1 Introduction

Print this section

1.1 Purpose

The purpose of these requirements is to:

  • provide a consistent and structured approach to determining the security measures for events planned, organised and managed by New Zealand government agencies
  • ensure the safety of people, information and assets at an event
  • help to establish consistent terminology relating to event security across the New Zealand government
  • help agencies use these requirements to the extent possible for any unplanned events.
Back to the top of page Print this subsection

1.2 Audience

The audience for these requirements is:

  • New Zealand government security management staff
  • event managers
  • any other body or person responsible for the security of people, information or assets at a New Zealand government event.
Back to the top of page Print this subsection

1.3 Scope

These requirements cover the provision of a safe and secure environment at New Zealand government events or events that the New Zealand Government believes are in the national interest such as the Commonwealth Games and Pacific Island Forum.

They also cover the protective security measures New Zealand government agencies should employ to protect the people, information and assets at events they organise, including where the agency has contracted a service provider to facilitate the event.

They may be useful when liaising with inter-jurisdictional agencies or event management organisations on security requirements for special events.

The New Zealand Government expects its agencies to give due consideration to the security of all events they manage, plan or host, whether organised by the agency or outsourced.

These requirements support the implementation of the New Zealand Protective Security Requirements (PSR).

In particular, they support the Physical Security Management Protocol, the Information Security Management Protocol and associated requirements.

Back to the top of page Print this subsection

1.4 Compliance requirements

A control with a ‘must’ or ‘must not’ compliance requirement indicates that use of the control is mandatory. These are the baseline controls unless the control is demonstrably not relevant to the respective agency and can be clearly demonstrated to the agency head or accreditation authority.

A control with a ‘should’ or ‘should not’ requirement indicates that use of the control is considered good and recommended practice.  Valid reasons for not implementing a control could exist, including:

  1. a control is not relevant because the risk does not exist
  2. or a process or control(s) of equal strength has been substituted.

Agencies must recognise that not using a control without due consideration may increase residual risk for the agency.  This residual risk needs to be agreed and acknowledged by the agency head.  In particular an agency should pose the following questions:

  1. Is the agency willing to accept additional risk?
  2. Have any implications for All of Government security been considered?
  3. If so, what is the justification?

A formal auditable record of this consideration and decision is required as part of the governance and assurance processes within an agency.

The PSR provides agencies with mandatory and best practice security measures.

The controls detailed above describe if and when agencies need to consider specific security measures to comply with the mandatory requirements.

Also refer to Strategic Security Objectives, Core Policies and the Mandatory Requirements.

Where legislative requirements prescribe higher controls than identified in these requirements, the controls required by legislation take precedence and need to be applied.

Agencies need to also consider their obligations under New Zealand legislation and conventions for the protection of foreign dignitaries attending their events.

Back to the top of page Print this subsection

2 Event security

Events that need security may include, but are not limited to:

  • international and domestic conferences
  • major meetings
  • remembrance services/parades
  • sporting fixtures
  • any other gathering where New Zealand citizens, information or assets are involved.

Events may be held at a single venue or multiple venues, these may be agency managed or commercially run venues.

Print this section

2.1 Aims of event security

A secure environment is fundamentally important for a successful event.

The aims of event security must be to:

  • base any controls on a risk assessment
  • protect people from violence and intimidation
  • protect official resources and information from unauthorised access, disclosure or compromise
  • prevent unauthorised people gaining access to official resources that could cause embarrassment to the agency or government, including:
    • protectively marked and other official information
    • physical assets.
  • protect property from damage
  • anticipate any changes in the threat environment, or event-specific threats, and provide for rapid escalation of security measures
  • ensure the proceedings are conducted without disruption and minimise any disruptions to the public.

As events often have specialised organisational requirements, an agency’s normal protective security measures might not provide the full security measures required for the event or venue.

Agencies should, as part of the event risk assessment, determine whether a specific security plan to cover each event or venue is required.  

A security plan will help identify which protective security measures are appropriate for each event or venue.

