1 Introduction

Print this section

1.1 Purpose

The purpose of these requirements is to help agencies:

  • identify the protection requirements for official information
  • establish protection requirements for official information.
Back to the top of page Print this subsection

1.2 Audience

The audience of these requirements is:

  • New Zealand government employees
  • New Zealand government contractors
  • any person with access to official information that requires protection.
Back to the top of page Print this subsection

1.3 Scope

These requirements cover information security within the New Zealand government, recognising official information requires additional control measures.

These measures will assist agencies in identifying the value of information to better ensure its protection.

This protection is communicated through the application of a suitable protective marking.

The application of protective markings to Cabinet papers and foreign government information are also discussed in this document.

These requirements relate to information security within the New Zealand government.

They support the implementation of the New Zealand Protective Security Requirements (PSR) and, in particular, the Information Security Management Protocol

These requirements are part of a suite of documents that assist agencies to meet their information security mandatory requirements.

Agencies must also take into account legal requirements under the:

Back to the top of page Print this subsection

1.4 Compliance requirements

A control with a ‘must’ or ‘must not’ compliance requirement indicates that use of the control is mandatory. These are the baseline controls unless the control is demonstrably not relevant to the respective agency and can be clearly demonstrated to the agency head or accreditation authority.

A control with a ‘should’ or ‘should not’ requirement indicates that use of the control is considered good and recommended practice.  Valid reasons for not implementing a control could exist, including:

  1. a control is not relevant because the risk does not exist
  2. or a process or control(s) of equal strength has been substituted.

Agencies must recognise that not using a control without due consideration may increase residual risk for the agency.  This residual risk needs to be agreed and acknowledged by the agency head.  In particular an agency should pose the following questions:

  1. Is the agency willing to accept additional risk?
  2. Have any implications for All of Government security been considered?
  3. If so, what is the justification?

A formal auditable record of this consideration and decision is required as part of the governance and assurance processes within an agency.

The PSR provides agencies with mandatory and best practice security measures.

The controls detailed above identify if and when agencies need to consider specific security measures to comply with the mandatory requirements.

Also refer to Strategic Security Objectives, Core Policies and the Mandatory Requirements

Back to the top of page Print this subsection

2 Official information and the security classification system

Official information is any information held by the New Zealand Government and its agencies.

There are two types of official information:

  • information that does not need increased security
  • information that needs increased security measures to protect it from unauthorised disclosure.

Official information can include public sector information sanctioned for public access or circulation such as agency publications or websites. 

Official Information Act 1982

The Official Information Act 1982 provides the legislative basis for the release of government information. 

Sections 6, 7 and 9 of the Official Information Act 1982 describe the types of government documents that may be exempt or are conditionally exempt from authorised disclosure.

New Zealand Government Security Classification System

The New Zealand Government Security Classification System identifies official information that requires extra protection against unauthorised or accidental disclosure and limits access to that information and equipment through a series of procedural and/or physical barriers.

Specifically, the security classification system has been designed to help protectively mark material, based on a risk-assessment of how much damage or prejudice would result from compromising specific content.

It includes documents where the disclosure of which would be detrimental to New Zealand citizens, the New Zealand Government and government agencies.

The security classification system was agreed by Cabinet in December 2000 [CAB(00)M42/4G(4)].

Protection measures

Protection is given by limiting access to the information through a series of measures.

These measures can be:

  • procedural such as use, handling, transmission and access restricted to suitably cleared employees
  • physical such as storage and access to work areas
  • technical such as firewalls and encryption.

Access

To reduce the risk of unauthorised disclosure, agencies must take all reasonable and appropriate precautions to ensure that only individuals with a proven ‘need-to-know’ are granted access to official information, regardless of whether it is subject to the security classification system or not.

Individuals are not entitled to, and must not be given access to, official information merely because it would be convenient for them to know or because of their status, position, rank or level of authorised access.

Agencies must advise all employees, including contractors, who are exposed to the security classification system on how to use it.

For details on personnel security requirements, refer to the Personnel Security Management Protocol.

For additional information on the protection requirements of the security classification system, refer to Handling Requirements for Protectively Marked Information and Equipment.

Print this section

3 Protective markings

Once official information has been identified as requiring some form of protection, and/or special handling, a protective marking must be assigned to the information.

The marking indicates:

  • that the information has been identified as sensitive in nature
  • the level of protective procedures that must be provided during the production, use, storage, transmission, transfer and disposal of the information.

