- Directions and priorities
- Roadmap
- Access to government services
- Access to government data
- Services to government employees
- Aligning agency applications
- Standardising enterprise applications
- Defining and reusing authoritative data
- Integrating workflow across government
- Unifying communications and networking
- Securing government information
- Aligning management of commodity software
- Building operational foundations
- Roadmap Overview Key
- Programme
- Common capabilities
- Resources
- COE Reference Architecture
- Benefits Realisation
- Checklist for agencies
- Enterprise Architecture
- Communication technologies
- Information and data
- Procurement and ICT contracts
- Trust and security
- Standards / compliance
- Agency Guides
- Government Use of Offshore ICT Service Providers
- Executive Summary
- Introduction
- Background
- Risk Management Approach
- Discussion of key risks
- Big picture risks
- Trust and public confidence risks
- Control risks
- Governance, management and project risks
- Economic risks
- Business continuity risks
- Security and integrity risks
- Privacy risks
- Legal, jurisdictional and commercial risks
- Fiscal risks
- Summary of key risks and mitigations
- Some topics to discuss with your legal advisors
- Resources
- FAQ
- Glossary
- NZGOAL
- Open source
- Overseas Hosting Risk Analysis
- Participation
- Government Use of Offshore ICT Service Providers
- Government Cloud Business Case 2011 FAQs
- Pre-2009 research
- Previous e-Government Strategy 2006
- The GCIO
Resources
Training and Resources in Risk Management
Government Technology Services (GTS) provides risk assessment, risk management and security expertise.
GTS also provides training for government staff in applying the all-of-government Risk Assessment framework based on the AS/NZS4360 Risk Management standard. The workshop is aimed at those responsible for risk management either as part of a project or on a routine basis. While the training is generic, participants are encouraged to bring concrete examples for discussion.
Risk Management AS-NZS 4360 2004 Information Security Risk Management Guidelines SNZ HB 231 2004Both are available from Standards New Zealand. For government agencies, these are available through the Public Sector Intranet through an agreement between SSC and Standards New Zealand.
The Treasury provides guidance on preparing a cost benefit analysis at http://www.treasury.govt.nz/publications/guidance/planning/costbenefitanalysis
Agencies are also advised to consult their monitoring agencies as appropriate to endorse or advise on the risk assessment and cost/benefit analysis. For major IT projects, agencies should consult the SSC Guidelines for Managing and Monitoring Major IT Projects at http://www.ssc.govt.nz/ITguidelines and the Gateway Review Process at http://www.ssc.govt.nz/gateway.
Agencies are reminded that the Government Web Standards and Recommendations apply regardless of whether their website is hosted in New Zealand or offshore (see http://webstandards.govt.nz/ ).
New Zealand Legislation
The Parliamentary Counsel Office makes all New Zealand Acts and Regulations freely available at http://www.legislation.govt.nz/Privacy Act 1993Public Records Act 2005Public Finance Act 1989 s.65ZC
International Legal Resources
WorldLii makes legislation from around the world freely available at http://www.worldlii.org/ Information is also made available by subject groupings such as privacy (including NZ privacy decisions, and case notes) http://www.worldlii.org/catalog/273.html and contracts http://www.worldlii.org/catalog/50048.html.
(European Union) Standard Clauses for the Transfer of Personal Data to Third Countries http://europa.eu/scadplus/leg/en/lvb/l14012.htm
(EU) Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries. http://ec.europa.eu/justice_home/fsj/privacy/thridcountries/index_en.htm
International Chamber of Commerce http://www.iccwbo.org/ Model clauses for use in contracts involving transborder data flows 23 September 1998 http://www.iccwbo.org/id911/index.html
New Zealand Government Policies and Standards
Standards of Integrity and Conduct for the State Services http://www.ssc.govt.nz/integrityandconduct
Archives New ZealandContinuum is Archives New Zealand's place to find resources and services, including advice, training and forums, on complying with the Public Records Act 2005. http://continuum.archives.govt.nz/home.html
Ministry of Economic Development Procurement sitehttp://www.med.govt.nz/templates/StandardSummary____181.aspxMED publishes Mandatory Rules for Procurement by Departments and Policy Guide for Purchasers on this site as well as other useful guidance. See in particular the basic principles in: http://www.med.govt.nz/templates/ContentTopicSummary____29393.aspx
Office of the Auditor GeneralProcurement Guidance for Public Entities
Government Web Site Outsourcing Guidelines
Government Web Standards and Recommendations
Overseas Hosting Risk Analysis (for offshore web sites).