Back to the top of page Print this subsection

2.2 Overseas events

If the event is to be held overseas agencies should consult with the Ministry of Foreign Affairs and Trade (MFAT) in the early planning stages to determine the appropriateness of the proposed location and venue.

This is particularly important if the event will involve accessing or using protectively marked information, commercially sensitive information, or if the event is to be attended by New Zealand dignitaries.

Back to the top of page Print this subsection

3 Before the event

Event organisers have common law duties as well as statutory obligations under New Zealand legislation to protect people attending events.

Such legal obligations must be adhered to when planning and conducting events and event security.

Protective security and safety should be considered in the earliest stages of event planning. Any protective security arrangements should be identified as part of the event costing.

Agencies should also identify before the event any need to exercise event security arrangements, whether prior to, or during the event.

Print this section

3.1 Event Security Officer (ESO)

The event manager is responsible for overall event security and must appoint an Event Security Officer (ESO). The ESO should be competent in security management. 

The ESO will have responsibility for implementing security for the event and the event venue. He or she should be appointed as early as possible so he or she can be included in the planning process.

The ESO should:

  • be sufficiently senior to exercise the necessary authority
  • have direct access to the event manager
  • have a sound knowledge of protective security.

Depending on the expected size and duration of the event, it might be necessary to allocate employees to assist the ESO.

The duties of the ESO should include, but are not limited to,:

  • seeking advice on the possible threats to the event
  • completing a security risk assessment for the event or venue(s)
  • preparing any security plans based on the risk assessment activity
  • making necessary security preparations for the event
  • coordinating security during the event
  • liaising with appropriate agency and external agencies and authorities before, during and after the event.
Back to the top of page Print this subsection

3.2 Threats

Usually the consideration of the possible threats to the event and the preliminary work on the plan will occur at the same time.

The ESO should seek advice on possible threats from:

  • the part of the agency coordinating the event
  • other relevant areas within the agency
  • external agencies such as the New Zealand Security Intelligence Service (NZSIS) and the New Zealand Police.

Threats to National Security

The ESO should seek a threat assessment from the NZSIS - Combined Threat Assessment Group (CTAG) if:

  • the event could be the subject of terrorism or violent protest
  • previous similar events have been subject to terrorism or violent protest
  • the information to be discussed at the event is protectively marked SECRET or above and it is considered there may be a risk of compromise
  • previous experience indicates this is appropriate.

Any request for a threat assessment should include sufficient details on the event to enable a robust and thorough assessment of the threats specific to the event.

If agencies become aware of any additional relevant information after the original threat assessment is issued agencies should advise CTAG, which will publish an updated threat assessment. 

CTAG may also issue updated threat assessments if it becomes aware of any relevant information.

Back to the top of page Print this subsection

3.3 High level and foreign guests

New Zealand’s obligations under the following conventions and legislation may impact on event security:

  • Convention on the Prevention and Punishment of Crimes Against Internationally-Protected Persons, including Diplomatic Agents 1973
  • Vienna Conventions on Diplomatic and Consular Relations
  • Crimes (Internationally Protected Persons, United Nations and Associated Personnel and Hostages) Act 1980
  • Diplomatic Privileges and Immunities Act 1968
  • Consular Privileges and Immunities Act 1971.

Agencies responsible for planning, organising or managing an event should, based on their risk assessment, contact The Visits and Ceremonial Office of the Department of Internal Affairs (DIA), where the event is of a non-routine nature and is to be attended by high level officials such as:

  • New Zealand holders of high office, for example, the Prime Minister or the Governor-General
  • high-level visiting foreign dignitaries, for example, heads of state/heads of government/foreign ministers or other senior level ministers
  • members of the diplomatic or consular corps at ambassador level
  • controversial visitors who could attract protest activity.

Event organisers should also seek advice from the MFAT Protocol Division for any events that have high-level foreign dignitary attendance.

Email the MFAT Protocol Division at prd@mfat.govt.nz

Back to the top of page Print this subsection

3.4 Risk management

Agencies should identify, assess and manage the risks to an event in accordance with the risk management methodology detailed in NZS/AS ISO 31000:2009 Risk Management - Principles and Guidelines and HB 167:2006 Security Risk Management.

