1 Introduction

Print this section

1.1 Purpose

The purpose of these requirements is to provide guidance on:

  • the protective marking and handling of official and security classified information
  • information bearing endorsement and/or compartmented markings. 
Back to the top of page Print this subsection

1.2 Audience

These requirements are for:

  • New Zealand government employees
  • contractors
  • individuals who require access to protectively marked information.
Back to the top of page Print this subsection

1.3 Scope

These requirements aim to provide a consistent and structured approach to protectively marking and handling official information and material subject to the New Zealand Government Security Classification System.

These requirements introduce the application of protective markings and go on to describe handling procedures for protectively marked information and material including:

  • removal of protectively marked information and material from agency premises
  • transfer of protectively marked information and material
  • receipt of protectively marked hardcopy information and material
  • destruction of protectively marked hardcopy information and material.

These requirements relate to information security within the New Zealand government and support the implementation of the New Zealand Protective Security Requirements (PSR). 

In particular, they support the Information Security Management Protocol.

They are part of a suite of documents that assist agencies to meet the mandatory information security requirements.

They should be read in conjunction with other supporting information security management requirements. 

Back to the top of page Print this subsection

1.4 Compliance requirements

A control with a ‘must’ or ‘must not’ compliance requirement indicates that use of the control is mandatory. These are the baseline controls unless the control is demonstrably not relevant to the respective agency and can be clearly demonstrated to the agency head or accreditation authority.

A control with a ‘should’ or ‘should not’ requirement indicates that use of the control is considered good and recommended practice.  Valid reasons for not implementing a control could exist, including:

  1. a control is not relevant because the risk does not exist
  2. or a process or control(s) of equal strength has been substituted.

Agencies must recognise that not using a control without due consideration may increase residual risk for the agency.  This residual risk needs to be agreed and acknowledged by the agency head.  In particular an agency should pose the following questions:

  1. Is the agency willing to accept additional risk?
  2. Have any implications for All of Government security been considered?
  3. If so, what is the justification?

A formal auditable record of this consideration and decision is required as part of the governance and assurance processes within an agency.

The PSR provides agencies with mandatory and best practice security measures.

The controls detailed above identify if and when agencies need to consider specific security measures to comply with the mandatory requirements.

Also refer to Strategic Security Objectives, Core Policies and the Mandatory Requirements

Back to the top of page Print this subsection

2 Procedures for applying protective markings

Official information requiring protection should be made visually different by the use of protective markings.

This is relatively easy in the case of information held as a document either on paper or electronically, but is also necessary for all forms of information such as information delivered orally.

The following describes procedures for applying protective markings.

The originator must clearly mark all documents requiring protection with the appropriate protective marking.

These should be placed at the top and bottom of each page. A document in this context is any form of recorded information such as reports, letters, books, email, minutes, memoranda, films, charts, tapes, images and digital media.

If information that carries a protective marking is delivered orally, for example, through classified discussions, the recipient must be told if it requires protection.

Documents with covers such as books, pamphlets and reports, must show the protective marking on the front cover, title page, rear cover and, if possible, on the binding in addition to each individual page.

Any binding or fastening of pages must not obscure the protective marking.

More information

For guidance on how to identify information that requires protective markings, agencies must follow the New Zealand Government Security Classification System.

For guidance on how to protectively mark foreign government information, agencies must follow the New Zealand Government Information Security Management Requirements - Safeguarding Foreign Government Information (under development).

Print this section

2.1 Applying paragraph grading indicators

Agencies should consider developing their own policies on protectively marking paragraphs within a document that require a security classification.

Such protective markings on paragraphs are known as paragraph grading indicators and may appear in brackets at the beginning of each paragraph.

The protective marking can be written in full or abbreviated by the first letters of the security classification, for example, (S) for SECRET or (IC) for IN CONFIDENCE.

Refer to Table 1 for standard abbreviations. Paragraph grading indicators should be the same colour as the text within the document.

To avoid confusion, if paragraph grading indicators are being applied to a document, all paragraphs within that document should be marked.

The paragraph grading indicator UNCLASSIFIED should be used for paragraphs that do not carry a protective marking.

Refer to Example 1.

