Identify the need for a national security clearance
This section provides guidance to help government organisations understand when someone in their organisation needs to hold a national security clearance and when they don't.
PERSEC4 - Manage national security clearances
Ensure people have the appropriate level of national security clearance before they are granted access to CONFIDENTIAL, SECRET and TOP SECRET information, assets or work locations. Manage the ongoing suitability of all national security clearance holders to hold a clearance and notify NZSIS of any changes regarding their clearance.
Working out who needs a clearance and at what level
If a person needs access to government information, assets, or work locations marked IN CONFIDENCE, SENSITIVE, or RESTRICTED for their role, they do not need a clearance. However, the ‘need-to-know’ principle still applies. That means ensuring you restrict access to people who have an operational need and have passed your personnel security checks.
If a person needs access to government information, assets, or work locations classified as CONFIDENTIAL, SECRET, or TOP SECRET for their role, they must have a clearance at the appropriate level.
To work out whether a person requires a clearance and at what level:
- analyse the duties of the position
- identify the highest level of classified information, assets, or work locations the person will need access to
- identify whether the person will have access to any collections of classified information or assets (physical collections and collections of information in ICT systems)
- work out how long the person will need the clearance for (for example, is the role short-term or permanent?).
Remember to consult your security staff throughout this process.
Threats the vetting process protects against
The vetting process helps to mitigate threats to national security from the following sources.
- Individuals who:
- may be susceptible to pressure from third parties with harmful intentions
- have been dishonest or shown a lack of integrity
- have been unreliable or may be unreliable because of their circumstances
- Foreign intelligence services
- Terrorist groups
- People who wish to overthrow or undermine our parliamentary democracy through political, industrial, or violent means.
Assessing access levels for classified information in ICT systems
Anyone who needs access to an ICT system that holds classified information or assets marked CONFIDENTIAL or above must have a clearance that matches the highest protective marking of information held in the system.
If a system holds collections of information
Collections of information (aggregated information) can be more valuable than the single pieces of information they’re made up of. When you’re working out access levels, ensure you consider the value or sensitivity of collections of information held in your ICT systems. You need to ensure access levels reflect the risk of harm from collections of information being misused.
For example, if you have a collection of RESTRICTED information in a system and it is considered CONFIDENTIAL when considered as a whole, users of that system must have a CONFIDENTIAL clearance.
If a system holds Sensitive Compartmented Information (SCI)
If a system holds SCI, everyone who accesses the system must have the required security clearances and briefings for the compartments.
ICT systems holding SCI must be accredited by the Government Communications Security Bureau (GCSB).
We recommend you get advice from the GCSB to help you work out clearance levels and citizenship requirements for access to ICT systems with SCI.
If a system holds information marked New Zealand Eyes Only (NZEO)
The NZEO marking shows that access to information is restricted to New Zealand citizens with an appropriate clearance on a need-to-know basis.
If an ICT system holds information marked NZEO, you can’t give access to anyone who is not a New Zealand citizen unless:
- the person has a NZEO waiver, or
- technical controls are in place to prevent unauthorised people from accessing NZEO material.
Understand limits to access for foreign nationals
You cannot allow foreign nationals to access:
- any information, assets, or work locations marked NZEO unless they have a NZEO waiver
- classified material released to New Zealand from another country unless that country has approved the access in writing.
These rules apply even if the person already has a national security clearance at the appropriate level. (Some exceptions apply in limited circumstances.)
Consider your options for short-term roles
If you need short-term or temporary cover for a role that requires a clearance, consider reassigning an existing clearance holder from within your organisation.
If you need a new clearance for a short-term role, talk to the NZSIS security vetting team about whether the person could be cleared in time to meet your needs.
Recruiting for roles that require national security clearances
When your organisation advertises a position that requires a clearance, it is good practice to:
- tell people they’ll need to be vetted for a clearance
- include an outline of the eligibility criteria or a link to the eligibility self-check tool
- encourage people to get in touch with you if they’re unsure about their eligibility or the vetting process.
Being up front and approachable about eligibility and what’s involved with getting a clearance may mean you get fewer unsuitable applications for the role.
Making a clearance a condition of employment
It is good practice to make getting and maintaining a clearance a condition of employment.
Ideally, you will have notified potential candidates of this condition in your advertising. If you haven’t, tell your chosen candidate before you offer them employment and include the condition in their employment contract (or contract for services if they’re a contractor or service provider). Apply this practice to internal candidates or secondment arrangements as well.
Page last modified: 6/08/2020