 

 

Back to the top of page Print this subsection

3.5 Event security plan

The ESO should develop the security plan based on a risk assessment of the event.

As details of the event become clearer, and preparations for the event develop, the plan will evolve and take into account matters including, but not limited to:

  • the appropriate level of security for the event
  • the duration, location and size of the event
  • roles and responsibilities of event staff
  • what needs to be protected, for example the proceedings themselves, documents (both those provided and notes taken during the event) and people
  • whether that need will stay constant throughout the event or vary from session to session
  • the nature of the threats
  • who will be involved, for example host agency employees only, other agency employees, non-agency representatives, New Zealand office holders, office holders of other countries, other VIPs, media representatives and/or the public
  • any security clearance or agency-specific character check requirements for attendees
  • whether close personal protection of VIPs may be required
  • what special protective security measures could be necessary, for example, audio countermeasures
  • the need for contingency plans, including any communications, command and control arrangements and alternative venues for particular incidents, for example, bomb alerts and public demonstrations
  • reception procedures and escort requirements for visitors
  • event accreditation
  • security containers and other security equipment that will be needed
  • whether mail will be received or distributed at the event
  • who is responsible for New Zealand Police liaison
  • what event security and emergency instructions will be required.

To assess the venue(s) and determine the security measures required, the ESO should use the Security Zones and Risk Mitigation Control Measures.

For events that will involve TOP SECRET, SECRET or certain protectively marked information the ESO should, based on the risk assessment, seek advice from NZSIS on protection of the information.

In such cases the ESO should include in the event security plan what measures can be taken to:

  • strictly limit the number of invitees to the overall event
  • strictly limit the number of invitees to particular sessions
  • limit the duration of the event to as short a period as practicable
  • keep handouts to a minimum
  • secure the meeting room from audio-visual recording devices. CSOs can seek advice from the Government Communication Security Bureau (GCSB) on Technical Surveillance Counter Measures.

Site selection

There may be a choice of sites, some within the agency’s facilities and others at external venues. As far as possible agencies should hold events involving TOP SECRET, SECRET or codeword information on agency-controlled or New Zealand government controlled premises.

The less control the agency has over the proposed event venue, the more likely additional security measures will be needed.

Site selection should, based on the event risk assessment, also consider:

  • the flow of the event, that is, what happens and when and how it all fits together
  • attendee safety
  • transport.

Site inspection

The agency should carry out a preliminary security survey of possible venues at the earliest opportunity. 

Where possible the ESO should accompany the event organiser during the preliminary inspection.

When preliminary security survey is undertaken by the event organiser, the ESO should provide advice on security requirements.

If protest activity is a possibility the agency should involve the local police at an early stage of the event planning.

A more detailed inspection might be required later, once a particular venue is selected. 

At both stages contact with local police and venue management can be useful to gain local knowledge.

In the site survey agencies should consider:

  • what is adversely affecting physical security and how easy is it to remedy the problems, including door locks and window catches, curtain fittings and exterior lights and light fittings
  • the ability to maintain control of access to both the venue and to particular rooms, including any onsite parking
  • the ability to provide for an area where suspicious articles can be examined (and where detonation of explosive devices would cause minimal damage to property and no injury to people)
  • the vulnerability of the venue to overhearing, overlooking and electronic eavesdropping.

Once the venue is selected, a more detailed survey might be needed.

Back to the top of page Print this subsection

3.6 Other preparations before the event

Based on the security plan and survey of the venue, agencies may need to address a number of matters before the event.

