NZ bans unapproved govt IT suppliers after data breach

By on
NZ bans unapproved govt IT suppliers after data breach

Approved supplier list not mandatory in the past.

New Zealand Prime Minister Jacinda Ardern's Cabinet has clamped down on government agencies using unvetted IT service providers, cracking down on hard on rules around privacy and systems security.

The measures come after another embarrassing data breach at the ministry of Arts, Culture and Heritage, which saw an unnamed supplier leaked hundreds of people's sensitive personal information including birth certificates, passport numbers and drivers' licences.

In a press conference [pdf], Ardern said that with immediate effect, a set of interim decisions were made by Cabinet that set mandatory requirements for government agencies.

The requirements force small agencies to only procure products and services from the all-of-government ICT common capabilities list that names approved providers.

Additionally, the agencies must review current and future planned IT projects, implement common capability security, and adhere to privacy related guidance from the government chief digital officer.

The GCIO's information security standards and policies must be followed, Ardern emphasised.

Agencies have to obtain certification from the GCIO that they comply with the requirements, she added.

Ardern defined small agencies as those with limited IT capability and not by size.

They include important parts of the government, such as the Department of the Prime Minister and Cabinet, the State Services Commission, the Crown Law, and Ministry of Defence among others.

The Treasury, which was embroiled in a data breach scandal recently that leaked sensitive government budget information ahead of the official release, is also listed as an agency that needs to handle privacy and security better.

"My understanding is that the list has not been mandatory, but as I’ve set out, as an interim step, while we work through what needs to occur to prevent this ever happening again, we will now be requiring those small agencies to procure from that list over the near future while we work to ensure the security of all New Zealanders’ data and restore confidence in the systems and the agencies who are providing services to the New Zealand public," Ardern said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
government jacinda ardern new zealand security

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

Most Read Articles

Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network
Google threatens to withdraw search engine in Australia

Google threatens to withdraw search engine in Australia
NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co runs fixed wireless tower on diesel generator for over two years
NBN Co saves $1m a year by powering down idle line cards

NBN Co saves $1m a year by powering down idle line cards
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?