A protective marking indicates the required level of protection to all users of any official information and gives assurances that information of broadly equivalent worth or value is given an appropriate and consistent level of protection throughout the New Zealand government.

Any official information that requires increased protection should carry a protective marking.

There are three types of protective markings:

  • security classifications
  • endorsement markings
  • compartmented markings.

When a security classification, endorsement marking and/or compartmented marking is applied to official information, the information is referred to as being “protectively marked”.

Official information held within Information and Communications Technology (ICT) systems that requires a protective marking must be identified in the same way as information held on other mediums such as paper documents and given an appropriate level of protection.  

Print this section

3.1 Security classifications

A security classification specifies how people must protect the information and equipment they handle.

Security classifications can be divided into two types of information:

  • policy and privacy information
  • national security information.

The security classifications for material that should be protected because of public interest or personal privacy are:

  • IN CONFIDENCE
  • SENSITIVE.

The security classifications for material that should be protected because of national security are:

  • RESTRICTED
  • CONFIDENTIAL
  • SECRET
  • TOP SECRET.

Official information that does not meet the threshold for a security classification is referred to as ‘unclassified’ information. This is the bulk of official information.

While there is no corresponding established security classification, the term UNCLASSIFIED is used as a protective marking to distinguish such information and to indicate the impact from unauthorised disclosure by its compromise or misuse has been assessed.

Agencies should establish policy on how they will mark, protect and handle information that requires increased protection but does not qualify for a security classification.

For ‘unclassified’ information, the term UNCLASSIFIED can be used as a protective marking. 

Back to the top of page Print this subsection

3.2 Policy and privacy information security classifications

IN CONFIDENCE

The IN CONFIDENCE security classification should be used when the compromise of information would be likely to prejudice the maintenance of law and order, impede the effective conduct of government in New Zealand or affect adversely the privacy of its citizens.

For instance, where compromise could:

  • prejudice the maintenance of law
  • adversely affect the privacy of natural persons
  • prejudice citizens' commercial information
  • prejudice obligation of confidence
  • prejudice measures protecting the health and safety of members of the public
  • prejudice the substantial economic interest of New Zealand
  • prejudice measures that prevent or mitigate material loss to members of the public
  • breach constitutional conventions
  • impede the effective conduct of public affairs
  • breach legal professional privilege
  • impede government commercial activities
  • result in the disclosure or use of official information for improper gain or advantage.

SENSITIVE

The SENSITIVE security classification should be used when the compromise of information would be likely to damage the interest of New Zealand or endanger the safety of its citizens.

For instance, where compromise could:

  • endanger the safety of any person
  • seriously damage the economy of New Zealand by prematurely disclosing decisions to change or continue government economic or financial policies relating to:
    • exchange rates or the control of overseas exchange transactions
    • the regulation of banking or credit
    • taxation
    • the stability, control, and adjustment of prices of goods and services, rents and other costs and rates of wages, salaries and other incomes
    • the borrowing of money by the New Zealand Government
    • the entering into of overseas trade agreements.
  • impede government negotiations (including commercial and industrial negotiations).
Back to the top of page Print this subsection

3.3 National security information security classifications

RESTRICTED

The RESTRICTED security classification should be used when the compromise of information would be likely to affect the national interests in an adverse manner.

For instance, where compromise could:

  • adversely affect diplomatic relations
  • hinder the operational effectiveness or security of New Zealand or friendly force
  • hinder the security of New Zealand forces or friendly forces
  • adversely affect the internal stability or economic wellbeing of New Zealand or friendly countries.

CONFIDENTIAL

The CONFIDENTIAL security classification should be used when the compromise of information would damage national interests in a significant manner.

For instance, where compromise could:

  • materially damage diplomatic relations and cause formal protest or other sanctions
  • damage the operational effectiveness of New Zealand forces or friendly forces
  • damage the security of New Zealand forces or friendly forces
  • damage the effectiveness of valuable security or intelligence operations
  • damage the internal stability of New Zealand or friendly countries
  • disrupt significant national infrastructure.

SECRET

The SECRET security classification should be used when the compromise of information would damage national interest in a serious manner.