Table 1: Abbreviated security classifications 

Unclassified (U)
IN CONFIDENCE (IC)
SENSITIVE (Sen)
RESTRICTED (R)
CONFIDENTIAL (C)
SECRET (S)
TOP SECRET (TS)

 

Example 1: Applying paragraph grading indicators

Example 1: Applying paragraph grading indicators
Back to the top of page Print this subsection

2.2 Applying an overall protective marking

Once the paragraph grading indicators have been applied, the overall protective marking can be established. This must be, as a minimum, equal to the highest classification level of any one paragraph within the document.

Security classifications

Security classifications must be in capitals, bold text and be a minimum of either three millimetres high or the same size as the text in the body of the document (whichever is larger).

Colour coding security classifications makes them easier to identify and ensures higher classifications clearly stand out.

Security classifications should be colour coded as noted below.

TOP SECRET: red

SECRET: blue

CONFIDENTIAL: green

RESTRICTED, SENSITIVE and IN CONFIDENCE: black

The highest security classification should be clearly marked at the centre top and bottom of each page in a single line.

Refer to Example 2.

If necessary, the security classification can be stacked in the centre of the page to fit around a letterhead.

Example 2: Applying a security classification marking

Example 2: Applying a security classification marking

 

Documents with covers, or in folders, must show the security classification on the front and rear covers, as well as on the title page and all other pages in the document.

Any bindings or fastenings must not obscure the protective marking.

Refer to Example 3.

Example 3: Applying a protective marking to a multiple page document

Example 3: Applying a protective marking to a multiple page document

Endorsement markings

Endorsement markings must not be used without a security classification.

Where a document requires an endorsement marking, the security classification is applied to the top and bottom of the page and the endorsement marking should be placed below the top security classification and above the bottom security classification.

An endorsement marking should always be in the same size, format and colour as the security classification.

Refer to Example 4.

Example 4:  Applying an endorsement marking 

Example 4:  Applying an endorsement marking

Compartmented markings

When applied, compartmented markings must follow a security classification and must not be applied to non-protectively marked information. Compartmented markings must always be in the same size, format and colour as the security classification.

Where a document requires a compartmented marking, it should immediately follow the security classification on each page separated by //. Where multiple compartmented markers are required, they should be separated by /.  

Refer to Example 5.

Where a document also requires an endorsement marking, it should immediately follow the compartmented markers (or the security classification where no compartmented markers is required) on each page separated by //.

Refer to Example 6.

Example 5:  Applying compartmented markings

applying compartmented markings example 5

 

Example 6: Applying compartmented markings with endorsement markings

Example 6: Applying compartmented markings with endorsement markings

 

 

 

Back to the top of page Print this subsection

2.3 Protectively marking titles

Wherever possible the titles of files, documents, books, reports, etc, should not be protectively marked.

If protectively marking the title is essential, the originator should use a separate UNCLASSIFIED reference. This can appear behind the title in brackets.

Protectively marked classified titles must not appear in information, documents or records management systems that are not themselves protectively marked.

Back to the top of page Print this subsection

2.4 Protectively marking printed graphic matter

For maps, drawings, etc, the protective markings should be printed or stamped near the map scale or drawing numbers and printed at the top and bottom centre of the document.

If the sheet is to be folded, the marking should remain visible after folding.

Back to the top of page Print this subsection

2.5 Protectively marking annexes, appendices, attachments and covering documents

In some cases, the annexes or appendices to a document will require protective markings even if the rest of the document is UNCLASSIFIED.

Occasionally, an annex or appendix may also require a different protective marking from the principal document it is attached to.

If the annex, appendix or attachment has a higher protective marking than the principal document, the document’s front cover should indicate that the document as a whole covers a higher security classification.

Refer to Example 7.

This is not required where the annex, appendix or attachment is of a lower or the same protective marking as the principal document.

When protectively-marked, paper-based documents are filed, the file protective marking should be clearly visible.

The same is true for removable electronic and optical media, such as USBs, CD-ROMs, microfilms, photographs and removable hard drives.  

Refer to the New Zealand Information Security Manual (NZISM) - Media Security

Example 7: Applying protective markings to annexes and appendices

Back to the top of page Print this subsection

2.6 Protectively marking imagery

Photographs, film and their storage envelopes or containers must all carry a clear protective marking when applicable.

As well as having the protective marking on both sides of the containers and spools, information which is protectively marked, including roll imagery, cine-film, video tape, must show a protective marking in the title and end sequences to ensure projection of the marking for at least five seconds for each.

Agencies should mark photographic negatives so that the protective marking is reproduced on all copies made from that negative. 

