Skip to content.
|Networking government in New Zealand.

Resources

Training and Resources in Risk Management

Government Technology Services (GTS) provides risk assessment, risk management and security expertise. http://gts.ssc.govt.nz/risk-management/

GTS also provides training for government staff in applying the all-of-government Risk Assessment framework based on the AS/NZS4360 Risk Management standard. The workshop is aimed at those responsible for risk management either as part of a project or on a routine basis. While the training is generic, participants are encouraged to bring concrete examples for discussion.  The email contact for this training is: gts@ssc.govt.nz /

Risk Management AS-NZS 4360 2004
Information Security Risk Management Guidelines  SNZ HB 231 2004
Both are available from Standards New Zealand at http://www.standards.co.nz/web-shop/?action=viewProductPack&mod=catalog&pid=4028828607e45bd10107fe3022980003&sectorId=I1
For government agencies, these are available through the Public Sector Intranet through an agreement between SSC and Standards New Zealand. https://psi.govt.nz/ims/default.aspx

The Treasury provides guidance on preparing a cost benefit analysis at http://www.treasury.govt.nz/publications/guidance/costbenefitanalysis/

Government agencies are strongly advised to take advantage of the expert risk assessment panel established by SSC for Quantitative Risk Analysis (QRA) services for the preparation or review of a risk analysis where appropriate (see http://www.e.govt.nz/resources/news/headlines/20080228.html/).

Agencies are also advised to consult their monitoring agencies as appropriate to endorse or advise on the risk assessment and cost/benefit analysis. For major IT projects, agencies should consult the SSC Guidelines for Managing and Monitoring Major IT Projects at http://www.ssc.govt.nz/ITguidelines and the Gateway Review Process at http://www.ssc.govt.nz/gateway.

Agencies are reminded that the Government Web Standards and Recommendations apply regardless of whether their website is hosted in New Zealand or offshore (see http://webstandards.govt.nz/ ). 

Agencies should also note the requirements of the Government Web Site Outsourcing Guidelines. These are guidelines for NZ government agencies tendering and contracting for web development and hosting services (see http://webstandards.govt.nz/index.php/New_Zealand_Government_Web_Site_Outsourcing_Guidelines).

 
New Zealand Legislation

The Parliamentary Counsel Office makes all New Zealand Acts and Regulations freely available at  http://www.legislation.govt.nz/
Privacy Act 1993
Public Records Act 2005
Public Finance Act 1989 s.65ZC

International Legal Resources

WorldLii makes legislation from around the world freely available at http://www.worldlii.org/  Information is also made available by subject groupings such as privacy (including NZ privacy decisions, and case notes) http://www.worldlii.org/catalog/273.html and contracts http://www.worldlii.org/catalog/50048.html.

(European Union) Standard Clauses for the Transfer of Personal Data to Third Countries http://europa.eu/scadplus/leg/en/lvb/l14012.htm

(EU) Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries. http://ec.europa.eu/justice_home/fsj/privacy/thridcountries/index_en.htm

International Chamber of Commerce http://www.iccwbo.org/ 
Model clauses for use in contracts involving transborder data flows 23 September 1998 http://www.iccwbo.org/id911/index.html

New Zealand Government Policies and Standards

Standards of Integrity and Conduct for the State Services http://www.ssc.govt.nz/display/document.asp?navid=311

Archives New Zealand
Continuum is Archives New Zealand's place to find resources and services, including advice, training and forums, on complying with the Public Records Act 2005http://continuum.archives.govt.nz/home.html

Ministry of Economic Development Procurement site
http://www.med.govt.nz/templates/StandardSummary____181.aspx
MED publishes Mandatory Rules for Procurement by Departments and Policy Guide for Purchasers on this site as well as other useful guidance. See in particular the basic principles in:   http://www.med.govt.nz/templates/ContentTopicSummary____29393.aspx

Office of the Auditor General
Procurement Guidance for Public Entities  http://www.oag.govt.nz/2008/procurement-guide/

Government Web Site Outsourcing Guidelines http://webstandards.govt.nz/index.php/New_Zealand_Government_Web_Site_Outsourcing_Guidelines

Government Web Standards and Recommendations http://webstandards.govt.nz/index.php/Home_page

Overseas Hosting Risk Analysis (for offshore web sites). http://www.e.govt.nz/policy/trust-security/overseas-hosting.html/view?searchterm=website hosting

Security in the Government Sector  http://www.security.govt.nz/sigs/index.html

NZ ICT Security Manual NZSIT400 series   http://www.gcsb.govt.nz/newsroom/nzsits.html

