site certification with the SEEMail Manager.

Site Certification

  • Site certification testing is defined in the SEEMail contract.
  • Interim site certification is achieved when you have exchanged valid SEEMail test messages with designated operational reference sites.
  • A reference copy of your system configuration must be lodged with the SEEMail Manager.
  • Final site certification is achieved when you have exchanged keys and exchanged a valid SEEMail message with every other SEEMail accredited product.

Participating

  • Audit requirements: Self-auditing at this stage. External audit is likely in the future. The Crown will have the right to enter premises to audit/inspect the configuration.
  • Support: Vendor support allowed, with approved SEEMail - standard software support service agreement. In-house support allowed.
  • You must use and maintain the standard SEEMail setup and configuration, with standard behaviour, error messages, etc.
  • When the SEE Manager requires it, you must run the SEEMail Certification Tests upon notification and make the results available to the SEE Manager.
  • Agree to install/delete SEEMail member keys upon notice by the SEE Manager.
  • All SEEMail members update their certificates on an agreed date, currently 6pm, the Thursday before Labour Weekend.
  • Agree to SEEMail rules such as: comply with configuration rules, not keeping up with software, not make unnotified changes, add new members to your rules, exchange keys.

Leaving

To be determined in the future.

Notification requirements

The following is the notification periods for contacting the SEE Manager:-

  • Notice of changes / certificate expiry: 60 days
  • Notice of security issues : immediately (such as compromise)
  • Notice of substantive errors/issues : immediately
  • Notice of resolution : 1 day
  • Notice of Accreditation Tests to be run: 5 days