Back to the top of page Print this subsection

2.7 Protectively marking presentations

Agencies must apply appropriate protective markings to official and security classified presentations. Each slide or screen should be treated as an individual page, as in a paper-based document. The protective marking should be verbally stated to the audience. 

Back to the top of page Print this subsection

2.8 Protectively marked audio

For audio recordings, the level of protective marking must be clearly stated at the beginning and end of each recording. The tape or other media and its container must be conspicuously labelled with the appropriate protective marking.

Back to the top of page Print this subsection

2.9 Protectively marked microforms

Agencies may still hold microforms such as aperture cards, microfiche and microfilm containing protectively marked information. If so, this material must show the appropriate protective marking at the top and bottom centre of each frame.

Additionally, containers and envelopes must bear the appropriate protective marking of the highest protectively marked microform.

The protective marking must be visible without projection on both cards and fiche and microfilm should be prominently marked at the beginning and end of each roll.

Back to the top of page Print this subsection

2.10 Protectively marking electronic storage media

For the policy relating to the marking of electronic storage media, refer to the New Zealand Information Security Manual - Media Security

Back to the top of page Print this subsection

2.11 Protectively marking equipment

Agencies must develop specific procedures to protectively mark equipment. Protective marking should be clearly visible and not easily removed.

Back to the top of page Print this subsection

3 Procedures for protecting protectively marked documents and material

As the level of security classification increases, so does the level of protection required for controlling and handling protectively marked information.

The requirements for controlling and handling a document with SENSITIVE to TOP SECRET protective markings are provided in Annexes A - D. 

Print this section

3.1 Registration systems

Agencies must have in place a system for the control and handling of official and protectively marked information in accordance with the Information Security Management Protocol.

The system should be able to detail the creation, location and destruction details of each accountable document or file. 

Agencies must maintain a Classified Document Register (CDR) for all TOP SECRET and ACCOUNTABLE MATERIAL produced or received within an agency.

The CDR should include details of the documents received and all retained copies. It is recommended agencies also have a register for SECRET information, and where it is necessary for risk mitigation, agencies should use CDRs for lower classified documents.

With due care, the CDR should rarely need to be protectively marked. CDRs should be protectively marked on their own merits and not according to the protective marking of the documents they record, unless the title of the document itself is protectively marked. 

Where the volume of correspondence justifies it, separate registers for each security classification and inwards and outwards correspondence may be used.

Back to the top of page Print this subsection

3.2 Audit

Agencies must develop an agency specific system for the audit of protectively marked hardcopy information in accordance with the Information Security Management Protocol.

Agencies should consider a process for signing some form of receipt when protectively marked information or equipment is delivered.

This would allow for tracing the information’s movements, providing confirmation of receipt and providing a level of assurance that the recipient will be responsible for the protection of that information. 

Any type of receipt mechanism is suitable, as long as it identifies the document either by reference number or by title.

A reference number is often easier when the title of a document may describe the content of a protectively marked document or, in limited cases, contains a word such as ‘secret’ or ‘confidential’. 

Agencies should specify a period on the receipt, for example, seven days, in which the receipt is to be signed and returned by the recipient. 

Agencies should confirm audit receipt returns within a month from the due date of their return.

Agencies must develop policies and procedures for the control and handling of all other official information in accordance with the Information Security Management Protocol.

Back to the top of page Print this subsection

3.3 Spot checks

At irregular intervals the manager responsible for the information must conduct, or arrange for a nominated officer to conduct, a spot check of a small sample of TOP SECRET and ACCOUNTABLE MATERIAL to ensure they are accounted for and are being handled, stored, etc in accordance with these requirements.

Agencies should conduct spot checks on five per cent of TOP SECRET and ACCOUNTABLE MATERIAL per month, with 100 per cent of an agency’s TOP SECRET and accountable files checked within every two-year period.

A record of spot checks should be maintained. It is considered good security practice to conduct a similar spot check of other protectively marked files at irregular intervals.

The manager should report any discrepancy to the Chief Security Officer (CSO) for investigation.

Back to the top of page Print this subsection

3.4 Physical files holding protectively marked information

A file must carry, at a minimum, the protective marking of the highest level of security classified information it holds. 

When new information is added to the file, the file user must ensure that the protective marking carried by the file is still appropriate. If the information to be added is at a higher security classification than the file itself, the file user must reclassify the file before attaching the new document.

Agencies must consider whether the file would require a higher security classification due to the aggregation of the information contained within this file. 

