Validate your security measures
Validate your organisation’s information security measures to find out if they’ve been correctly implemented and are fit for purpose.
INFOSEC3 - Validate your security measures
Confirm that your information security measures have been correctly implemented and are fit for purpose. Complete the certification and accreditation process to ensure your ICT systems have approval to operate.
Validating your security measures provides accountability
Your chief information security officer (CISO) must determine whether security measures are acceptable for the risks your organisation faces.
The validation step provides senior executives with the confidence that information and its associated technology are well-managed, risks are properly identified and mitigated, and governance responsibilities can be met.
Ensure appropriate certification and accreditation
Conduct the appropriate certification and accreditation processes required for the type of security measures being implemented.
ICT systems must follow the certification and accreditation process defined in the New Zealand Information Security Manual (NZISM). They must also reflect the mandatory controls in the manual.
Physical security of buildings, facilities and equipment requires additional certification and accreditation. Complete this before you get your ICT system accredited. See the Management protocol for physical security for more information.
Supporting documents and information
- NZISM: System Certification and Accreditation
- NZISM: Product Security / Supply Chain Security Validation
- Certifying and Accrediting security zones
Page last modified: 4/05/2022