Home 
Protective Security Governance Requirements
The Protective Security Requirements (PSR) set out the government’s mandatory requirements and management requirements related to security governance.
Mandatory requirements
There are 10 mandatory requirements relating to security governance that agencies must follow.
They include:
- establishing a structure for governing security within their agency
- appointing a member of senior management as the Chief Security Officer (CSO)
- adopting a risk management approach
- developing a set of protective security policies, plans and protocols to meet their specific business needs
- having an annual review and assurance system in place
- providing staff, including contractors, with information and security awareness training
- establishing procedures for reporting and investigating security incidents and taking corrective action
- ensuring contracted providers comply with the PSR and any agency-specific protective security protocols
- adhering to any security provisions in relevant multilateral or bilateral agreements
- establishing a Business Continuity Management (BCM) programme.
Management requirements
The PSR provides further information for agencies on topics such as developing agency protective security policies, plans and procedures and security awareness training.
For more information, refer to the management requirements for security governance.
Common questions
-
Who can I contact for more protective security advice?
-
Do you provide training?
-
How do I report a security incident?
-
Who is responsible for protective security across government?
-
How is the security for my workplace determined?
-
What happens when there has been a security breach?
-
What reporting on protective security is required by my agency?
Contact infomation
If you want to know more about the PSR you can contact:
psr@protectivesecurity.govt.nz +64 4 472 6170
