1 Introduction

Print this section

1.1 Purpose

The purpose of these requirements is to:

  • provide guidance on the process of applying for and maintaining a national security clearance
  • provide additional information for candidates
  • help to establish consistent terminology for personnel security across the New Zealand government
  • give agencies and employees a better understanding of candidate responsibilities during the security clearance vetting process
  • help agencies to protect their people, information and assets.
Back to the top of page Print this subsection

1.2 Audience

The audience for these requirements is:

  • New Zealand government security management staff, national security clearance holders and security vetting candidates
  • contractors to the New Zealand government providing protective security advice and services
  • any other body or person responsible for the security of New Zealand government people, information or assets.
Back to the top of page Print this subsection

1.3 Scope

These requirements cover the:

  • rights and responsibilities of an individual who is undergoing security vetting
  • obligations of a national security clearance holder
  • legislation relevant to the security vetting process.

They support the Personnel Security Protocol and the wider New Zealand Protective Security Requirements (PSR).

They are part of a suite of documents that help agencies meet their personnel security management requirements.

Back to the top of page Print this subsection

1.4 Compliance requirements

A control with a ‘must’ or ‘must not’ compliance requirement indicates that use of the control is mandatory. These are the baseline controls unless the control is demonstrably not relevant to the respective agency and can be clearly demonstrated to the agency head or accreditation authority.

A control with a ‘should’ or ‘should not’ requirement indicates that use of the control is considered good and recommended practice.  Valid reasons for not implementing a control could exist, including:

  1. a control is not relevant because the risk does not exist,
  2. or a process or control(s) of equal strength has been substituted.

Agencies must recognise that not using a control without due consideration may increase residual risk for the agency.  This residual risk needs to be agreed and acknowledged by the agency head.  In particular an agency should pose the following questions:

  1. Is the agency willing to accept additional risk?
  2. Have any implications for All of Government security been considered?
  3. If so, what is the justification?

A formal auditable record of this consideration and decision is required as part of the governance and assurance processes within an agency.

The PSR provides agencies with mandatory and best practice security measures.

The controls detailed above describe if and when agencies need to consider specific security measures to comply with the mandatory requirements.

Also refer to the Strategic Security Objectives, Core Policies and the Mandatory Requirements.

Back to the top of page Print this subsection

2 Candidate responsibilities

There are responsibilities involved in undergoing the security vetting process for the purposes of:

  • gaining employment
  • transferring or promotion into a position
  • securing a service provision contract
  • completing additional tasks within an existing position which require access to national security information.

Candidates must:

  • disclose all relevant and required information
  • cooperate in the provision of personal documents and corroborating evidence
  • answer questions fully and honestly
  • provide accurate information and personal documents.

Normally employers may not ask for certain personal information nor require full disclosure of all criminal records.

However, for employment in positions involving national security, Section 25 of the Human Rights Act 1993 allows the otherwise unlawful discrimination against individuals on certain grounds for employment purposes.

Also, the Criminal Records (Clean Slate) Act 2004 s19(3)(d)(i) allows an exemption so that the candidate’s full criminal history must be declared.

Candidates must declare all convictions and diversions to the potential employer or sponsoring agency to assist them in determining their suitability for security vetting by the New Zealand Security Intelligence Service (NZSIS).

Print this section

3 Obtaining a national security clearance

NZSIS has a statutory mandate to provide security vetting services to all New Zealand government agencies under the New Zealand Security Intelligence Service Act 1969.

Being a New Zealand citizen or a holder of a Residence Class visa is a condition of eligibility for security vetting. In exceptional circumstances this requirement may be waived if the risks can be otherwise mitigated.

Print this section

3.1 Required documentation

A candidate’s employing or sponsoring agency and NZSIS may need to sight a number of documents to confirm a candidate’s identity and background.

Refer to Annex A.

Any or all of these documents may be requested during the security vetting process. If there are any gaps or anomalies identified from the information and documents the candidate provides, NZSIS may request additional documents.

The rationale will be explained at the time of the request.

Back to the top of page Print this subsection

3.2 Security clearance management and obligations

Some national security clearances are granted subject to specific requirements to address security risk management.