For instance, where compromise could:

  • raise international tension
  • seriously damage relations with friendly governments
  • seriously damage the security of New Zealand forces or friendly forces
  • seriously damage the operational effectiveness of New Zealand forces or friendly forces
  • seriously damage the effectiveness of valuable security or intelligence operations
  • seriously damage the internal stability of New Zealand or friendly countries
  • shut down or substantially disrupt significant national infrastructure.

TOP SECRET

The TOP SECRET security classification should be used when the compromise of information would damage national interest in an exceptionally grave manner.

For instance, where compromise could:

  • threaten the internal stability of New Zealand or friendly countries
  • lead directly to widespread loss of life
  • cause exceptional damage to the security of New Zealand or allies
  • cause exceptional damage to the operational effectiveness of New Zealand forces or friendly forces
  • cause exceptional damage to the continuing effectiveness of extremely valuable security or intelligence operations
  • cause exceptional damage to relations with other governments
  • cause severe long-term damage to significant national infrastructure. 
Back to the top of page Print this subsection

3.4 Identifying national security information

National security information is any official information or resource, including equipment that records information about or is associated with New Zealand’s:

  • protection from espionage, sabotage, politically-motivated violence, promotion of communal violence, attacks on New Zealand’s defence system, acts of foreign interference and the protection of New Zealand’s territorial and border integrity from serious threats
  • defence plans and operations
  • international relations, significant political and economic relations with international organisations and foreign governments
  • law enforcement operations where compromise could hamper or make useless national crime prevention strategies or particular investigations or adversely affect personal safety
  • national interest that relates to economic, scientific or technological matters vital to New Zealand’s stability and integrity.

Not all information about these matters needs to be protectively marked with a national security classification.

Information should only be protectively marked if its compromise or misuse could damage national security, the New Zealand government, commercial entities or members of the public.

Refer to Annex A.

Back to the top of page Print this subsection

3.5 Identifying public and private information to be protectively marked

Other official information that requires increased protection and does not meet the definition of national security information is most often about:

  • government or agency business where compromise could affect the government’s capacity to make decisions or operate, the public’s confidence in government, or the stability of economic markets
  • commercial interests where compromise could affect the competitive process and provide the opportunity for unfair advantage
  • personal information that is required to be protected under the Privacy Act 2005, the Public Records Act or other legislation.

Not all information about these matters needs to be protectively marked with a privacy marking.

Information should only be protectively marked if its compromise could cause damage.

Refer to Annex A.

Back to the top of page Print this subsection

3.6 Endorsement markings

Certain information may bear an endorsement marking in addition to a security classification.

Endorsement markings are not security classifications in their own right and must not appear without a security classification.

Endorsement markings are warnings that the information has special requirements in addition to those indicated by the security classification and should only be used when there is a clear need for special care.

Endorsement markings may indicate:

  • the specific nature of information
  • temporary sensitivities
  • limitations on availability
  • how recipients should handle or disclose information.

Those people who need to access information that is protectively marked with a security classification and endorsement marking must hold the same or higher security clearance as the security classification of the information and be briefed about the significance of this type of information.

Other people, not security cleared to the appropriate level, must not have access to this information.

Information bearing agency specific endorsement markings should be relabelled or appropriate procedures agreed before release or transmission outside of that agency.

The prior agreement of the originating agency (in other words, the agency that originally placed the endorsement marking on the material) must be obtained to remove an endorsement marking.

If the originating agency will not agree to the removal of the endorsement then the information should not be released.

The requirement to obtain agreement of the originating agency to release the material must not be the subject of a policy exception under any circumstances.

The following table sets out when endorsement markings can be used.

