NZ bans unapproved govt IT suppliers after data breach

By on
NZ bans unapproved govt IT suppliers after data breach

Approved supplier list not mandatory in the past.

New Zealand Prime Minister Jacinda Ardern's Cabinet has clamped down on government agencies using unvetted IT service providers, cracking down on hard on rules around privacy and systems security.

The measures come after another embarrassing data breach at the ministry of Arts, Culture and Heritage, which saw an unnamed supplier leaked hundreds of people's sensitive personal information including birth certificates, passport numbers and drivers' licences.

In a press conference [pdf], Ardern said that with immediate effect, a set of interim decisions were made by Cabinet that set mandatory requirements for government agencies.

The requirements force small agencies to only procure products and services from the all-of-government ICT common capabilities list that names approved providers.

Additionally, the agencies must review current and future planned IT projects, implement common capability security, and adhere to privacy related guidance from the government chief digital officer.

The GCIO's information security standards and policies must be followed, Ardern emphasised.

Agencies have to obtain certification from the GCIO that they comply with the requirements, she added.

Ardern defined small agencies as those with limited IT capability and not by size.

They include important parts of the government, such as the Department of the Prime Minister and Cabinet, the State Services Commission, the Crown Law, and Ministry of Defence among others.

The Treasury, which was embroiled in a data breach scandal recently that leaked sensitive government budget information ahead of the official release, is also listed as an agency that needs to handle privacy and security better.

"My understanding is that the list has not been mandatory, but as I’ve set out, as an interim step, while we work through what needs to occur to prevent this ever happening again, we will now be requiring those small agencies to procure from that list over the near future while we work to ensure the security of all New Zealanders’ data and restore confidence in the systems and the agencies who are providing services to the New Zealand public," Ardern said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
government jacinda ardern new zealand security
In Partnership With

Most Read Articles

Windows flaw lets Zoom leak network credentials, runs code remotely

Windows flaw lets Zoom leak network credentials, runs code remotely
Woolworths, Coles to raise tap-and-go limit to $200

Woolworths, Coles to raise tap-and-go limit to $200
Google location data shows Australia grinding to halt

Google location data shows Australia grinding to halt
Australia launches COVID-19 app, WhatsApp chat

Australia launches COVID-19 app, WhatsApp chat
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Driving business innovation through private cloud solutions
Driving business innovation through private cloud solutions
Future proofing your datacentre with hyperconverged infrastructure
Future proofing your datacentre with hyperconverged infrastructure
The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)
The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)
Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here

Events

Log In

Username / Email:
Password:
  |  Forgot your password?