Skip to content.
|Networking government in New Zealand.
You are here: Home » About e-govt » Programme » E-government Agency Checklist » Mandatory Requirements

Mandatory Requirements

Public Service departments and Non-Public Service Departments in the State Services

The following aspects of e-government are mandatory for all public service departments and non-public service departments in the state services:

Online authentication - Direction regarding all-of-government shared authentication services

  1. All Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office, and the New Zealand Security Intelligence Service are directed as follows:
    1. before developing a proposal to invest in or build online credential management or identity verification capability as an alternative to using all-of-government shared authentication services (known upon the giving of this direction as the Government Logon Service and the Identity Verification Service), whether the proposal is to be funded from retained depreciation funding or from new funding, to consult with the State Services Commission; and
    2. if, after such consultation:
      1. the government department still intends to invest in or build alternative online credential management or identity verification capability; and
      2. the State Services Commission has not agreed, either in the individual case or by reference to a generic class consent, to the government department investing in or building alternative online credential management or identity verification capability,

      the government department must obtain the approval of its Minister and the Minister of State Services before taking action to implement the proposal.

  2. For the avoidance of doubt, the direction is not intended to detract from the requirements of the Cabinet Office Circular CO (99) 7, Financial Delegations and Delegations Limits for Responsible Ministers and Departmental Chief Executives, or any successor circular on the same subject-matter.
  3. For the purposes of this direction:
    1. "online credential management" means the use of logons, such as (but not limited to) passwords or two-factor authentication, for ongoing confirmation of identity when accessing a secure online service, whether the service is made available to audiences external to the government department or is only accessible to audiences within or serving the government department itself;
    2. "identity verification" means the establishment and re-confirmation of the identity and identity attributes of a person; and
    3. "generic class consent" means a decision, made by the State Services Commission, to grant consent to a particular class of online service, application or use-case for the purposes of clause 1(2)(ii) of this direction without the need to consider the individual circumstances of individual proposals falling within that class."

[CAB Min (08)38 2A refers]

See Consultation Process for Directions

refer www.e.govt.nz/services/authentication/

Revised E-government Strategy

On 16 October 2006, Cabinet:

  • Agreed that all Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office and the New Zealand Security Intelligence Service should ensure that their planning shows appropriate alignment with the E-government Strategy.
  • Agreed that, in developing their plans, these agencies should encourage contracted service providers and non-government organisations that they work with to adopt e-government as and where appropriate.

refer: http://www.e.govt.nz/about-egovt/strategy/nov-2006/ [CAB Min (06) 38/4A refers]

Government Web Standards (formerly the Government Web Guidelines)

On 15 December 2003 Cabinet:

  • directed all Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office, and the New Zealand Security Intelligence Service to implement the Web Guidelines [CAB Min (03) 41/2B refers]
  • Following a thorough review and consultation process, the Web Guidelines were published as the New Zealand Web Standards and Recommendations version 1.0 on 21 March 2007. The Standards apply from 1 January 2008.  Government agencies who are mandated to comply with the Standards must:
    • Make any existing web site compliant with version 1.0 by 1 January 2008, and
    • Comply with any subsequent versions of the New Zealand Government Web Standards and Recommendations produced after 1 January 2008
  • The Standards are based on the international World Wide Web (W3C) Web Accessibility Initiatives (WAI) and incorporate standards from the WAI that are relevant to New Zealand Government web sites.

Funding processes for E-Government Initiatives

Cabinet has agreed that:

  • For all individual or multi-agency e-government initiatives that are funded from baselines, new initiative funding, or any other funding source, agencies must be able to demonstrate that: o in addition to normal consultation requirements, consultation with SSC over alignment of any proposed e-government initiatives with the e-government strategy has occurred. [CAB Min (02) 8/2A refers]

All Public Service and Non-Public Service Departments

Cabinet has made the following mandatory for all Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office, the Parliamentary Service, the Office of the Clerk, the New Zealand Security Intelligence Service, and the Government Communications Security Bureau:

New Zealand e-Government Interoperability Framework (e-GIF)

Cabinet has directed that agencies adopt the e-GIF on the following basis:

Application of e-GIF

  • Current information systems, software applications, or electronic data/information resources do not need to immediately comply with the NZ e-GIF.
  • Any new information system, software application, or electronic data/information resource (or current instances of these being redeveloped or replaced); or systems for interfacing with the same; must comply with the e-GIF except in instances where:
    • it is certain that interoperability will never be a requirement; or
    • the current version of the e-GIF does not, and could not, include policies, standards or guidelines concerning the technologies the agency needs (not wants) to employ; or
    • an alternative approach to achieving interoperability (e.g. EDI) is justified.

Exemptions from e-GIF

  • Where an agency believes there are grounds for exemption from the e-GIF, it must:
    • conclusively demonstrate, to the satisfaction of the e-GIF Steward, where the current version of the e-GIF cannot meet requirements, or why an alternative approach to achieving interoperability is justified; and
    • where sensible, contribute to the updating of the e-GIF. - Where an exemption is approved it will only apply to a specific information system, software application, data/information resource or business process; not the entirety of an agency's information and technology environment and/or business processes.

