NZ bans unapproved govt IT suppliers after data breach

By on
NZ bans unapproved govt IT suppliers after data breach

Approved supplier list not mandatory in the past.

New Zealand Prime Minister Jacinda Ardern's Cabinet has clamped down on government agencies using unvetted IT service providers, cracking down on hard on rules around privacy and systems security.

The measures come after another embarrassing data breach at the ministry of Arts, Culture and Heritage, which saw an unnamed supplier leaked hundreds of people's sensitive personal information including birth certificates, passport numbers and drivers' licences.

In a press conference [pdf], Ardern said that with immediate effect, a set of interim decisions were made by Cabinet that set mandatory requirements for government agencies.

The requirements force small agencies to only procure products and services from the all-of-government ICT common capabilities list that names approved providers.

Additionally, the agencies must review current and future planned IT projects, implement common capability security, and adhere to privacy related guidance from the government chief digital officer.

The GCIO's information security standards and policies must be followed, Ardern emphasised.

Agencies have to obtain certification from the GCIO that they comply with the requirements, she added.

Ardern defined small agencies as those with limited IT capability and not by size.

They include important parts of the government, such as the Department of the Prime Minister and Cabinet, the State Services Commission, the Crown Law, and Ministry of Defence among others.

The Treasury, which was embroiled in a data breach scandal recently that leaked sensitive government budget information ahead of the official release, is also listed as an agency that needs to handle privacy and security better.

"My understanding is that the list has not been mandatory, but as I’ve set out, as an interim step, while we work through what needs to occur to prevent this ever happening again, we will now be requiring those small agencies to procure from that list over the near future while we work to ensure the security of all New Zealanders’ data and restore confidence in the systems and the agencies who are providing services to the New Zealand public," Ardern said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
government jacinda ardern new zealand security
In Partnership With

Most Read Articles

ATO to switch off legacy tax agent portals after 17 years

ATO to switch off legacy tax agent portals after 17 years
Westpac CIO Craig Bright outlines bank's new vision

Westpac CIO Craig Bright outlines bank's new vision
Inside SY5 IBX: Equinix's 8th DC in Sydney

Inside SY5 IBX: Equinix's 8th DC in Sydney
How Westpac's new CIO slashed his IBM mainframe bill

How Westpac's new CIO slashed his IBM mainframe bill
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here
Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?

Events

Log In

Username / Email:
Password:
  |  Forgot your password?