Glossary

A B C D E F G H I L M N O P Q R S T U V W Z

S


Sabotage

An act, falling short of a military operation, or an omission intended to cause physical damage in order to assist a hostile foreign power or further a subversive political aim.

See section 79 of the Crimes Act 1961.

Safe hand

A method of transferring an article in such a way that the article is in the care of an authorised officer or a succession of authorised officers who are responsible for its carriage and safekeeping. The purpose of sending an article using safe hand is to establish an audit trail that allows the sender to receive confirmation that the addressee received the information.

Safety

Safety is the process of ensuring people involved with the organisation, including employees, customers and visitors, are protected from harm.

Sanitisation

The process of removing certain elements of information that will allow the protective marking that indicates the level of protection required for the information to be removed or reduced. This can refer to both electronic media and hard copy information. Information that is not destroyed needs the originator’s approval to be released at a lower level. Also see overwriting.

SECRET

A security classification that shows that compromise of the official information could cause serious damage to the national interest.

Security

The condition achieved when designated information, material, personnel, activities and installations are protected against espionage, sabotage, subversion and terrorism, as well as against loss or unauthorised disclosure. The term is also applied to those measures necessary to achieve this condition and to the organisations responsible for those measures.

A condition that results from the establishment and maintenance of protective measures to ensure a state of inviolability from hostile acts or influences.

With respect to protectively marked material, it is the condition that deters unauthorised persons from attempting to gain access to official material affecting national security.

Security Alarm System (SAS)

A SAS is the combination of intrusion detection devices, control panel, monitoring station and the policies and procedures needed to ensure an appropriate response to any alarms.

Security breach

An accidental or unintentional action that leads or could lead to, the loss or damage of official information or resources. A breach is also a failure to observe the protective security mandatory requirements. See also Security infringement and Security violation.

Security classification system

A set of procedures for identifying official information, the compromise of which could have a negative impact for the New Zealand government. It is the New Zealand government mechanism for protecting the confidentiality of information it generates or that is provided by other governments and private entities. The security classification system is implemented by assigning protective markings (such as TOP SECRET, RESTRICTED and SENSITIVE). Protective markings not only show the value of the information but also indicate the minimum level of protection the information must be afforded to safeguard it from compromise.

Security classified information (or resources)

Official information, or resources, that has been assessed under the New Zealand Security Classification System and afforded a protective marking. If compromised, such information could have a negative impact on the national interest, organisations or individuals.

Security clearance

A security clearance is granted to an individual following a favourable vetting assessment and recommendation provided by the NZSIS. An employee’s suitability to access protectively marked material is dependent on the clearance level granted and the need-to-know principle.

Security clearance management (personnel security)

The process required for comprehensive management of personnel holding security clearances. While security vetting is fundamental, it must be supported by active security risk management by both the organisation and the individual. The security clearance management life cycle consists of preemployment identity and verification checks, NZSIS security vetting, the formal grant of a security clearance by the agency head, management of any risks identified by the NZSIS, reporting notifiable changes in circumstances or foreign contacts, annual security appraisals and security vetting reviews.

Security container or room

NZSIS-approved A, B or C class container or room. See Security Zones and Risk Mitigation Control Measures.

Security culture

The ready acceptance by people that the securing of official information and other agency resources is an important and integral part of everyday work practices. The culture of a work group describes the patterns of basic assumptions, beliefs, customs and attitudes of the group that shape the behaviour of members of that group.

Security in Government Sector Manual (SIGS)

The New Zealand Government Security in Government Sector Manual was the precursor to the PSR.

Security incident

A security infringement, breach, violation, contact or approach from those seeking unauthorised access to official resources, or any other occurrence, that results in negative consequences for the New Zealand government.

Security infringement

Any incident that violates internal protective security procedures as outlined in internal agency protective security procedures, other than those that can be categorised as a security breach or security violation.

Security investigation

An investigation carried out to establish the cause and extent of a security incident that has, or could have, compromised the New Zealand government. The overall purpose of a security investigation is to prevent the incident from happening again by making improvements to the agency’s systems or procedures.