Special provisions

  • Specialist systems employed by, or sponsored by, the security and intelligence agencies are automatically exempted where compliance with the e-GIF is inappropriate.
    (These requirements apply to the Parliamentary Service and the Office of the Clerk.)
  • Organisations in the wider State sector (such as Crown entities and state-owned enterprises) are encouraged to adopt the e-GIF, and local government organisations are invited to use it.

refer: www.e.govt.nz/standards/egif/ [CAB Min (02) 18/2C refers]. See also CO (02) 12 - New Zealand e-Government Interoperability Framework (NZ e-GIF): adoption by government agencies.

Domain Name Moderation

The .govt.nz namespace is moderated by the State Services Commissioner in partnership with ALGIM (Association of Local Government Information Managers). The moderators have the authority to approve or decline entry to the .govt.nz namespace.

refer: www.e.govt.nz/policy/moderation/index.html

Information security

Agencies are required to implement Security in the Government Sector (SIGS) promulgated by the Department of the Prime Minister and Cabinet on 1 July 2002 (see: www.security.govt.nz). This includes a set of minimum internet security standards, and references SEEMail.

Trusted Computing and Digital Rights Management

In September 2006, Cabinet confirmed the Cabinet Economic Development Committee's minute EDC Min (06) 14/1 Trusted Computing and Digital Rights Management Priciples and Policies which approved the TC/DRM Principles and Policies as New Zealand government policy.

Monitoring Regime for Major Information Technology (IT) Projects

http://www.dpmc.govt.nz/cabinet/circulars/co01/4.html

Cabinet agreed on 10 April 2001(Cabinet office circular CO (01) 4 ), that;

  • The public sector IT Monitoring Regime be consolidated and updated to incorporate the recommendations from the INCIS inquiry that reported to Ministers in November 2000. Circular CO (01) 4 sets out the IT Monitoring Regime confirmed by Cabinet [CAB Min (01) 10/2B].
  • The IT Monitoring Regime applies to all public service departments and to the New Zealand Defence Force, the New Zealand Police, the Office of the Clerk of the House of Representatives, the Parliamentary Counsel Office and the Parliamentary Service.
  • The requirements set out in the circular should be read in conjunction with the guidelines on principles, processes, standards and practices for developing and managing IT projects published from time to time by the State Services Commission and the Treasury. http://www.ssc.govt.nz/display/document.asp?DocID=2787
  • Chief executives are asked to ensure that all staff involved in information technology and information management are familiar with the requirements of this circular.
  • Chief executives are also asked to draw to the attention of Crown entities for which their Minister is responsible, both the regime and Cabinet's recent decision that responsible Ministers may consider directing that the IT monitoring regime apply to specific projects undertaken by Crown entities.
  • Cabinet also agreed that the relevant responsible Minister may also consider directing that the regime apply to specific projects undertaken by the Government Communications Security Bureau or the New Zealand Security Intelligence Service.

For the approval process for major IT business cases, Ministers agreed that, unless otherwise agreed by the department and Treasury, a two-stage approval process should be adopted for major IT business cases (details in Annex 1). This process will consist of:

  • stage 1: on the basis of indicative costs and benefits, seek approval for developing a detailed scoping and finalisation of costs and benefits associated with the project;
  • stage 2: final consideration of the business case, based on more fully developed costs and benefits.

In addition, Ministers agreed on 30 June 2000 that

  • unless central agencies and the department agree that there are compelling reasons to retain a single large project, major IT projects should be broken down into modules, with each module considered as an independent business case within the department's overall IT strategy; and
  • quantitative risk analysis should be used as the basis for appropriations, access to contingency funding, and cash draw-downs for major IT projects, unless relevant Ministers agree that the size and nature of the project do not warrant this approach.

Refer CE Circular 2000/010 http://www.ssc.govt.nz/display/document.asp?docid=2303

Crown Agents

The following whole of government direction is applicable to all Crown agents:

Whole of government direction regarding all-of-government shared authentication services

  1. The Minister of State Services and the Minister of Finance, pursuant to section 107 of the Crown Entities Act 2004, direct all Crown agents as follows:
    1. before developing a proposal to invest in or build online credential management or identity verification capability as an alternative to using all-of-government shared authentication services (known upon the giving of this direction as the Government Logon Service and the Identity Verification Service), whether the proposal is to be funded from retained depreciation funding or from new funding, to consult with the State Services Commission; and
    2. if, after such consultation:
      1. the Crown agent still intends to invest in or build alternative online credential management or identity verification capability; and
      2. the State Services Commission has not agreed, either in the individual case or by reference to a generic class consent, to the Crown agent investing in or building alternative online credential management or identity verification capability,

      the Crown agent must obtain the approval of its responsible Minister and the Minister of State Services before taking action to implement the proposal,

    unless any requirement in this clause 1 would be inconsistent with section 113 of the Crown Entities Act 2004.

  2. For the purposes of this direction:
    1. "online credential management" means the use of logons, such as (but not limited to) passwords or two-factor authentication, for ongoing confirmation of identity when accessing a secure online service, whether the service is made available to audiences external to the Crown agent or is only accessible to audiences within or serving the Crown agent itself;
    2. "identity verification" means the establishment and re-confirmation of the identity and identity attributes of a person; and
    3. "generic class consent" means a decision, made by the State Services Commission, to grant consent to a particular class of online service, application or use-case for the purposes of clause 1(2)(ii) of this direction without the need to consider the individual circumstances of individual proposals falling within that class.

[Refer New Zealand Gazette Notice No. 6913 - published 18 September 2008]

See Consultation Process for Directions

See PDF http://e.govt.nz/about-egovt/programme/agency-checklist-current/govt-direction-08.pdf


[ Previous | Next ]