These include:

  • event set up schedules
  • the preparation and issue of any event security instructions, for example:
    • entry control
    • storage and handling of official or protectively marked information
    • protectively marked waste disposal
    • key control procedures
    • emergency evacuation procedures
    • reporting of security incidents
    • communication plan
  • arrangements for the supply and delivery of necessary security containers and other security equipment
  • the preparation of event access and identity passes, ensuring all people present, including visitors and support staff, have the necessary security clearance
  • the preparation of any visitor reception procedures and escort requirements for visitors
  • the preparation of any key control measures
  • the preparation and management of any event security exercises
  • arrangements for:
    • conducting technical surveillance counter measures
    • employees or guards to control access
    • any necessary searches to sanitise the premises.
Back to the top of page Print this subsection

4 During the event

As well as overseeing the overall security arrangements at the event, the ESO may have to conduct or oversee the following tasks:

  • liaising with the event manager on communications, command and control issues
  • maintaining awareness/consistency with health and safety requirements
  • ensuring security of, and issuing access and identity passes to, accredited attendees, which should include identity verification if necessary
  • advising attendees of the protective marking of the subject matter, the security arrangements and facilities available (the security classification of topics to be discussed should be displayed at the start of the event and again before each protectively marked segment of the event)
  • controlling entry to ensure that no unauthorised persons gain access to the building or event, or are able to observe or listen to proceedings
  • supervising security aspects of visitor control
  • providing security advice, including security and emergency procedures, to event attendees and venue employees
  • arranging for receipt, recording, distribution, and return of protectively marked information used and produced at the event, and for its secure storage, including:
    • coordinating the use of security containers
    • arranging for the secure transmission of protectively marked information dispatched from the event or for such information to be returned to the participants’ agencies at the end of the event
    • coordinating protectively marked waste collection and disposal
  • coordinating security procedures relating to cleaning and maintenance personnel
  • coordinating the physical security and storage of equipment, for example cameras, recording devices, audio-recording devices and mobile phones
  • supervising people employed on security duties
  • when conducting the initial investigation of security incidents, the CSO’s assistance should be sought when this is beyond the expertise of the ESO
  • supervising any necessary searches to sanitise the premises.
Print this section

4.1 Event accreditation

Event accreditation documents provide speedy validation of a person’s right to attend an event.

Major events should have:

  • a master list of participants, including event management and support staff (where possible, featuring photo identification and information covering roles, contact details, etc)
  • accreditation passes for participants, featuring:
    • photo identification
    • the dates of validity
    • the category of participant
    • any restricted area access rights
    • a design and layout that can be visually checked by guards or event staff.

Accreditation passes should be designed so that they are comfortable for participants and can be worn at all times.

Where an event is sensitive and publicity is to be avoided, consideration should be given to the use of a unique but unobtrusive identification article such as a lapel pin or badge.

Back to the top of page Print this subsection

4.2 Restricted areas

The ESO should decide which event areas are to have restricted access, that is areas within the venue to which only certain attendees, authorised officials and security staff will have unescorted access.

Restricted access areas should be clearly labelled and access to them controlled.

Back to the top of page Print this subsection

4.3 Information security

Information used at an event could be in a variety of forms, including the proceedings themselves, documents brought to or produced at the event, or audio-visual presentations.

The ESO should consider, based on the risk assessment, the following measures to control protectively marked information:

  • attendees are not permitted to bring any protectively marked information
  • if protectively marked information is needed at the event, consider:
    • distributing the necessary number of copies at the beginning of the event, or if possible, the particular session
    • increasing accountability by numbering and recording the distribution of each copy.
  • arrange for attendees to leave all protectively marked documents, including any notes taken, at the end of the session or day, and send the documents by safehand to each delegate after the event.

Whether these are practical will depend on the circumstances of the event.

Whatever arrangements are decided upon, the ESO should inform attendees of them as early as possible and, if necessary, remind attendees during the course of the event.

Protectively marked waste

If it is necessary to generate protectively marked waste at the venue, the ESO is responsible for ensuring there are adequate facilities for its collection and disposal.

Depending on the protective of information used at events, it may be necessary to provide a suitable approved shredder or removal/destruction procedure at the venue.

Also refer to Security Zones and Risk Mitigations Control Measures.

Security containers

At times it may be necessary to store protectively marked information onsite either during the proceedings or outside the proceedings (if the event runs for more than one day).

In this case the ESO may need to ensure suitable security containers are provided and will be responsible for controlling access to such containers.  

