Home 
Employees
Showing results for
Filter results by or show all
Requirements Common questions Case studiesFailing to make pre-employment checks - A PERSEC case study
This case study looks at the possible consequences of failing to make the appropriate pre-employment checks when appointing a new staff member. Other themes include: acting on information to conduct a security investigation identifying and managing poor performance Scenario – what happened In 2013, Joseph Hikairo Barlow, known as Joel Barlow, was sentenced to 14 years jail for defrauding the Queensland Health Board. Between 2007 and 2011, Barlow made 65 fraudulent grant payments to co...
Risks of a compromised website: a PHYSEC, INFOSEC case study
This case study looks at the possible risks associated with managing a public website. Themes covered include: risks of having official or government information compromised effect of having aggregated information compromised appropriately protecting government information and information storage methods. Scenario – what happened A government agency that liaises extensively with external and foreign partners has a thorough and content-rich website to maintain its relationships and provide th...
Risks of making personal information public through social media: a PERSEC, INFOSEC case study
This case study looks at the possible implications of posting a lot of personal information online. Themes covered, include: risks of social media aggregation of information online and how it can be used. Scenario – what happened Craig is a TOP SECRET clearance holder working for government who travels extensively for work. Craig is an enthusiastic user of social media tools Twitter, Instagram, LinkedIn and Facebook. He received a briefing when he first started his job that stressed the...
Risks of granting security vetting waivers: a PERSEC case study
This case study looks at the possible implications if an agency head were to incorrectly grant a security vetting waiver. Themes covered, include: importance of vetting for individuals requiring access to information, areas or networks protectively marked at CONFIDENTIAL or above importance of vetting for individuals known to an agency head. Scenario – what happened Murray is the CSO of a large government department about to quickly hire two administration staff on a temporary basis. Murra...
Risks of discussing sensitive information outside the workplace: a PERSEC case study
This case study looks at the possible implications of discussing sensitive information outside the workplace. Themes include: employees’ responsibility to protect protectively marked, privileged and sensitive information importance of security information and awareness training. Scenario – what happened Lucy is a TOP SECRET cleared government employee who works with protectively marked information on a regular basis. She has never had a recorded security breach or incident and has an i...
Risks of unauthorised personnel accessing restricted areas and agencies failing to follow physical security plans and procedures: a PHYSEC and PERSEC case study
This case study looks at the possible risks of allowing unauthorised personnel to access restricted areas and failing to follow an agency’s physical security plan and procedures. Themes covered include: requesting authorisation from unauthorised personnel evaluating the risk of frequent visitors securing building entry and exit points adhering to an agency’s physical security plan and procedures. Scenario – what happened Andrew is a disgruntled contractor formerly employed by a large gov...
Correctly storing protectively marked information in exceptional circumstances: an INFOSEC and PHYSEC case study
This case study looks at the importance of correctly storing protectively marked information. Themes include: appropriate storage zones and containers seeking NZSIS permission to hold protectively marked information in exceptional circumstances. Scenario – what happened A small government agency routinely stores information that is protectively marked as CONFIDENTIAL. Occasionally the agency also stores information protectively marked as SECRET. However, following a benign threat inciden...
Risks of taking electronic media overseas and not reporting the carrying of protectively marked information: an INFOSEC, PERSEC and PHYSEC case study
This case study looks at the possible implications of taking sensitive or official information overseas via electronic devices and failing to report the intent to travel. Themes covered include: advising of an intent to travel the national security risk of taking electronic media overseas evaluating the need to travel overseas with electronic devices. Scenario – what happened An upper level manager, Chris, and his lead negotiator, Taylor, get a last minute invitation to a three-day trade con...
Email fraud: an INFOSEC case study
This case study looks at the possible consequences of an email scam. Themes covered include: posting personal information online poor awareness of spoofing email agency protection against spoofing email. Scenario – what happened Amy, an agency head from a small government organisation receives an email message from someone she believes is a Ministry of Foreign Affairs (MFAT) colleague. The colleague’s email address looks genuine because at first glance it features her colleague’s name...
