Home 
Information Security Management Protocol
The Protective Security Requirements (PSR) set out the government’s mandatory requirements and management requirements related to information security.
Information security focuses on procedural measures designed to mitigate risks associated with producing, handling and protecting information and assets.
Appropriate information security is vital for the protection of people, information and assets.
Mandatory requirements
There are 5 mandatory requirements relating to information security that agencies must follow.
They include:
- providing clear direction on information security through policy and an agency security plan
- establishing a framework to manage information security within an agency
- implementing policies and protocols relating to the protective marking of information assets by following the New Zealand Government Security Classification System and the New Zealand Information Security Manual
- documenting and implementing procedures and measures for managing information, Information and Communications Technology (ICT) systems and network tasks
- having formal processes to approve ICT systems to operate, in accordance with the New Zealand Information Security Manual.
Management requirements
The PSR provides further information for agencies on topics such as the New Zealand Government Security Classification System, the management of aggregated information and mobile electronic device risks and mitigations.
For more information, refer to the management requirements for information security.
Information Security Management Protocol
-
Information Security Management Protocol
-
New Zealand Government Security Classification System
-
Handling Requirements for Protectively Marked Information and Equipment
-
Management of Aggregated Information
-
Mobile Electronic Device Risks and Mitigations
-
Communications Security
-
Agency Cyber Security Responsibilities for Publicly Accessible Information Systems
-
New Zealand Government Information in Outsourced or Offshore ICT Arrangements
Common questions
-
Who can I contact for more protective security advice?
-
Do you provide training?
-
What is a national security clearance?
-
How do I report a security incident?
-
What do I need to consider before travelling overseas?
-
How does the PSR relate to the GCIO-led Information and Privacy Security Programme?
-
How is the security for my workplace determined?
-
I am going to a cross agency meeting, will the other agencies recognise my national security clearance?
-
Can I access protectively marked material that is higher than my national security clearance level?
-
How do I protectively mark or classify a document?
-
What reporting on protective security is required by my agency?
Case studies
-
Risks of a compromised website: a PHYSEC, INFOSEC case study
-
Risks of making personal information public through social media: a PERSEC, INFOSEC case study
-
Correctly storing protectively marked information in exceptional circumstances: an INFOSEC and PHYSEC case study
-
Risks of taking electronic media overseas and not reporting the carrying of protectively marked information: an INFOSEC, PERSEC and PHYSEC case study
-
Email fraud: an INFOSEC case study
Contact infomation
If you want to know more about the PSR you can contact:
psr@protectivesecurity.govt.nz +64 4 472 6170