To determine the containers required, refer to the Security Zones and Risk Mitigation Control Measures.

Back to the top of page Print this subsection

4.4 Technical security

Technical surveillance counter-measures must be taken:

  • before and during an event that involves TOP SECRET, SECRET or codeword information
  • when the security plan or threat assessment indicates the need for such measures.

The ESO should contact the GCSB for advice prior to any event that is TOP SECRET.

The ESO should also seek advice from the GCSB if Information and Communications Technology (ICT) equipment will be required for processing protectively marked information.

Back to the top of page Print this subsection

4.5 Guards and guard patrols

The use of guards and guard patrols during an event should be based on the event risk assessment.

If the event runs for longer than one day, the ESO should also consider regular guard patrols of the event venue to be conducted during hours the venue is not attended.

If technical surveillance counter measure sweeps or searches to sanitise the premises are required, guarding should be considered to minimise the risk of post sweep/search compromise.

Back to the top of page Print this subsection

4.6 Security incidents

Event attendees should be advised to report any security incident to the ESO or security staff as soon as possible to enable any necessary remedial measures to be implemented.

Security staff should report any incidents to the ESO as soon as practical after becoming aware of the incident.

The ESO should report any incidents in accordance with Reporting Incidents and Conducting Security Investigations.

Back to the top of page Print this subsection

4.7 Security and emergency instructions

The ESO should issue security and emergency instructions for attendees at the event. If needed the instructions should be provided to attendees before they arrive or on arrival.

Separate instructions may be needed for staff and participants at the event.

Back to the top of page Print this subsection

4.8 Receipt of mail

The requirement for the receipt of mail or goods delivered to an event should be considered, including procedures for scanning and handling suspicious items.  

Back to the top of page Print this subsection

4.9 Demonstrations

Control of demonstrations is the ultimately the responsibility of the New Zealand Police. If the security risk assessment indicates that demonstrators may be a problem then Police advice should be sought at an early stage to ensure a Police response is available or to discuss other mitigations strategies, including the deployment of security guards.

The ESO is responsible for ensuring proper arrangements are in place before the event begins.  

Back to the top of page Print this subsection

4.10 Media

Media attention might be focused on the event.

This could be because of the publicity given to the event beforehand, attendance by VIPs or the subject matter.

The ESO should be consulted by the event organisers when developing their media plan. The plan may include, based on the risk assessment:

  • accreditation of, and passes for, media representatives
  • a designated room at the venue to be made available for media representatives
  • procedures for issue of any media releases and statements
  • a requirement that, on arrival, media representatives report to the event security or reception area.

Agencies should:

  • consider carefully whether any media representative is to be permitted into the venue or event rooms at any time while the event is in progress, and if so, under what conditions 
  • ensure any release to the media is in accordance with the agency’s media liaison procedures
  • ensure any access is under controlled conditions and with appropriate escort arrangements
  • ensure particular care is taken to prevent unescorted access to any room where protectively marked information could be left unattended. Access to any room should be prevented until a check of the room for protectively marked information, for example, documents, projectors and electronic media has been conducted.
Back to the top of page Print this subsection

5 After the event

Following the event the ESO should complete the following tasks where necessary:

  • coordinate the retrieval of all event access and identity passes if they give unescorted access to an agency venue or, if this is not possible, the disabling of any access provided by the passes
  • coordinate a thorough search of venues to ensure no official information or agency assets have been left behind, for example documents, audio-visual recordings, whiteboards, projection equipment and electronic media equipment
  • coordinate the return of security containers, including changing combination settings for container travel and storage
  • submit a security report to the event organiser
  • arrange secure transmission of protectively marked event papers and documentation to all attendees
  • report any security incidents that occurred during the event that have not already been reported in accordance with Reporting Incidents and Conducting Security Investigations.
Print this section

About

These requirements cover the provision of a safe and secure environment at New Zealand government events or events that the New Zealand Government believes are in the national interest such as The Commonwealth Games and Pacific Island Forum. 

Search this document for:

Last modified: 18 December 2014

Acknowledgements and licensing information