Table 1: Endorsements and their objectives

ENDORSEMENTOBJECTIVE
ACCOUNTABLE MATERIAL The ACCOUNTABLE MATERIAL endorsement marking is used to indicate that the information requires strict control over access to, and movement of, as well as regular auditing to ensure its safe custody.
What constitutes ACCOUNTABLE MATERIAL will vary from agency to agency.
A risk assessment will determine the frequency of auditing practices.
Note: TOP SECRET information is ACCOUNTABLE MATERIAL by default.
APPOINTMENTS The APPOINTMENTS endorsement marking may be used when actual or potential appointments have not yet been announced or for the deliberation during the recommendation/approval process.
BUDGET The BUDGET endorsement marking may be used for proposed or actual measures for the Budget prior to their announcement.
CABINET The CABINET endorsement marking may be used for material that will be presented to, and/or require decisions by, Cabinet or Cabinet Committee.
COMMERCIAL The COMMERCIAL endorsement marking may be used for commercially sensitive processes, negotiations or affairs.
[DEPARTMENT] USE ONLY The [DEPARTMENT(S)] USE ONLY endorsement marking may be used for material intended only for use within the specified department(s).
EMBARGOED FOR RELEASE The EMBARGOED FOR RELEASE endorsement marking may be used on material prior to a designated time at which an announcement or address will be made or the information will be disseminated.
EVALUATIVE The EVALUATIVE endorsement marking may be used for material relating to competitive evaluations such as interview records and tender assessments.
HONOURS The HONOURS endorsement marking may be used for material relating to the actual or potential award of an honour. It may be used before the announcement of the award and the deliberations during the recommendation or approval process or the consideration of honours policy matters involving the exercise of the royal prerogative.
LEGAL PRIVILEGE The LEGAL PRIVILEGE endorsement marking may be used for material that is subject to legal privilege.
MEDICAL The MEDICAL endorsement marking may be used for material relating to medical reports, records and other material related to them
NEW ZEALAND EYES ONLY (NZEO) The NEW ZEALAND EYES ONLY (NZEO) endorsement marking indicates that access to information is restricted to appropriately security cleared New Zealand citizens on a need-to-know basis.
For official information carrying the endorsement marking NZEO and the security classification IN CONFIDENCE, SENSITIVE or RESTRICTED, if an agency head considers that foreign nationals should be given information to which the endorsement marking NZEO applies, the agency head must consult with the originating agency to see if the endorsement marking is still required or whether it could be modified to enable release.
It may be possible to have the endorsement marking removed or to release part of the information by removing the endorsement marking. For official information carrying the endorsement marking NZEO and the security classification CONFIDENTIAL, SECRET or TOP SECRET, foreign nationals must not be allowed access to NZEO information, even if they have the appropriate New Zealand security clearance.
In limited circumstances, agencies may allow information marked NZEO to be viewed by appropriately cleared foreign nationals where there is an essential business need.
In all such circumstances, the Director of Security, NZSIS must grant approval for this access.
STAFF The STAFF endorsement marking may be used for material containing references to named or identifiable staff.
Also for use by staff in entrusting personal confidences to management.
POLICY The POLICY endorsement marking may be used for material relating to proposals for new or changed government policy before publication.
TO BE REVIEWED ON The TO BE REVIEWED ON endorsement marking may be used where the classification is to be reviewed at the designated time.
RELEASEABLE TO (REL) The RELEASEABLE TO or REL endorsement marking identifies information that has been released or is releasable to the indicated foreign countries or citizens of those indicated countries only.
For example, RELEASABLE TO // GBR, NZ or REL // GBR, NZ means that the information may be passed to citizens and the governments of the United Kingdom and New Zealand only.
It is common practice to put the countries in alphabetical order, with the originating country first.
For example, RELEASABLE TO // NZ, CAN, GBR indicates that the originating country is New Zealand and the document can be shared with citizens and the governments of Canada and the United Kingdom.
RELEASABLE TO and REL endorsement markings are to employ the appropriate three letter country codes from the SAI-Global – ISO 3166-1 Codes for the representation of name of countries and their subdivisions – Part 1: Country codes.

Refer to Annex A.

Back to the top of page Print this subsection

3.7 Compartmented markings

Certain protectively marked information may bear a compartmented marking in addition to a security classification.

A compartmented marking is a word indicating that the information is in a specific need-to-know compartment.

This could include codewords or Sensitive Compartmented Information (SCI).

It is often necessary to take precautions beyond those normally indicated by the security classification to protect compartmented marking information.

These will be specified by the agency that owns it. Those with a need to access the information will be given a special briefing first.

For more information on the protection and handling of protectively marked information, refer to Handling Requirements for Protectively Marked Information and Equipment

Back to the top of page Print this subsection

4 Application of protective markings

New Zealand government holdings of protectively marked information should be kept to a minimum.

Official information needing increased protection is identified by considering the Business Impact Levels (BILs) of its unauthorised disclosure by compromise or misuse.

Refer to Business Impact Levels.

Where an assessment of business impact levels indicates compromise or misuse of information would have adverse results, that information must be given extra protection in line with the severity of the damage resulting from such compromise. It must be protectively marked.

