The Protective Security Requirements (PSR) set out the government’s mandatory requirements and management requirements related to information security.
Information security focuses on procedural measures designed to mitigate risks associated with producing, handling and protecting information and assets.
Appropriate information security is vital for the protection of people, information and assets.
There are 5 mandatory requirements relating to information security that agencies must follow.
providing clear direction on information security through policy and an agency security plan
establishing a framework to manage information security within an agency
implementing policies and protocols relating to the protective marking of information assets by following the New Zealand Government Security Classification System and the New Zealand Information Security Manual
documenting and implementing procedures and measures for managing information, Information and Communications Technology (ICT) systems and network tasks
having formal processes to approve ICT systems to operate, in accordance with the New Zealand Information Security Manual.
The PSR provides further information for agencies on topics such as the New Zealand Government Security Classification System, the management of aggregated information and mobile electronic device risks and mitigations.
For more information, refer to the management requirements for information security.