Security clearances for contractors who have spent time overseas: a PERSEC case study
This case study looks at the possible impact of an uncheckable period overseas for a contractor seeking TOP SECRET level security clearance. Themes covered include: security clearance requirements for contractors pre-employment screening process. Scenario – what happened Martin is a New Zealander with South African heritage (his parents were both born in South Africa) who has qualifications in computer studies and logistics. His criminal history has been unremarkable – as a teenager gr...
Reporting financial mismanagement and contact with foreign officials: a PERSEC case study
This case study looks at the possible consequences of not reporting financial mismanagement to the NZSIS at the time of the incident. Other themes include: reporting misuse of a credit card reporting contact with foreign government officials while overseas. Scenario – what happened Teina is a 38-year-old, single woman with a background in government sector administration roles. Recently, through hard work and a flair for accounting, she has become an assistant accountant in the travel serv...
Safeguarding protectively marked documents: a PHYSEC case study
This case study looks at the importance of safeguarding protectively marked documents. Themes covered include: reporting breaches or security incidents regardless of how minor they seem security clearance suitability influence of emotional instability and stress. Scenario – what happened John, a government employee, is working into the early evening to finish a protectively marked project that has taken several weeks to complete. It is the end of the week and John is feeling particular...
Who can I contact for more protective security advice?
Contact details for matters relating to the Protective Security Requirements website are listed below. Email: psr@nzsis.govt.nzFreephone: 0800-SIS 224 (0800-747 224)Phone: +64 4 472 6170Postal Address:Protective Security RequirementsPO Box 900, WellingtonNew Zealand Contact details for contributing agencies are available from their websites. Department of Prime Minister and Cabinet (DPMC)www.dpmc.govt.nz New Zealand Security Intelligence Service (NZSIS)www.nzsis.govt.nz Government Communic...
Do you provide training?
If you would like to find out more about ways to implement the PSR in your organisation please contact the PSR team at psr@nzsis.govt.nz.
What is a national security clearance?
A national security clearance is granted to an individual following a favourable vetting assessment by NZSIS. It indicates an individual’s suitability to access protectively marked material up to a specific clearance level. Security vetting, required before a security clearance can be granted, is a series of background checks and assessments carried out by the NZSIS’s vetting officers. For further information, see New Zealand Personnel Security Management Requirements – Information for Sec...
Is a national security clearance still valid if I move to another government agency?
A national security clearance can be transferred from one government agency to another under certain conditions. The clearance must be less than four years old, and the holder must be moving directly to a similar role. It is the receiving agency's responsibility to make themselves aware of any security clearance management advice the original agency received from NZSIS. The receiving agency must also notify NZSIS of the transfer. Agencies must follow the guidance for this process contained in th...
How do I report a security incident?
A security breach, infringement and violation are all types of security incident. All security incidents must be reported to the agency's Chief Security Officer (CSO) who will investigate the incident. The CSO will assess the situation and identify the appropriate response which may include advising the NZSIS or GCSB. For more information, see New Zealand Government Protective Security Governance Requirements – Reporting Incidents and Conducting Security Investigations....
Can I be issued with a temporary national security clearance?
No. Agencies must not grant ‘waivers’, ‘interim’ or ‘temporary’ security clearances while waiting for a recommendation from the NZSIS. Agencies can submit urgent clearance requests. Agencies should contact the NZSIS to discuss these cases prior to sending requests. Agency heads may authorise emergency access in exceptional circumstances. The emergency access provisions must not be used to facilitate entry or appointment into a position, or on reassignment of duties, while awaiting co...
When do I need to report a change in circumstances?
Some changes in personal circumstances may affect an individual’s suitability to have access to protectively marked information. Some significant changes may be used by foreign intelligence services, issue-motivated groups, criminal organisations or others to coerce or induce individuals into providing information or equipment belonging to the New Zealand government. Security clearance holders must report any changes in their personal circumstances to their CSO at the time they occur. Changes...
What do I need to consider before travelling overseas?
There are a number of things to consider before travelling overseas whether it is for work or personal reasons.When travelling overseas with electronic devices, either work or personal, you must consider the risks posed if the devices were lost, stolen or compromised. Electronic devices hold a significant amount of information about you, or the New Zealand government, and may provide an adversary with long-term access to that information. If possible, government employees should avoid taking wor...
