Your browser currently has JavaScript turned off, which means that Digital.govt.nz might not display properly on your device. It's easy to turn JavaScript on - find out how to enable JavaScript in your browser.

Business and technical contexts of the information

Questions 1 and 2 — identify the business owner of the information to work out the business context and find the stakeholders for the information’s technical context.

Questions 1 and 2 — business context

Table 1 lists who is responsible for answering each question.

Context and help for questions 1 and 2

Record your answers to these questions in either:

the Excel version — risk assessment tool for public cloud services
your organisation’s document for recording risk assessments.

Questions to answer

Who is the business owner of the information?
What are the business processes that are supported by the information?

**Table 1:** Who answers each question
Entity	Questions to answer
Government organisation	1, 2
Service provider	None

Context and help for questions 1 and 2

The following guidance helps you to:

answer the questions about the information’s business context
understand the information’s technical context — consulting the technical owner, subject matter experts or development and operations (DevOps) team helps you to answer the other questions in the risk assessment tool.

Business context

Before checking the value of the information, it’s important to know the business context of the information.

The Government Chief Digital Officer’s guidance on risk assessments shows the most common areas of concern for information when using public cloud services.

You might have other risks in your context or choice of public cloud service that you need to consider.

Business context of an information system

Check for approved public cloud services

See if your organisation or Marketplace has already approved your public cloud service, or its equivalent, for use. You’ll still need to do a risk assessment for it to account for factors that are unique to your:

information
business context.

Ways to buy public cloud services

Check for certification documents you can use

For NZ government agreements and contracts, you can use certification documents to help with your risk assessment. To get these, contact the security team at the Department of Internal Affairs at ictassurance@dia.govt.nz.

Help from professional services for risk assessments

Your organisation might not have the expertise for carrying out its own risk assessment. The business and technical owners can decide to get an industry expert listed on Marketplace to do the risk assessment for them.

Risk assessments are a professional service in information security. Contact an industry expert if you need their services.

Information Security Professional Services

Next step — technical owner and context

The business owner should check with the technical owner of the information.

They will know the answers to many of the questions in the risk assessment tool — or may know who can answer them in your organisation.

Technical context of an information system

Was this page helpful?

Yes No Partly

Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

What did you come here to do?

How can we improve this information?

Enter your email address if you want a response

Last updated 10 October 2022

Business and technical contexts of the information

Questions 1 and 2 — business context

Questions to answer

Table 1: Who answers each question

Context and help for questions 1 and 2

Business context

Check for approved public cloud services

Check for certification documents you can use

Help from professional services for risk assessments

Next step — technical owner and context

Utility links and page information

Share on