TOP SECRET and SECRET documents must be placed in an appropriate file or cover immediately. 

The location of at least the TOP SECRET document must then be recorded in the CDR.

Information which needs to be filed, and is protectively marked at levels lower than SECRET, should be placed on an appropriate file as soon as possible after its creation or receipt. This is usually following registration.

Agencies should use a file reference and folio numbering for protectively marked files to maintain a record of the information held on the file. It is also considered good practice to follow normal filing procedures such as recording the date and name of the person holding the file.

The protective marking of the file must be clearly and easily identifiable and easily distinguished from other markings.

There are preferred standard colours for file covers that should be used for protectively marked files.

Agencies might have other requirements that preclude the use of the standard colour file covers.

The standard colour file covers that should be used are noted below.


 

Back to the top of page Print this subsection

3.5 Storage of official and protectively marked information

Agencies must store official and protectively marked information in accordance with the Security Zones and Risk Mitigation Control Measures.

Back to the top of page Print this subsection

3.6 Aggregation of protectively marked information

The protective marking of a file must be at least as high as the highest protectively marked document it encloses.

When information is aggregated, consideration should be given to increasing the protective marking based on the information as a whole.

Refer to New Zealand Information Security Manual - Management of Aggregated Information

Certain compilations of protectively marked information may require an application of a higher protective marking than its component parts because the compromise of the combined information would cause a greater damage.

This is normally referred to as ‘aggregation’ and is particularly relevant to collections of electronic information.

If the amount of protectively marked information relating to a previously unclassified file is negligible, another part to the file should be opened and the protectively marked information placed on it.

The new part should then be protectively marked accordingly. 

Back to the top of page Print this subsection

4 Procedures for production and preproduction of protectively marked documents

To help control protectively marked information, agencies should keep the number of copies to a minimum.

Protectively marked information should be reproduced only when necessary.

Spare or spoilt copies that are not required to be kept under the Public Records Act 2005 should be destroyed immediately.

To make copies of protectively marked information that has a copy number, the originating agency’s permission must be obtained. 

It is preferable that any additional copies be provided by the originator. 

Should the originator give permission for the receiving agency to copy the information, agencies should provide the proposed additional distribution to the originator. 

The originator will indicate the appropriate additional copy numbers that must be clearly marked on the additional copies.

Agencies may decide whether they wish to follow similar procedures for other official and protectively marked information.

Please note that such procedures must be applied to operate a classified registry.

Print this section

4.1 Accountable material

Once disseminated, ACCOUNTABLE MATERIAL must not be copied or reproduced in any form. If additional copies are required, they must be requested from the original source.

All ACCOUNTABLE MATERIAL should have a copy number on the front cover to enable accurate records and control of distribution.

When a protectively marked document is made 'accountable', the allocated person responsible must check and certify its safe custody at stated intervals, normally every six months.

All TOP SECRET information must be made ACCOUNTABLE MATERIAL by default.

Information must not be extracted from ACCOUNTABLE MATERIAL without the permission of the originator. 

Back to the top of page Print this subsection

4.2 Foreign government information

The Safeguarding Foreign Government Information (under development) should be followed for the reproduction of foreign government information. 

Back to the top of page Print this subsection

4.3 Photocopiers, facsimile machines and similar devices

Machines copying or transmitting protectively marked documents should be located in an area where activity cannot be conducted unobserved.

Staff responsible for operating these machines should stay within the vicinity of the machine until the action is complete and remove the document immediately.

Agencies should be aware that photocopiers, facsimile machines and similar devices, known as multi-function devices (MFDs) may retain images of copied documents.

Consult Government Communication Security Bureau (GCSB) for advice on the sanitisation of these and similar devices.

Devices that are connected to ICT systems must not be used to copy documents protectively marked higher than the ICT system to which the device is connected. 

Refer to the New Zealand Information Security Manual - Information Technology Security

Devices connected to public networks must not be used to copy protectively marked documents as the information can remain in the machine and could subsequently be transmitted.

Protectively marked documents must not to be transmitted by facsimile unless that information is protected in accordance with the New Zealand Information Security Manual - Fax Machines and Multifunction Devices

Back to the top of page Print this subsection

5 Removal of protectively marked documents and material from agency premises

If agencies remove protectively marked documents and material from the premises, they must establish policies and procedures to ensure they are protected.