Under the Official Information Act 1982, official information must not be protectively marked to:

  • hide violations of law, inefficiency, or administrative error
  • prevent embarrassment to an individual, organisation, agency, or the government
  • restrain competition
  • prevent or delay the release of information that does not need protection in the public interest.
Print this section

4.1 Protective marking responsibilities

The person or agency responsible for preparing information or for actioning information produced outside the New Zealand government is to decide its protective marking.

This person or agency is called the originator.

Back to the top of page Print this subsection

4.2 Deciding when to apply protective markings

When information is created, the originator is required to assess the consequences of damage from unauthorised disclosure by compromise or misuse of the information. 

If adverse consequences could occur, or the agency is legally required to protect the information, it must be given a protective marking.

If information is created outside the New Zealand government, the person working for the government entity actioning the information should determine whether it requires a protective marking. 

Protective markings suggested by outside organisations or individuals should not automatically be accepted by New Zealand government agencies unless there has been a prior agreement.

Refer to Safeguarding Foreign Government Information (under development).

Information derived directly from protectively marked sources must carry, at a minimum, the highest security classification of any of the source classifications.

Back to the top of page Print this subsection

4.3 Confirmation of protective marking

Protective markings make information more expensive to create, handle, store and transfer.

Agencies should have a procedure for confirming protective markings, especially where such a marking is not normal or standard for that agency.

Back to the top of page Print this subsection

4.4 Altering protective markings

A fundamental principle is that only the originating agency, in other words, the agency that assigned the original protective marking, can change the protective marking it applies to its information.

Protective markings thought to be inappropriate should be queried with the originator or the agency now responsible.

If an agency is abolished or merged, the agency assuming the former agency’s responsibilities is considered the originating agency.

The point of contact should be the agency Chief Security Officer (CSO) of the new agency.

Protectively marked records transferred into the custody of Archives New Zealand keep the protective markings they had when received from the originating agency and are stored and handled in accordance with those markings.

Where a record has been marked under the Public Records Act 2005 as being an open access record, any protective markings cease to have effect for any purpose.

Agencies considering the transfer of records to Archives New Zealand that carry the protective marking CONFIDENTIAL or above should first consult with Archives New Zealand regarding the declassification of the protective marking to a more relevant level of control and/or transmission.

Archives New Zealand has limited capacity to store protectively marked information.

Agencies should consult with Archives New Zealand as to where protectively marked information can be securely accommodated.

Where Archives New Zealand cannot accommodate protectively marked information, agencies should seek leave to defer the transfer of protectively marked records in accordance with the Public Records Act 2005. 

Back to the top of page Print this subsection

4.5 Over-classification of official information

Official information should only be protectively marked when the result of compromise warrants the expense of increased protection.

It is important that official information not requiring protection remains UNCLASSIFIED. 

Inappropriate over-classification has many seriously harmful effects:

  • public access to government information becomes unnecessarily limited
  • unnecessary administrative arrangements are set up that will remain in force for the life of the document, including repository arrangements for information transferred to Archives New Zealand, imposing an unnecessary cost on the agency
  • the volume of protectively marked information becomes too large for an agency to protect adequately
  • the New Zealand Government Security Classification System and associated security procedures are brought into disrepute if the protective marking of official information is unwarranted. This may lead to protective markings being devalued or ignored by agency employees or receiving agencies.

For these reasons, the New Zealand government expects that agencies will only protectively mark information when there is a clear and justifiable need to do so.

To keep the volume of protectively marked information to minimum, agencies should limit the duration of the protective marking and set up review procedures.

Back to the top of page Print this subsection

4.6 Limiting the duration of the protective marking

When first applying a protective marking to information, the originator should try to set a specific date or event for declassification based on an assessment of the duration of the information’s sensitivity.

For example, Budget papers need high protection before the Budget’s release but not once it is released publicly.

Some information may need increased protection because it is under embargo until a specific public policy statement, after which it becomes public information.

On reaching the date or event, the information should be automatically downgraded to a more relevant level of control.

Cabinet documents are not included in such arrangements.

Back to the top of page Print this subsection

4.7 Review of protective marking

Agencies should review the protective marking of information regularly, for example, after a project or sequence of events is completed or when a file is withdrawn from or returned to use.

All recipients of information should contact the originator to discuss any protective marking they believe is inaccurate.

