Classification system
-
How to protect information
- How to protectively mark information and equipment
- Protecting information
- Controlling access to information
- Using, copying and reproducing information
- Storing and filing information
- Removing, transporting, or receiving information
- Destroying information
- Managing outsourcing and offshoring arrangements
- Guidance for specific information types
Mandatory requirements
The Classification System is mandated for use by the Protective Security Requirements Information Security requirements:
INFOSEC2 - Design your information security
Consider information security early in the process of planning, selection, and design. Design security measures that address the risks your organisation faces and are consistent with your risk appetite. Your security measures must be in line with:
- the New Zealand Government Security Classification System
- the New Zealand Information Security Manual
- any privacy, legal, and regulatory obligations that you operate under.
Adopt an appropriate information security management framework that is appropriate to your risks.
To meet this mandatory requirement, your agency must implement the 2022 Classification System policy and requirements detailed in the sections below.
Page last modified: 20/06/2022