Removal must only be allowed when there is a definite need, for example, attendance at meetings or short-term work at home and when the appropriate protection can be maintained en route and at the final destination.

Given the security requirements for the storage and care of TOP SECRET information, its removal for short-term work at home must not be permitted without prior approval from the New Zealand Security Intelligence Service (NZSIS) and the originating agency.

Agencies must follow Working Away from the Office for requirements on security arrangements for regular and long-term home-based work.

Print this section

5.1 Within New Zealand

The removal of protectively marked documents and material outside the secure or authorised work area requires approval and an audit trail must be established for accountability purposes.

While agencies decide who can authorise removal of protectively marked documents and material, it can only be authorised by the manager or equivalent person responsible for that information and material. 

A record must be maintained of all removals at TOP SECRET and SECRET levels.

Before approval is given for removal of protectively marked documents and material, the person removing the documents and material must be made aware of the risks involved and be prepared to accept responsibility for its safe custody.

The authorising officer must be satisfied that there are adequate arrangements for the safe custody of the documents and material and a genuine need exists.

The NZSIS has approved briefcases and satchels suitable for carrying protectively marked information. 

Details can be obtained from the Approved Products ListThis information is classified. Please contact the PSR team for further information.

Where protectively marked documents are transported outside an agency in an approved briefcase or satchel, they must be placed in an opaque envelope within the briefcase. 

The briefcase or satchel must be locked at all times and must be kept under the personal protection of the custodian.

To prevent key duplication or lock manipulation, keys should not be left in the lock and the briefcase or satchel should be locked, even when the empty.

Electronic media, such as laptops, CDs and USBs that have been used to process protectively marked information, requires protection to the same degree as paper-based protectively marked information.

The level of protection afforded must be equivalent to the highest level of protectively marked information ever placed on the media until it is sanitised. 

Refer to the New Zealand Information Security Manual - Working Off-Site

In addition to any authorisation granted, protectively marked information must not be taken home unless the custodian has the appropriate protective security arrangements at their place of residence.

Agencies must follow the Working Away from the Office for requirements on security arrangements for regular and long-term home-based work.

If the security of information required for meetings cannot be guaranteed by the person attending that meeting, for example, when staying overnight in a hotel, it may be forwarded in advance by appropriate transfer arrangements to a regional or branch office.

Where necessary, similar arrangements should be made for the information's return. If this is impractical the CSO's advice must be sought.

Back to the top of page Print this subsection

5.2 Outside New Zealand

Protectively marked information can be exposed to a far greater risk when it is taken outside New Zealand, requiring increased protective measures.

Special care must be considered when protectively marked information is taken overseas.

Before protectively marked information is transmitted or handled outside New Zealand, agencies must refer to the security requirements specified in Security Zones and Risk Mitigation Control Measures.

Agencies should also check with the Ministry of Foreign Affairs and Trade (MFAT) about the most appropriate method of despatch.

When people travelling overseas require protectively marked information, the information should travel separately in the MFAT courier service, unless the person has diplomatic courier status.  Note that this includes any form of electronic media or equipment such as laptops, CDs or USBs.

If use of the MFAT courier service is not practical, the CSO should contact MFAT or NZSIS to discuss alternative arrangements.  

Back to the top of page Print this subsection

6 Procedures for the transfer of protectively marked information and material

The security measures required to protect protectively marked information and material during physical transfer will depend on any protective markings, where it is going from and to, and the method used.

Any person wishing to transfer protectively marked information and material to another person must be sure the intended recipient has the appropriate ‘need-to-know’ and the required level of security clearance before the information and material is transferred.

General advice on the various transfer procedures of protectively marked information and material is set out below. 

Agencies should develop a policy based on these minimum measures as well as for information and material too large for the ‘double barrier’ principle. 

In this instance agencies should take appropriate measures for transfer. 

Print this section

6.1 Preparing protectively marked information for physical transfer

Protective measures must be employed for protectively marked information while in transit outside agencies.

This can include carriage in NZSIS-approved briefcases, satchels, seals, pouches or transit bags or special enveloping procedures and transferral by hand between people with the appropriate security clearance or by authorised messengers.

A number of methods can be used, for instance, using a ‘double barrier’ or by ‘double enveloping’. For example, the use of a single paper envelope in conjunction with a NZSIS-approved briefcase, satchel, pouch or transit bag, or ‘single use’ NZSIS-approved envelopes.

Refer to Process for double enveloping for more information.