Guidelines for the Treatment of Intellectual Property Rights in ICT Contracts http://www.e.govt.nz/policy/ipr

SSC Guidelines for Managing and Monitoring Major IT Projects http://www.ssc.govt.nz/ITguidelines

The Reserve Bank's Policy on Outsourcing by Banks, by Tim Ng. Reserve Bank of New Zealand: Bulletin, Vol. 70, No. 2 http://www.rbnz.govt.nz/research/bulletin/2007_2011/2007jun70_2ng.pdf

Privacy Resources

Privacy Impact Assessment Handbook, Office of the Privacy Commissioner http://www.privacy.org.nz/privacy-impact-assessment-handbook/?highlight=PIA%20handbook

Privacy Breach Guidelines, Office of the Privacy Commissioner.  http://www.privacy.org.nz/privacy-breach-guidelines-2/

Privacy and Sovereignty: Data fight or flight. Speech by Marie Shroff, Privacy Commissioner at GOVIS, May 2007.  http://www.privacy.org.nz/privacy-and-sovereignty-data-fight-or-flight-marie-shroff/

Memorandum of Understanding between the Office of the Australian Privacy Commissioner and the Office of the New Zealand Privacy Commissioner.  http://www.privacy.org.nz/memorandum-of-understanding/

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_119820_1_1_1,00.html

OECD Recommendation on Consumer Dispute Resolution and Redress http://www.oecd.org/dataoecd/43/50/38960101.pdf

OECD Recommendation on the Cross-border Enforcement of Laws Protection Privacy (2007) http://www.oecd.org/dataoecd/43/28/38770483.pdf

Asia Pacific Economic Cooperation Electronic Commerce Steering Group http://www.apec.org/apec/apec_groups/committees/committee_on_trade/electronic_commerce.html  This group is responsible for APEC work on privacy generally.
APEC Data Privacy Pathfinder http://aimp.apec.org/Documents/2007/SOM/CSOM/07_csom_019.doc

Asia Pacific Privacy Authorities http://www.privacy.gov.au/international/appa/index.html

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such datahttp://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm

(EU) Standard Clauses for the Transfer of Personal Data to Third Countries http://europa.eu/scadplus/leg/en/lvb/l14012.htm

(EU) Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries. http://ec.europa.eu/justice_home/fsj/privacy/thridcountries/index_en.htm

(EU) Binding Corporate Rules consultation documents http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/consultations/index_en.htm

(EU) Working Document on Frequently Asked Questions (FAQs) related to Binding Corporate Rules.
 http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp155_en.pdf

(EU) Working Document Setting up a framework for the structure of Binding Corporate Rules. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp154_en.pdf

(EU) Working Document Setting up a table with the elements and principles to be found in Binding Corporate Rules. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp153_en.pdf

(EU) Frequently asked questions relating to transfers of personal data from the EU/EEA to third countries.  http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_en.htm

International Chamber of Commerce http://www.iccwbo.org/ 
Model clauses for use in contracts involving transborder data flows 23 September 1998 http://www.iccwbo.org/id911/index.html

Privacy and Human Rights. An annual report from the Electronic Privacy Information Centre. http://epic.org/bookstore/

WorldLii makes legislation from around the world freely available at http://www.worldlii.org/  Information is also made available by subject groupings such as privacy (including NZ privacy decisions, and case notes ) http://www.worldlii.org/catalog/273.html

Reports

Development Goals for the State Services  http://www.ssc.govt.nz/development-goals 

Transparency International's annual report on openness and transparency of governments around the world www.transparency.org 

Canadian Privacy Commissioner Report of Findings (2008 CIPPIC complaint) http://www.cippic.ca/uploads/OPC_Findings-canada.com.pdf .

Privacy and the USA Patriot Act: Implications for British Columbia Public Sector Outsourcing.  Information & Privacy Commissioner for British Columbia ,October 2004.
http://www.oipcbc.org/sector_public/archives/usa_patriot_act/pdfs/report/privacy-final.pdf

AOL apologizes for release of user search data, by Dawn Kawamoto and Elinor Mills,
CNET News, 7 August 2006.  http://www.news.com/2100-1030_3-6102793.html

Dancing in the Minefield: Legal outsourcing abroad, by Sharon D. Nelson. http://ridethelightning.senseient.com/2008/09/dancing-in-the.html 
See this article for discussion of an American Bar Association resolution on outsourcing legal services from outside the US.

A map of the world's undersea communications cables http://world-secure-channel.com/uploads/map_cables(1).jpg

[ Previous | Next ]