If so, a candidate will be advised at the time a clearance is granted.

Clearances are reviewed at regular intervals, usually every five years. Sometimes a shorter review period will be stipulated, for example where there are concerns about a candidate’s maturity or conduct.

If a clearance holder's personal circumstances change then those changes may affect his or her continued suitability to hold a security clearance. It is the clearance holder's responsibility to report relevant changes to his or her employing or sponsoring agency.

For more information refer to Reporting Changes in Personal Circumstances.

Access to  protectively marked information will make a clearance holder a potential target for foreign intelligence services and other individuals and groups without a legitimate need-to-know. It is the responsibility of a national security clearance holder to report any suspicious contacts.

For more information refer to Contact Reporting.

Back to the top of page Print this subsection

3.3 Security awareness training

Security awareness training is an ongoing process and must be provided by all agencies in order to:

  • foster a positive security culture within the agency
  • provide personal security awareness
  • address agency-specific security risks.

An agency’s security section or departmental security officer is responsible for all security awareness training.

For more information refer to Security Awareness Training.

Back to the top of page Print this subsection

3.4 Evidence of New Zealand citizenship or immigration status for national security clearances

As allegiance to New Zealand is the primary consideration when assessing suitability for access to information regarding national security, it follows that being a New Zealand citizenship or a holder of a Residence Class visa is a condition of eligibility for national security clearances.

New Zealand citizenship is a requirement for employment for certain roles as some organisations are subject to externally-imposed rules about the nationality of staff accessing certain material. Some national security information is subject to endorsements limiting access to New Zealand or other specified nationalities.

A candidate's employer or sponsoring agency is required to verify citizenship and/or immigration status before initiating a vetting request.

Candidates who have lived outside New Zealand for more than 6 months may be required to obtain credit and criminal records checks from the country or countries they have been resident in.

Some of these documents are required at the recruitment stage, while others will need to be presented during the security vetting process. Chief Security Officers (CSOs) will give instructions to candidates.

For information on evidence of identity standards, refer to the Department of Internal Affairs’ website. Go to: www.dia.govt.nz

Back to the top of page Print this subsection

4 Security vetting - frequently asked questions

The following frequently asked questions are intended as a general guide for candidates.

It is recommended candidates speak to their sponsoring agency for more detailed or specific answers to queries.

What is security vetting and who is eligible?

Security vetting is a series of background checks and assessments carried out by NZSIS vetting officers to ensure that people entrusted with national protectively marked resources:

  • are eligible to have access
  • have had their identity established
  • are suitable to have access
  • are willing to comply with the standards that safeguard those resources against misuse
  • demonstrate appropriate behaviour in both their personal and professional lives.

The security vetting process is intrusive by its nature. However, the candidate’s privacy and dignity are respected.

The process is non-discriminatory and the principles of procedural fairness are observed to the extent possible.

Normally only New Zealand citizens or holders of Residence Class visa whose backgrounds can be checked for the requisite period of five years for CONFIDENTIAL level clearances, ten years for SECRET level clearances and ‘whole-of-life’ for the highest-level clearances are eligible for security vetting.

How is it decided what level of national security clearance a person needs?

The level of national security clearance required will depend on the level of protectively marked information a candidate will be required to regularly and routinely access in his or her position, that is, what is the candidate’s need-to-know?

The requirement for a national security clearance is not based on rank, seniority or status.

For more information, refer to Security Assessment Criteria and the Adjudicative Guidelines.

What is ‘need-to-know’?

To protect the security of protectively marked resources, the Government has decided that only people whose work responsibilities require access to these resources are to have access. These people are commonly referred to as having a ‘need-to-know’.

What are the levels of national security clearances?

Security vetting is carried out for the following levels:

CONFIDENTIAL

SECRET

TOP SECRET

TOP SECRET SPECIAL.

As the levels increase, more rigorous checking is required and broader and deeper inquiries are made.

For more information, refer to the Personnel Security Protocol.

What are agency specific character checks (fit and proper person checks)?

Candidates should note that agency heads may decide that additional checks are required to address specific risks identified in their agency. These checks may be carried out by the agency in addition to sponsoring a candidate for security vetting.

