Classification system

Mandatory requirements

The Classification System is mandated for use by the Protective Security Requirements Information Security requirements:

INFOSEC2 - Design your information security

Consider information security early in the process of planning, selection, and design. Design security measures that address the risks your organisation faces and are consistent with your risk appetite. Your security measures must be in line with:

  • the New Zealand Government Security Classification System
  • the New Zealand Information Security Manual
  • any privacy, legal, and regulatory obligations that you operate under.

Adopt an appropriate information security management framework that is appropriate to your risks.

To meet this mandatory requirement, your agency must implement the 2022 Classification System policy and requirements detailed in the sections below.

Page last modified: 20/06/2022