Security in the Government Sector
NZ ICT Security Manual NZSIT400 series http://www.gcsb.govt.nz/newsroom/nzsits.html
Guidelines for the Treatment of Intellectual Property Rights in ICT Contracts
SSC Guidelines for Managing and Monitoring Major IT Projects
The Reserve Bank's Policy on Outsourcing by Banks, by Tim Ng. Reserve Bank of New Zealand: Bulletin, Vol. 70, No. 2 http://www.rbnz.govt.nz/research/bulletin/2007_2011/2007jun70_2ng.pdf
Privacy Resources
Privacy Impact Assessment Handbook, Office of the Privacy Commissioner http://www.privacy.org.nz/privacy-impact-assessment-handbook/?highlight=PIA%20handbook
Privacy Breach Guidelines, Office of the Privacy Commissioner. http://www.privacy.org.nz/privacy-breach-guidelines-2/
Privacy and Sovereignty: Data fight or flight. Speech by Marie Shroff, Privacy Commissioner at GOVIS, May 2007. http://www.privacy.org.nz/privacy-and-sovereignty-data-fight-or-flight-marie-shroff/
Memorandum of Understanding between the Office of the Australian Privacy Commissioner and the Office of the New Zealand Privacy Commissioner. http://www.privacy.org.nz/memorandum-of-understanding/
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_119820_1_1_1,00.html
OECD Recommendation on Consumer Dispute Resolution and Redress http://www.oecd.org/dataoecd/43/50/38960101.pdf
OECD Recommendation on the Cross-border Enforcement of Laws Protection Privacy (2007) http://www.oecd.org/dataoecd/43/28/38770483.pdf
Asia Pacific Economic Cooperation Electronic Commerce Steering Group http://www.apec.org/apec/apec_groups/committees/committee_on_trade/electronic_commerce.html This group is responsible for APEC work on privacy generally.
APEC Data Privacy Pathfinder http://aimp.apec.org/Documents/2007/SOM/CSOM/07_csom_019.doc
Asia Pacific Privacy Authorities http://www.privacy.gov.au/international/appa/index.html
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm
(EU) Standard Clauses for the Transfer of Personal Data to Third Countries http://europa.eu/scadplus/leg/en/lvb/l14012.htm
(EU) Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries. http://ec.europa.eu/justice_home/fsj/privacy/thridcountries/index_en.htm
(EU) Binding Corporate Rules consultation documents http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/consultations/index_en.htm
(EU) Working Document on Frequently Asked Questions (FAQs) related to Binding Corporate Rules.http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp155_en.pdf
(EU) Working Document Setting up a framework for the structure of Binding Corporate Rules. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp154_en.pdf
(EU) Working Document Setting up a table with the elements and principles to be found in Binding Corporate Rules. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp153_en.pdf
(EU) Frequently asked questions relating to transfers of personal data from the EU/EEA to third countries. http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_en.htm
International Chamber of Commerce http://www.iccwbo.org/ Model clauses for use in contracts involving transborder data flows 23 September 1998 http://www.iccwbo.org/id911/index.html
Privacy and Human Rights. An annual report from the Electronic Privacy Information Centre. http://epic.org/bookstore/
WorldLii makes legislation from around the world freely available at http://www.worldlii.org/ Information is also made available by subject groupings such as privacy (including NZ privacy decisions, and case notes ) http://www.worldlii.org/catalog/273.html
Reports
Transparency International's annual report on openness and transparency of governments around the world www.transparency.org
Canadian Privacy Commissioner Report of Findings (2008 CIPPIC complaint) http://www.cippic.ca/uploads/OPC_Findings-canada.com.pdf .
Privacy and the USA Patriot Act: Implications for British Columbia Public Sector Outsourcing. Information & Privacy Commissioner for British Columbia ,October 2004.http://www.oipcbc.org/sector_public/archives/usa_patriot_act/pdfs/report/privacy-final.pdf
AOL apologizes for release of user search data, by Dawn Kawamoto and Elinor Mills,CNET News, 7 August 2006. http://www.news.com/2100-1030_3-6102793.html
Dancing in the Minefield: Legal outsourcing abroad, by Sharon D. Nelson. http://ridethelightning.senseient.com/2008/09/dancing-in-the.html See this article for discussion of an American Bar Association resolution on outsourcing legal services from outside the US.
A map of the world's undersea communications cables http://world-secure-channel.com/uploads/map_cables(1).jpg
Printer-friendly version
Send by emailLatest updates
- SEEMail
- Getting innovation into Government ICT
- Toolkit for Agencies
- Government ICT Update - April 2013
- Open and Transparent Government
- Open and Transparent Government
- All-of-government cloud computing approach
- Invitation to contribute
- NZGOAL Guidance Note 1: Website copyright statements
- NZGOAL Guidance Note 2: File formats
RSS Feed