Whatever the combination used, the inner barrier must be tamper evident and the outer barrier must obscure the nature of the information being transferred.

Agencies must use a double barrier to transfer protectively marked documents securely outside an agency.

Protectively marked information should be addressed to a specific position, appointment or named individual. 

An alternative individual or appointment must be provided for TOP SECRET information and should be provided in the case of protectively marked information security classified below TOP SECRET.

The sender must have determined that the addressee and alternative possess the required level of security clearance. 

The transfer of protectively marked information within a discrete office environment can be done without any coverings such as envelopes when:

  • the information is transferred directly between members of staff who have the appropriate level of clearance to access it and the need-to-know
  • there is no opportunity for unauthorised personnel to view the information.

If there is a risk that an unauthorised person could view the information it must be covered.

Back to the top of page Print this subsection

6.2 Process for double enveloping

Double enveloping is used to help protect the need-to-know principle in the transfer of protectively marked information and ACCOUNTABLE MATERIAL.

Double enveloping is a method that provides evidence of tampering. As the name suggests, double enveloping consists of placing protectively marked information or ACCOUNTABLE MATERIAL in two sealed envelopes.

Agencies must use double enveloping for all information, security classified as CONFIDENTIAL, SECRET and TOP SECRET, when either delivering by hand or using a NZSIS-endorsed courier.

Double enveloping of information security classified as IN CONFIDENCE, SENSITIVE or RESTRICTED is at agency discretion, dependent on the agency security risk management plan.

When sending by post or commercial courier, SENSITIVE and RESTRICTED information or material must be double enveloped.

Refer to Carriage by commercial courier or post for more information.

When transferring protectively marked information the sender must specify the intended recipient’s name, designation and full street address. 

Agencies must not send protectively marked information to a post office box.

Double enveloping must be used in conjunction with receipts that:

  • are enclosed with the protectively marked documents
  • identify the date/time of dispatch, dispatching officer’s name
  • have a unique identifying number.

Outer envelope

The outer envelope is used in a similar way to normal mail envelopes and gives protection to the inner envelope.

The outer envelope must not:

  • display the protective markings of the document
  • use tamper evident seals.

The outer envelope must display:

  • the physical address of the recipient
  • a distinct reference number - this may be the receipt number if the envelopes are not individually numbered
  • name and signature of dispatching officer
  • date of dispatch.

Inner envelope

The inner envelope is used to give evidence of tampering. In addition to what should be displayed on the outer envelope the inner envelope should:

  • display the protective markings at the top and bottom and front and back of the envelope
  • be sealed with NZSIS-approved tamper evident seals in such a way that covert entry to the envelope is countered.

Other methods

There are single use envelopes that have been approved by NZSIS for use:

  • as an inner envelope
  • as an outer envelope when used to enclose a number of inner envelopes where initial delivery will be to a registry or similar.

There is also a range of multi-use satchels that may be used in some circumstances. Refer to the Approved Products List. This information is classified. Please contact the PSR team for further information.

Back to the top of page Print this subsection

7 Methods of transfer

Print this section

7.1 Safe hand

Carriage of protectively marked information by safe hand means that it is despatched to the addressee in the care of an authorised officer or succession of authorised officers who are responsible for its carriage and safekeeping.

At each handover, a receipt is obtained showing at least the identification number of the package, the time and date of the handover and the name and signature of the recipient.

The purpose of sending an article using safe hand is to establish an audit trail that allows the sender to receive confirmation that the addressee received the information.

To send information using safe hand:

  • it must be enclosed in a double barrier, that is, double enveloped
  • it must possess a unique identification number - generally, this will be a receipt number
  • a two-part receipt must be placed in the inner envelope with the information - the addressee will keep one portion and sign and return the other to the sender
  • some form of record or receipt system must accompany the package, so that every handover is documented
  • information should be transported in an approved briefcase or mailbag - agencies should refer to the Approved Products List. This information is classified. Please contact the PSR team for further information.
  • information must not be left unattended - except when placed in the cargo compartment of an aircraft. 
Back to the top of page Print this subsection

7.2 Carriage by commercial courier or post

Agencies may send material classified up to and including RESTRICTED by post or commercial courier within New Zealand.

Items classified SENSITIVE or RESTRICTED must be double enveloped.

Where no authorised messenger or safe-hand courier service exists, agencies may allow material classified CONFIDENTIAL to be carried by signature-required commercial courier or registered post within New Zealand.