These checks are not transferrable and a candidate will normally need to undergo them prior to being employed.

Why does someone need a national security clearance?

Security vetting is required in New Zealand to limit the risk of protectively marked information being accessed by unauthorised organisations and persons such as:

  • foreign intelligence services
  • groups or individuals who wish to overthrow or undermine the government by unconstitutional or violent means
  • terrorist groups
  • individuals who:
    • may be susceptible to pressure or improper influence
    • have shown dishonesty or lack of integrity which casts doubts upon their suitability
    • have demonstrated behaviour or are subject to circumstances which may otherwise indicate unreliability or vulnerability.

While a candidate may not be a member of one of the above groups, security vetting may identify if the candidate could be subject to undue influence from these types of organisations or people.

Who needs a national security clearance?

Staff with a legitimate ongoing need to access security classified resources to carry out their duties must first be granted a national security clearance.

These people may include:

  • public servants
  • members of the intelligence community
  • members of the armed forces
  • contractors who provide goods and services to a government agency
  • other persons who are provided with protectively marked material by a government agency
  • people who have access to classified Information and Communications Technology (ICT) systems.

What makes someone suitable to hold a national security clearance?

NZSIS determines someone’s suitability to access protectively marked resources through an assessment of a number of suitability indicators, including:

  • loyalty
  • honesty
  • trustworthiness
  • an appreciation of protective security responsibilities and obligations.

NZSIS will conduct a number of background assessments and records checks on a candidate to identify possible vulnerabilities against factor areas including:

  • external loyalties, influences and associations
  • personal relationships and conduct
  • financial considerations
  • alcohol and drug use
  • criminal history and conduct
  • security attitudes and violations
  • mental health disorders.

How does the security vetting process work?

NZSIS has a statutory mandate to conduct security vetting in New Zealand on behalf of all government agencies.

Candidates will be asked to complete an online vetting application containing a range of questionnaires.

The level of national security clearance that a candidate is put forward for will determine the number and complexity of the questions and the degree of intrusion into that candidate's private life.

Depending on the clearance level, a candidate may be asked to provide a range of character referees and may be interviewed by an NZSIS vetting officer.

The information provided is used as the basis for conducting a range of background checks and inquiries such as a credit check and a criminal record check.

These background checks will assist in identifying any vulnerable areas in a candidate’s life or background history that may expose someone to manipulation, blackmail or coercion.

When the background checks are complete, NZSIS will collate and analyse the information and make an assessment of the candidate’s suitability to access protectively marked material.

What happens when security vetting is complete?

After reviewing all of the information provided by a candidate, any referee reports and the results of the background check, NZSIS will make a recommendation to the candidate’s agency head, advising whether the candidate has been recommended for access to a particular level of protectively marked material.

The candidate’s agency head or his or her delegated authority will base their decision on the NZSIS recommendation together with any evaluative material obtained independently.

How is someone told if a national security clearance has been granted?

NZSIS will notify a candidate’s sponsoring agency of the outcome of his or her security vetting. This will usually be in the form of a letter or by email, advising the candidate has been recommended for access to a particular level of security protectively marked material.

If there are any qualifications to the recommendation, then the candidate’s agency will be informed so that any risk can be managed.

The agency must then inform the candidate that he or she has been granted a national security clearance and brief the candidate on his or her responsibilities.

If NZSIS recommends against a national security clearance, the candidate will be told why and how to seek redress.

The sponsoring agency must provide a candidate with a security awareness induction that makes their responsibilities clear, including the need to report any changes in personal circumstances and suspicious contacts. Candidates who are unsure of their responsibilities as a national security clearance holder must contact their agency security team for further advice.

Can vetting recommendations be reviewed?

A candidate who is unhappy with the way the NZSIS carried out the vetting process or with their recommendation has a statutory right to make a complaint to the Inspector-General of Intelligence and Security.

Complaints must be in writing and addressed to:

Inspector General of Intelligence and Security

c/- The Registrar of the High Court of New Zealand

DX SX 11199

Wellington

More information is available at www.igis.govt.nz.

Does someone who is changing agencies and who has an existing national security clearance need to undergo another vetting?