Back to the top of page Print this subsection

4.8 Agency security classification policy

Failure to identify official information requiring increased protection or failure to provide protective procedures for sensitive and protectively marked information would constitute an unacceptable risk to the New Zealand government’s protective security.

It may also risk the information sharing and consultative arrangements between agencies that are essential for the efficient operation of government.

Agencies must respect the rule that information is protectively marked by its originator.

Information received from another agency must not have the protective markings changed without the permission of the originating agency.

Agencies receiving protectively marked information must provide the minimum security protection standards required for that protective marking.

Back to the top of page Print this subsection

4.9 Releasing official information outside of agencies

New Zealand government employees must have agency authorisation to release any information to members of the public, regardless of any protective marking it may or may not have.

Authorisation may be granted by the agency head or a person given delegated authority by the agency head.

Even if information is intended for public release or publication it may carry a control measure such as an endorsement marking prior to its release, for example, Budget papers.

In this case, the point at which the information will be publicly available should be marked. When this information ceases to require the original control measures, agencies should consider applying protection measures consistent with the type of information contained within the document.

All personal information held, even if it is publicly available, must be handled in accordance with the Privacy Act, Information Privacy Principles (IPPs).

Agencies should have policy in place for addressing every request for official information, which may be released under the Official Information Act 1982 (OIA).

Understanding the legislation and implementing agency-specific OIA policy reduces the likelihood of an official information security breach through unintended or accidental disclosure. 

Back to the top of page Print this subsection

5 Cabinet documents

Documents used by Cabinet to formulate policy and make decisions require special protective measures.

This is because Cabinet documents, unlike other official information, belong to the particular Governments that create them. They are integral to the process by which Governments make decisions and they constitute the record of those decisions.

Any unauthorised disclosure damages the openness and frankness of discussions in the Cabinet room and impedes the process of good government.

Print this section

5.1 Protectively marking Cabinet documents

Cabinet material, including Cabinet and Cabinet committee agendas, papers, minutes and memos must apply the security classification system set out in this requirements document.

The minimum protective marking for Cabinet papers is IN CONFIDENCE and papers should be marked with this security classification. Higher security classifications should be used if appropriate.

It is the responsibility of the originating government department or agency (or Minister's office) to determine the level of security classification applicable to a Cabinet submission to ensure the paper receives the appropriate level of protection.

If a Cabinet paper is submitted to Cabinet without a security classification or with a security classification that does not appear to be appropriate for the nature of information contained in the paper, the Cabinet Office will assign an appropriate security classification in consultation with the relevant Minister's office. 

Back to the top of page Print this subsection

5.2 Endorsements for Cabinet papers

When there is a need to identify special care requirements for Cabinet papers, an endorsement marking should be applied.

Endorsement markings used for Cabinet papers include:

  • BUDGET: proposed or actual measures for the Budget prior to their announcement
  • COMMERCIAL: sensitive commercial processes, negotiations or affairs
  • STAFF: reference to names or identifiable individuals
  • SPECIAL HANDING REQUIRED: specific handling requirements.

The endorsement marking SPECIAL HANDLING REQUIRED is Cabinet paper specific and may be used with the SENSITIVE security classification when it is assessed that the highly sensitive nature of the material, as it relates to the public interest or personal privacy, requires additional protection.

It is expected that very little information will require the SPECIAL HANDLING REQUIRED endorsement marking and it should be used sparingly.

Advice on the classification and secure handling of Cabinet material is also available online from the Cabinet Office's CabGuide, available at www.dpmc.govt.nz/cabinet. 

Back to the top of page Print this subsection

6 Foreign government information

Where information is provided in accordance with a bilateral security agreement for the reciprocal protection of exchanged protectively marked information, it must be given the equivalent New Zealand protective security marking.

The appropriate security classification will assure protection equivalent to, but not less than, that required by the government providing the information.

Foreign government information must not be released without the prior written approval of the foreign government.

Where protectively marked information is received from another country with which New Zealand does not have a bilateral security instrument, the New Zealand security classification to be applied will need to be determined on a case-by-case basis.

The NZSIS may be consulted for assistance when determining the correct level of protection.

Refer to New Zealand Government Protective Security Governance Requirements - Safeguarding Foreign Government Information (under development).

Print this section

About

The purpose of these requirements is to help agencies:

  • identify the protection requirements for official information
  • establish protection requirements for official information.

Search this document for:

Last modified: 18 December 2014

Acknowledgements and licensing information