When should I report contact with a foreign citizen?
All government employees, in particular, security clearance holders, must report any contact with foreign government officials that appears suspicious, persistent or unusual in any respect to their CSO. You will be asked to complete a contact reporting form if it involved non-official contact with embassy or foreign government officials within New Zealand, or foreign officials and/or nationals outside New Zealand, or any contact with a foreign national that seems suspicious. This includes any co...
Who is responsible for protective security across government?
Agency heads are ultimately accountable for all areas of protective security within their agency. Security agencies (NZSIS and GCSB) are responsible for providing advice on best practice. However, all individuals working for government are responsible for protective security, particularly clearance holders and those who have security responsibilities relevant to their individual role.
How does the PSR relate to the GCIO-led Information and Privacy Security Programme?
Lead agencies are working together to help agencies build their privacy and security culture as good security practice enables the protection of privacy. The IPS programme comprises a number of initiatives to lift capability in information privacy and security. The PSR provides a policy framework for protective security which comprises information security as well as physical and personnel security.
How is the security for my workplace determined?
The level, and degree, of security required in an agency depends on the size of the agency and the work conducted by the agency (such as whether the agency requires protectively marked material). Each agency should make an assessment to determine their own needs. The NZSIS is able to provide advice if required.
I am going to a cross agency meeting, will the other agencies recognise my national security clearance?
Yes. New Zealand government agencies should recognise your security clearance and you should be able to participate in meetings discussing protectively marked information with employees from other agencies when there is a 'need-to-know'.
What happens when there has been a security breach?
A security breach is an accidental or unintentional action that leads or could lead to, the loss or damage of official information or resources. A breach is also a failure to observe mandatory requirements. All security incidents, including breaches, must be reported to the agency's Chief Security Officer (CSO). The CSO will assess the situation and identify the appropriate response which may include advising the NZSIS or GCSB. Depending on the nature of the security incident, a formal investiga...
Can I access protectively marked material that is higher than my national security clearance level?
No. Individuals can only access protectively marked material up to the level their clearance allows. Agencies must not grant ‘waivers’, ‘interim’ or ‘temporary’ security clearances while waiting for a recommendation from the NZSIS. Agencies can submit urgent clearance requests. Agencies should contact the NZSIS to discuss these cases prior to sending requests. Agency heads may authorise emergency access in exceptional circumstances. The emergency access provisions must not be used to...
How do I protectively mark or classify a document?
To protectively mark or classify a document you must consider the adverse impact the information contained in the document could have on New Zealand and our international relations. For further information about security classifications and public and privacy information security classifications see New Zealand Government Information Security Management Requirements – New Zealand Government Security Classification System....
What reporting on protective security is required by my agency?
Agencies may be asked to perform a security self-assessment and submit a report to the NZSIS. These agencies will be advised well in advance. All agencies are encouraged to complete the self-assessment and may choose to also submit reports. Guidance can be found in New Zealand Protective Security Governance Requirements – Compliance Reporting....
What happens when I have been granted a security clearance?
The NZSIS will advise your CSO when the security vetting is complete. Based on the NZSIS recommendation, your agency head will decide whether to grant the clearance. When a clearance is granted, your agency will notify NZSIS and provide you with: a briefing on your responsibilities in relation to information handling details of action in case of a change in circumstance details of the agency’s security awareness training programme. Your agency must also implement a personal security clearanc...
How do I maintain my national security clearance?
To maintain a security clearance, you must continue to demonstrate honesty, trustworthiness, maturity and loyalty. As a security clearance holder, you are expected to report relevant changes in personal circumstances, any security incidents you are aware of and any suspicious contact. If you hold a high-level security clearance, you will also be required to complete an annual security appraisal.
I am considering applying for a role that requires a national security clearance, what do I need to consider?
If your application for employment is successful, the employing agency will be responsible for initiating and managing your security vetting and security clearance.To be eligible for a security clearance, you must be a New Zealand citizen or holders of a Resident Class visa whose background can be checked for a requisite period of five years for CONFIDENTIAL level clearances, ten years for SECRET level clearances and ‘whole-of-life’ for the highest-level clearances. You must also demonstrate...