New Zealand government agencies recognise national security clearances granted by other agencies, provided they come with a favourable recommendation from NZSIS.

Relevant personal information will also be released to the new employer so that the agency can manage any associated risk.

As a result, candidates may still be required to undergo a new security vetting if:

  • an existing clearance is more than four years old
  • the candidate needs a clearance at a higher level than his or her existing clearance
  • the clearance was issued subject to certain risk management conditions
  • there have been significant changes in the candidate’s personal circumstances.

Can someone obtain a national security clearance themselves before applying for a job?

No. Security vetting candidates must:

  • be employed in, or selected for, a permanent, temporary or contract position in a New Zealand government agency that requires access to protectively marked material, or
  • be sponsored by a New Zealand government agency as:
    • a contractor, or work for a contractor, to a government agency and require access protectively marked resources
    • a person who requires access to protectively marked resources as part of an agreement with a government agency.

What rights do candidates have?

When candidates are undergoing the security vetting process, their CSO and NZSIS will inform them of their rights and responsibilities.

As the security vetting process is inherently intrusive, a candidate’s privacy and dignity will be respected at all times. NZSIS will not conduct any necessary checks or inquiries without first gaining the candidate's consent, however a candidate may not be informed of the nature of all inquiries undertaken. It is important the candidate comprehends all aspects of the process, as well as his or her responsibilities.

Section 25 of the Human Rights Act 1993 recognises that for work involving New Zealand’s national security, factors must sometimes be considered that might otherwise be discriminatory.

Thus, during the security vetting process, candidates may be discriminated against on the basis of:

  • religious or ethical belief
  • political opinion
  • psychiatric illness
  • intellectual or psychological disability
  • particular marriage partners or relatives
  • national origin.

Further, where a candidate is under age 20, it is not a breach of the Act to decline employment on the grounds of age if the work requires a high level (SECRET, TOP SECRET or TOP SECRET SPECIAL) national security clearance.

However, NZSIS do not discriminate on the grounds of:

  • sex
  • sexual orientation or preference
  • age (other than as outlined above)
  • colour
  • race
  • physical disability
  • marital status.

The decision about suitability for a national security clearance must observe the principles of procedural fairness to the extent possible.

Refer to Security Assessment Criteria and the Adjudicative Guidelines and Procedural Fairness.

Candidates will be assessed on the whole person principle, that is, the NZSIS considers factors relevant to the vetting process in the context of someone’s whole life and range of experiences so that the assessing officer develops an accurate assessment of the candidate as a unique individual.

Security vetting works within the legal framework of the Privacy Act 1993, the Human Rights Act 1993, the Official Information Act 1982 and the Criminal Records (Clean Slate) Act 2004, which impose obligations on agencies collecting personal information. The agency collecting the information is to inform the candidate of the reason for the collection of the information, as well as how it will be used and, if applicable, disclosed.

Can personal information be accessed?

Candidates may have access to any of the information they provide, in accordance with the Privacy Act 1993 and the Official Information Act 1982.

However, some external checks and reports are exempt and candidates will not be able to access this information.

Will personal information be protected?

Both the Privacy Act 1993 and the Official Information Act 1982 allow NZSIS to refuse to disclose, even to candidates, personal information that is evaluative material, if its disclosure would breach an undertaking of confidence.

The information provided by referees is also protected from disclosure.

What is procedural fairness?

The security vetting process follows the principles of procedural fairness. Procedural fairness is concerned with the procedures used by a decision-maker, rather than the actual outcome reached.

It requires a fair and proper procedure be used when making a decision. A decision-maker who follows a fair procedure is more likely to reach a fair and correct decision.

For further information, refer to Procedural Fairness.

NZSIS’s commitment to procedural fairness protects the rights of the candidate in the security vetting process. 

Print this section

About

The purpose of these requirements is to:

  • provide guidance on the process of applying for and maintaining a national security clearance
  • provide additional information for candidates
  • help to establish consistent terminology for personnel security across the New Zealand government
  • give agencies and employees a better understanding of candidate responsibilities during the security vetting process
  • help agencies to protect their people, information and assets.

Search this document for:

Last modified: 18 December 2014

Acknowledgements and licensing information