This can be done:

  • if delivery by safe hand cannot be effected within 15 minutes (whether by foot or vehicle)
  • where there is agreement between the sending and receiving agencies on the use of commercial couriers for the carriage of CONFIDENTIAL material
  • arrangements have been made to ensure the receiving agency is able to accept it at the expected delivery time.

Only commercial couriers that have been approved by the NZSIS must be used to carry SECRET material.

Details on the requirements and approval process can be obtained by the CSO from the NZSIS.

All CONFIDENTIAL or SECRET security classified information sent via commercial courier or postal agency must be accompanied by a receipt that must be signed by the receiving agency and returned to the sending agency.

Refer to Audit.

TOP SECRET material and material with a compartmented marking must not be carried by commercial courier or postal agency. 

Note that the special handling requirements that apply to some other protectively marked information carrying endorsement markings may also preclude the use of a commercial courier.

Information marked with the New Zealand Eyes Only (NZEO) endorsement marking must be transferred according to its level of security classification.

The requirements for other endorsement markings are established by the controlling agency. 

For carriage by commercial courier, the courier satchel itself when opaque can stand as the outer envelope. Envelopes and wrappings need to be robust to stand up to the wear and tear of transit.

Protectively marked information is not to be left unattended while awaiting pick-up by courier.

On arrival at the receiving registry or government office, delivery documentation should be checked to ensure that the dispatched items arrived within the expected timeframe. 

If there has been an undue delay or if there is any sign of tampering, both the sending and receiving CSOs should be notified.

Protectively marked information should not be dispatched on days before weekends or public holidays unless the addressee is able to receive it the following day and secure it appropriately.

Back to the top of page Print this subsection

7.3 Bulky material

Generally, where the size and weight of material is such that it cannot be moved by safe hand procedures or commercial couriers, special precautions should be made to ensure that the material is not compromised, lost or damaged in transit.

Advice should be sought from the CSO who may, in turn, obtain advice from NZSIS on the carriage of such material.

Back to the top of page Print this subsection

7.4 High-risk unclassified material

Intrinsically valuable material such as artwork or money might need to be transferred between agencies or organisations. In this case, agencies may use commercial courier services.

Care should be taken to assess the bona fides, suitability and reliability of any courier service used to perform such work.

Wherever possible, agencies should avoid drawing attention to the specific nature of the material being moved. 

It could also be highly desirable in some circumstances to seal the material or security clear the employees of the courier services directly involved in the movement of the material.

Special arrangements such as security or police escorts could also be necessary in some cases.

Agencies engaging the services of courier companies to carry these assets must ensure relevant jurisdictional legislation is met and that the physical security protection offered by the courier company is suitable to treat against identified risks.

Back to the top of page Print this subsection

8 Receiving protectively marked documents

Agencies must ensure personnel who receive protectively marked documents are aware of their responsibilities and, where necessary, hold the appropriate security clearance.

Protectively marked documents should only be opened by the addressee or the alternative addressee. 

An agency head may, however, authorise a specified person or area to open all mail to perform information or security management functions.

In the case where someone other than the intended addressee is charged with its opening, agencies should adopt the normal practice of opening the outer envelope only. 

If needed, the inner envelope should only be opened in the presence of the addressee.

The recipient of a package containing protectively marked documents must verify that the information was transferred by the appropriate means and verify that its seals and packaging are still intact.

Refer to Annexes A – D for more information.

Agencies must report any breakages, signs of tampering or inappropriate methods of transfer to the CSOs of both the receiving and sending agency. If the package was delivered by a NZSIS-endorsed courier, NZSIS must be advised. The recipient must check that the contents and their integrity are preserved, for example, check pages and table of contents and sign and return any receipt accompanying the information. 

If a protectively marked document register is kept, the information is then registered.

Print this section

8.1 Foreign government information

From time to time, agencies may receive information originating from a foreign government source. 

Agencies must follow the Safeguarding Foreign Government Information (under development) for receiving such information.

Back to the top of page Print this subsection

9 Procedures for the destruction of protectively marked documents and ICT media

Protectively marked information can be compromised because of inappropriate/ inadequate destruction. 

Agencies must use approved procedures to dispose of protectively marked information. 

It is important to note that any disposal of official records needs to be in accordance with the Public Records Act 2005. This usually means under the provisions of a disposal authority issued by the Archives New Zealand. 

