Roles and responsibilities

Who is responsible for protective security in your organisation 

ABOUT011

On this page:

 

Protective security is the responsibility of all people and services working for the organisation, including employees, contractors, and temporary staff.  While certain responsibilities will fall to agency heads and security practitioners, strengthening the overall security capability and culture of an agency will enable it to function effectively and better manage business risks.

Chief Executives and Senior Managers

Agency heads are responsible and accountable for protective security within their agency.

The Protective Security Requirements (PSR) outlines the Government's expectations for managing personnel, physical and information security. It clearly sets out what agencies must and should consider to ensure they are managing protective security effectively.

By implementing the PSR you will:

  • better manage business risks
  • assure continuity of service delivery
  • assure the Government and the public you have appropriate, effective measures in place to protect New Zealand's people, information and assets.

The PSR provides you with:

  • core policy documents that describe the high level mandatory requirements that agencies are required to implement and report against
  • protocols and management requirements that provide further direction on how to meet the mandatory requirements.

Agency heads and senior managers are to apply the Protective Security Requirements (PSR) with the understanding it provides pathways for successfully protecting people, information and assets.

As agency heads and senior managers, your responsibilities include:

  • developing a strong and sustainable security culture within your agency
  • reviewing your agency's protective security management policy and procedures regularly as part of your agency's approach to risk management and business planning
  • ensuring the PSR mandatory requirements are being met and ensuring relevant oversight is in place
  • appointing a Chief Security Officer (CSO) and working with them as they develop, maintain, and oversee protective security policy and practices
  • endorsing security risk management structures, assurance activities and resource allocation
  • endorsing your agency's policies and protocols for personnel, information and physical security
  • granting security clearances to staff and contractors after receiving a recommendation from the New Zealand Security Intelligence Service (NZSIS).

Security Practitioners

Security practitioners employed by or contracted to agencies play an important role in managing personnel, physical and information security by implementing mandatory requirements and developing protective security procedures to suit the needs of their agency.

Security practitioners employed by or contracted to agencies play an important role in managing personnel, physical and information security.

By implementing the PSR you will:

  • better manage business risks
  • assure continuity of service delivery
  • assure the Government and the public you have appropriate, effective measures in place to protect New Zealand's people, information and assets.

The PSR provides you with:

  • core policy documents that describe the high level mandatory requirements that agencies are required to implement and report against
  • protocols and management requirements that provide further direction on how to meet the mandatory requirements
  • Security practitioners are to apply the Protective Security Requirements (PSR) with the understanding it provides pathways for successfully protecting people, information and assets.

As a security practitioner, your responsibilities include:

  • developing a strong and sustainable security culture within your agency
  • developing agency-specific policy and procedures that comply with the mandatory requirements of the PSR
  • reviewing your agency's protective security management policy and procedures regularly as part of your agency's approach to risk management and business planning
  • reporting to senior management on compliance against the mandatory requirements and agreed risk mitigation plans
  • determining specific roles and responsibilities for security across your agency
  • providing guidance to your agency head on security matters
  • managing and reporting security incidents
  • promoting and implementing protective security policy
  • providing oversight of agency protective security.

Employees

Employees play an important role in helping their agency maintain personnel, physical and information security. It is the responsibility of the individual to be familiar with the security policies and procedures for of their agency.

By observing your agency's security policies, you will:

  • assure continuity of service delivery
  • assure the Government and the public you have appropriate, effective measures in place to protect New Zealand's people, information and assets.

The PSR provides agencies with:

  • core policy documents that describe the high-level mandatory requirements that agencies are required to implement and report against
  • protocols and management requirements that provide direction on how to meet the mandatory requirements.
  • Government employees are to observe security policies with the understanding it provides pathways for successfully protecting people, information and assets.

As a government employee, your responsibilities include:

  • familiarising yourself with, and following, the policies and procedures of your agency and your role
  • knowing who is responsible for protective security within your agency
  • knowing your first point of contact for any questions about protective security
  • reporting any security incidents, that have or might occur, to your Chief Security Officer (CSO).

Depending on your role, you may also need to gain and maintain a national security clearance and clearly understand your security obligations and responsibilities as a clearance holder.

Service Providers

Service providers employed by government agencies play an important role in helping government agencies maintain personnel, physical and information security. It is the responsibility of the service providers to be familiar with the PSR to ensure their services reflect the requirements.

By implementing the PSR you will:

  • help manage business risks
  • assure continuity of service delivery
  • assure the Government and the public there are appropriate and effective measures in place to protect New Zealand's people, information and assets. 

The PSR provides you with:

  • core policy documents that describe the high-level mandatory requirements that agencies are required to implement and report against
  • protocols and management requirements that provide direction on how to meet the mandatory requirements.

As a service provider, your responsibilities include:

  • being aware of the PSR and the security policies and procedures that apply to your employer agency (particularly your obligations set out in your contractual terms and conditions)
  • understanding the impact of an employer agency's security policies and procedures on the services provided (services such as information management, information and communications technology, facilities design and management, personnel recruitment, general security services)
  • developing a positive working relationship with your employer agency to promote open communication and add value to the security environment through the prompt identification and resolution of issues.

Depending on the role, you may also need to gain and maintain a national security clearance (sponsored by your employer agency) and clearly understand your security obligations and responsibilities as a clearance holder.