Skip to main content

NZISM Background


Safe, secure and functional information systems are vital for the successful operation of all government organisations. These systems underpin public confidence, support privacy and security and are fundamental to the effective, efficient and safe conduct of public and government business.

Governance, assurance and risk

A fundamental part of the NZISM is the clarification of governance requirements, role and authority of the chief and of senior executives, and further clarity on the principal assurance process – the certification and accreditation framework.

Chief Executives or heads of government departments and agencies are ultimately accountable for the management of risk and security within their organisations.  Assurance on the governance, management and security of information and information systems is vital in meeting these responsibilities.

NZISM described

The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security. 

The NZISM has evolved from the New Zealand Security of Information Technology (NZSIT) policies developed in the 1990’s, redeveloped into the NZSIT 400 series in 2004 and then replaced by the NZISM in 2010. A major rewrite took place in 2014, the third major version of this manual to be published.  This version of the NZISM was completely redeveloped in order to provide more clarity and to incorporate guidance on new technologies.  The redevelopment process was supported by extensive consultation within government and with the vendor and practitioner communities.

In addition, more frequent updates to accommodate the rapid pace of technological change are now a feature of the NZISM.