Security and privacy governance
Find out about roles and responsibilities when it comes to security and privacy.
What you need to know
- You must have protective security governance arrangements — see Protective Security Requirements
- Websites must have a business owner who is a senior manager, and a manager and administrators
- You must have documentation for online systems and management procedures
- Raise concerns with your Chief Information Security Officer
- Discuss security and privacy governance with your IT Security Manager
Chief Security Officer
You must appoint a senior manager as the Chief Security Officer (CSO).
They're responsible for the agency protective security policy and oversight of protective security practices.
You must appoint a Privacy Officer.
They don't need special training, but they do need to understand the 12 Privacy Principles.
The agency head endorses and is accountable for information security in your agency.
Chief Information Security Officer (CISO)
The CISO sets the strategic direction for information security in your agency.
Information Technology Security Managers (ITSM)
ITSM provide information security leadership and management in your agency.
System owners obtain and maintain accreditation of their systems, including directly related services such as cloud.
System users comply with information security policies and procedures in your agency.
If you've got any concerns about security and privacy governance, talk to your CISO.
Make sure you're familiar with the NZ Cyber Security Strategy.