Security of Information Agreement or Arrangement (SIA)

An agreement or arrangement with a foreign government setting out reciprocal obligations to safeguard exchanged classified information. Signatories make a moral and political commitment to uphold and adhere to the terms of the arrangement. An SIA holds treaty status and includes MOUs.

Security plan

See Agency Security Plan

Security policy

A set of rules and practices that specify or regulate how a system or organisation provides security services to protect sensitive or critical resources.

Security risk

Any event that could result in the compromise, loss of integrity or unavailability of official information or resources, or the deliberate harm to people measured in terms of its probability and consequences.

Security risk criteria

Statements that communicate the expectations of an agency’s senior management about the agency’s security environment. These criteria help an agency identify security risk and prepare appropriate security treatments, and provide a benchmark against which the success of the security plan can be measured. Also see risk appetite.

Security risk review

The process used to determine risk management priorities by evaluating risk against predetermined criteria in the context of an agency’s protective security arrangements.

Security vetting recommendation

A formal assessment by the NZSIS recommending that the agency grant a security clearance to a candidate.

Security violation

A deliberate, negligent or reckless action that leads, or could lead, to the loss, damage, corruption or disclosure of official information or resources.

Security zones

A method of assessing the security of areas used for protecting people, or handling and storing information and physical assets, based on security controls. Security zones range from One to Five.

Security-in-depth (or defence-in-depth)

A multi-layered, systematic approach to security in which security countermeasures are combined to support and complement each other. This makes unauthorised access difficult, for example, physical barriers should complement and support procedural security measures and vice versa.

Selective tendering

A type of acquisition strategy in which agencies provide a copy of the statement of requirements (SOR) to a small number of potential providers and request a tender from them for the performance of the function. Also see tendering.

SENSITIVE

A security classification that shows that compromise of official information would likely damage the interest of New Zealand or endanger the safety of its citizens.

Sensitive Compartmented Information (SCI)

A compartmented marking. SCI is a category of information that, by virtue of its sensitivity (including, but not limited to, intelligence targets, capabilities and techniques), is specially compartmented. Protection of SCI material requires collective physical, personnel and ICT security measures. Access to SCI is logically controlled to authorised individuals who have a TOP SECRET security clearance, appropriate compartment briefings and a legitimate need-to-know.

Sensitive information

Information that may be exempt from disclosure under sections 6 and 9 of the Official Information Act 1982.

SIGINT

Signals intelligence

Site

The discrete, separate physical location of an agency’s facility(s). Agencies may occupy more than one site.

Site planning (physical security)

A determination, as part of the agency’s regular risk review, that the agency’s physical environment is appropriate or inappropriate.

Site security plan

A plan that documents measures to reduce to an accepted level the identified risks to the agency’s functions and resources at a designated site.

SLAs

Service Level Agreements

SOP

A standard operating procedure, or SOP, is a set of step-by-step instructions compiled by an organization to help workers carry out complex routine operations.

Source codeword

A type of endorsement marking. A word or set of letters used to identify the source of certain information without revealing it to those who do not have a need-to-know. People who need to access this information must be cleared and briefed about the significance of this type of information. See also Codeword.

Special event

A planned event of such a nature that the national interest is served by the New Zealand government’s involvement in whole-of-government coordination of security and/or the provision of support to offshore events.

Specified persons

Specified persons who are authorised by the agency to have access to carry out work or perform duties.

Spying

See Espionage.

SSC

State Services Commission

SSP

System Security Plan

Statement of Requirements (SOR)

A description of the activity or function to be contracted out in terms of required outputs and outcomes.

Sub-contractor

A contractor who contracts to provide goods or services to another contractor, so that the latter can perform another contract.

Suitability indicators (personnel security)

Suitability indicators for a security clearance include maturity, responsibility, tolerance, honesty and loyalty, also see the Security Assessment Criteria and the Adjudicative Guidelines.