Skip to main content

Business and technical contexts of the information

Questions 1 and 2 — identify the business owner of the information to work out the business context and find the stakeholders for the information’s technical context.

Questions 1 and 2 — business context

Table 1 lists who is responsible for answering each question.

Context and help for questions 1 and 2

Record your answers to these questions in either:

Questions to answer

  1. Who is the business owner of the information?
  2. What are the business processes that are supported by the information?

Table 1: Who answers each question

Entity Questions to answer
Government organisation 1, 2
Service provider None

Context and help for questions 1 and 2

The following guidance helps you to:

  • answer the questions about the information’s business context
  • understand the information’s technical context — consulting the technical owner, subject matter experts or development and operations (DevOps) team helps you to answer the other questions in the risk assessment tool.

Business context

Before checking the value of the information, it’s important to know the business context of the information.

The Government Chief Digital Officer’s guidance on risk assessments shows the most common areas of concern for information when using public cloud services.

You might have other risks in your context or choice of public cloud service that you need to consider.

Business context of an information system

Check for approved public cloud services

See if your organisation or Marketplace has already approved your public cloud service, or its equivalent, for use. You’ll still need to do a risk assessment for it to account for factors that are unique to your:

  • information
  • business context.

Ways to buy public cloud services

Check for certification documents you can use

For NZ government agreements and contracts, you can use certification documents to help with your risk assessment. To get these, contact the security team at the Department of Internal Affairs at

Help from professional services for risk assessments

Your organisation might not have the expertise for carrying out its own risk assessment. The business and technical owners can decide to get an industry expert listed on Marketplace to do the risk assessment for them.

Risk assessments are a professional service in information security. Contact an industry expert if you need their services.

Information Security Professional Services

Next step — technical owner and context

The business owner should check with the technical owner of the information.

They will know the answers to many of the questions in the risk assessment tool — or may know who can answer them in your organisation.

Technical context of an information system

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated