Reasonable (in law)

Just, rational, appropriate, ordinary or usual in the circumstances. It may refer to care, cause, compensation, doubt (in a criminal trial) and a host of other actions or activities. Similarly, a reasonable act is that which might fairly and properly be required of an individual.

Regional location

Any location away from an agency’s central office or major operational centres.


The RELEASEABLE TO, or REL, endorsement marking identifies information that has been released or is releasable to the indicated foreign countries, or citizens of those indicated countries, only. For example, RELEASABLE TO // GBR, NZ or REL // GBR, NZ means that the information may be passed to citizens and the governments of the United Kingdom and New Zealand only.

Remote worker

An employee who undertakes remote work, including:

- casual remote workers – casual remote workers take advantage of remote working to meet a short term or intermittent requirement, unless there is a formal remote-work agreement then they should be considered mobile employees

- full time remote workers – full time remote workers operate primarily from a remote, fixed location (this could be either the remote worker’s own home or a remote office or remote centre)

- part time remote workers – part time remote workers may spend part of their time working in a fixed remote location and part of their time in the office

- day extenders – day extenders may work a regular day in the office and then may log in from a fixed remote location, normally from home, to continue to work or meet a short term or intermittent requirement.

Removable electronic and optical media

Storage media that is easily removed from a system, designed for removal and is not an integral part of the infrastructure. For example, magnetic tapes, CDs or DVDs, USBs, microfilms and removable hard drives.

Request documents

Documentation issued to a potential service provider when requesting pricing on services or functions or utilised in the procurement process.

Request for tender

A request to suppliers for information and a quote to perform clearly defined works or supply certain goods.

Residual risk

The level of risk remaining after mitigations are applied.


A security classification that shows that compromise of official information would be likely to affect the national interests in an adverse manner.

Review for Cause (personnel security)

In the personnel security context, a Review for Cause is a review requested by the Sponsoring Agency and undertaken by the NZSIS of a security clearance holder who has had a significant change of circumstance that could affect their suitability to retain a clearance.


Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. The tags contain electronically-stored information.

Right of access (contracting)

The right of the agency (or its agent, nominee, employee or auditor) to have access, for purposes associated with the contract including security reviews and audit requirements, security performance monitoring and any additional reviews referred to in the contract, to any premises of the contractor, to any site used in connection with the contract and to equipment, software, data, documentation and records maintained by it and relevant to the performance of the contract.


The chance of something happening that will materially impact the achievement of objectives – it is measured in terms of event likelihood and consequence.

Risk acceptance

An informed decision to accept a risk within the context of any mitigations applied.

Risk analysis

The systematic process to understand the nature, and to deduce the level, of risk. This includes identification and evaluation.

Risk appetite

Statements that communicate the expectations of an agency’s senior management about the agency’s risk tolerance. These criteria help an agency identify risk and prepare appropriate treatments and provide a benchmark against which the success of mitigations can be measured.

Risk avoidance

A decision not to become involved in a risk situation, for instance, through deciding not to start or continue the activity that gives rise to the risk.

Risk management

Coordinated activities to direct and control an organisation with regard to risk.

Risk mitigation

Actions taken to lessen the likelihood, negative consequences, or both, associated with a risk.

Risk rating

A rating that indicates how significant each identified potential risk is to an agency.The risk rating may be expressed qualitatively or quantitatively, based on the risk likelihood and consequence.

Risk time horizon

The proximity of when the risk might eventuate. Knowledge of the time horizon, or time to impact should the risk occur, contributes to the risk mitigation decision making.

Risk transfer

Shifting the responsibility or burden for loss to another party through legislation, contract, insurance or other means.