Agencies should contact Archives New Zealand if they require further information relating to the disposal of records.

Protectively marked information must not be, under any circumstances, disposed of by garbage or recycling collection unless it has already been through a NZSIS-approved destruction process such as shredding.

CSOs can seek advice from NZSIS for routine or emergency destruction of protectively marked information.

Print this section

9.1 Methods of destruction

The following are the usual methods of destruction of protectively marked information:

  • pulping - transforming mass to a given size determined by a removable screen
  • burning - in accordance with relevant environment protection restrictions
  • pulverisation - using hammermills with rotating steel hammers to pulverise the material
  • disintegration - using blades to cut and gradually reduce the waste particle to a given size determined by a removable screen
  • shredding - using strip-shredders and crosscut shredders. Only crosscut shredders are NZSIS-approved for protectively marked information.

Agencies must refer to the Physical Security Management Protocol and requirements for advice on protective security equipment.

Where the destruction method is shredding, and the information is security classified as TOP SECRET, or carries a compartmented marking, it must be shredded in a NZSIS-approved Grade 5 crosscut shredder.

Where the destruction method is shredding, and the information is security classified as CONFIDENTIAL or SECRET, it must be shredded in a NZSIS-approved Grade 4 crosscut shredder.

Where the destruction method is shredding, and the information is security classified up to and including RESTRICTED, then it must be shredded in NZSIS-approved Grade 3 crosscut shredder.

For other destruction methods, agencies should refer to the relevant NZSIS Protective Security Circular (under development) and New Zealand Information Security Manual - Product Sanitisation and Disposal for details on the required particle sizes for paper-based information and ICT media respectively.

Back to the top of page Print this subsection

9.2 Waste and recycling

Waste, whether it is placed in a rubbish skip or other area for collection, or delivered directly to a waste disposal service, is extremely vulnerable.

Only information that is non-protectively marked official information or has already undergone an NZSIS-endorsed destruction process such as shredding should be discarded in the agency’s general rubbish. 

Recycling or discarding intact documents does not serve the same purpose as document destruction and should only be used by an agency for public sector information disposal or when the information has already undergone some form of appropriate destruction such as shredding.

Agencies must develop their own policy for destruction of non-protectively marked information, after considering any agency-specific issues in accordance with their agency’s security risk management plan.

Back to the top of page Print this subsection

9.3 Contracted destruction

Agencies may consider it is necessary for the destruction of their protectively marked waste to be undertaken by an approved destruction company. Any decision to do so must be based on sound risk management.

Before entering into a contract for the destruction of paper-based protectively marked information, agencies must ensure that the transport, procedures and facilities are approved by the NZSIS, as well as the destruction equipment as required. 

Agencies must determine the procedures that it and the contractor will use to maintain an appropriate level of security throughout the pickup, transportation and destruction of the waste.

Appropriate procedures include:

  • the waste must not be left unattended at any time and the vehicle and storage areas are appropriately secured
  • the destruction must be performed immediately after the material has arrived at the premises
  • destruction of the waste should be witnessed by an agency representative
  • destruction company staff must have a security clearance to the highest level of the protectively marked information being transported and destroyed, or appropriately security cleared agency staff must escort and witness the destruction. Information marked TOP SECRET and ACCOUNTABLE MATERIAL must be destroyed within agency premises and only once the originating agency has been notified. The originators may also apply special conditions to the destruction of some protectively marked information that might prevent contracting out destruction.

When an agency decides to outsource the destruction of unclassified material, the agency should take a risk management-based decision.

This decision must take into account the company, including how they transport information, their procedures and the security of their facility, and the equipment used, for example, the resultant particle size of the destroyed material.

Classified waste bags and bins are not security containers. Therefore, they must receive appropriate protection during use and storage by the agency before collection.

Classified waste bags and bins need to be stored according to the highest level of protectively marked information they contain.

Agencies and contractors may use a variety of methods for destruction of protectively marked material.

It is essential, however, that all equipment used for such destruction is NZSIS-endorsed.

Back to the top of page Print this subsection

9.4 ICT media and equipment

Agencies must refer to the New Zealand Information Security Manual - Product Sanitisation and Disposal for information on the sanitisation and destruction of electronic media and equipment.

Back to the top of page Print this subsection

9.5 Microfiche and other photographic material

Protectively marked microfiche and other photographic material must be destroyed using NZSIS-approved equipment or processes.  

Back to the top of page Print this subsection