A Risk Practitioners Guide to ISO 31000: 201831000Review of the 2018 version of the ISO 31000 risk management guidelines and commentary on the use of this standard by risk professionals. Related: ISO 31000:2018 Risk management – Guidelineshttps://www.theirm.org/media-centre/latest-news-and-views/standard-deviations-a-risk-practitioner-guide-to-iso-31000.aspxAccepted2022-03 Changed to Accepted as a useful guide to ISO 31000:2018GCDO Digital system leadership mandate.DIAGCDO@dia.govt.nz#ISO 31000: 2018InternationalGuidanceIRM (Institute of Risk Management)CURRENTPUBLISHUpdate2022-03-18 Accelerating the Adoption of Public Cloud ServicesIn 2016 Cabinet agreed measures to accelerate agency adoption of public cloud services to drive digital transformation.https://www.digital.govt.nz/dmsdocument/15-accelerating-the-adoption-of-public-cloud-services/htmlRecommended2020-11 added as Recommended as this remains current advice on Digital.govt.nz and is referenced by both GCSB and the NZSIS.Being reviewed by the 2020/21 Cloud ProgramGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGovernment (NZ)Government PolicyGCDO (Government Chief Digital Officer)UnknownPUBLISHAdd2020-11-11 Addressing Standards and GuidelinesDescription: Guidance and requirements for creating property addresses. References AS/NZS 4819:2011.https://www.linz.govt.nz/regulatory/property-addressing/addressing-standards-and-guidelinesRecommendedLINZ set the addressing standards for New Zealand.LINZ#AS/NZS 4819:2011 Rural and urban addressingGovernment (NZ)GuidanceLINZCURRENTPUBLISH Agency Capability ReviewsAgency Capability Reviews provide a framework for supporting an agency’s ability to meet future objectives and challenges. The Agency Capability Model has as its heart the best parts of the Performance Improvement Framework (PIF), updated to reflect changes in public sector management. These changes include the Public Service Act 2020 and future expectations of the Public Service, as well as lessons from capability programmes in other jurisdictions. Agency Capability Reviews - Te Kawa Mataaho Public Service CommissionRecommended2023-06 added as RecommendedPublic Service System - System Design - Capability Review ProgrammePSCCapabilityReview@publicservice.govt.nz Government (NZ)ToolPublic Service CommissionPublishedPUBLISHAdd 2023-06-27 AI Principles: Trustworthy AI in AotearoaTo help maintain public trust in the development and use of AI in New Zealand, the Law, Society and Ethics Working Group of the AI Forum has published a set of guiding principles for “Trustworthy AI in Aotearoa New Zealand” (the AI Principles). Those principles are designed to provide high-level guidance for anyone involved in designing, developing and using artificial intelligence in New Zealand (AI stakeholders), with the goal of ensuring New Zealanders have access to trustworthy AI.https://aiforum.org.nz/wp-content/uploads/2020/03/Trustworthy-AI-in-Aotearoa-March-2020.pdfAccepted2020-05 added as Accepted. GCDS Data functional leadership mandate.Statistics NZNational (NZ)PrinciplesAI ForumPublished2020-03PUBLISHAdd2020-05-29 AISEP Evaluated Products ListAustralian Information Security Evaluation Program (AISEP) A program under which evaluations are performed by impartial bodies against the Common Criteria. The results of these evaluations are then certified by the Australian Cyber Security Centre (ACSC), which is the Australian Certification Authority responsible for the overall operation of the program.https://www.cyber.gov.au/acsc/view-all-content/epl-products Accepted2022-03 Added as Accepted as listed in #NZISM 1.1.63. Additional GuidanceGCISO information security functional leadership mandate. GCSB#NZISM 1.1.63. Additional GuidanceGovernment (Australia)CatalogueASDPUBLISHAdd2022-03-21 Algorithm charter for Aotearoa New ZealandThe Algorithm charter for Aotearoa New Zealandcommits government agencies to use algorithms in a fair, ethical, and transparent way. These are analytical processes that interpret or evaluate information (often using large or complex data sets) that result in, or materially inform, decisions that impact significantly on individuals or groups. They may use personal information about the individuals or groups concerned, but do not need to do so exclusively. Was: Draft algorithm charterhttps://data.govt.nz/use-data/data-ethics/government-algorithm-transparency-and-accountability/algorithm-charterRecommended2020-11 changed to Recommended from Development. 2020-09 changed from Future Consideration to DevelopmentGCDS Data functional leadership mandate.Statistics NZGovernment (NZ)PrinciplesGCDS (Government Chief Data Steward)Published2020-07PUBLISHName2020-11-23 All-of-Government ICT Operations Assurance FrameworkUnderstand how to implement a fit-for-purpose assurance approach for managing your information and communications technology (ICT) risks. Effective assurance provides confidence to your Chief Executive and other key stakeholders, including Ministers, that ICT risks are effectively managed to achieve business outcomes. This framework is mandatory for public service departments, non-public service departments, district health boards and certain crown entities (ACC, EQC, NZQA, NZTA, HNZC, NZTE, TEC).https://www.digital.govt.nz/standards-and-guidance/governance/system-assurance/all-of-government-ict-operations-assurance-framework/Mandated2020-11 added as Mandated GCDO Digital functional leadership mandate. Assurance mandate for the GCDO in-scope organisations.DIAGCDO@dia.govt.nzGovernment (NZ)FrameworkGCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2020-11-19 All-of-Government Portfolio, Programme and Project Assurance FrameworkUnderstand how to implement a fit-for-purpose assurance approach for your digital investments. Effective assurance provides confidence to your Chief Executive and other key stakeholders, including Ministers, that the expected investment outcomes and benefits will be achieved. This framework is mandatory for public service departments, non-public service departments, district health boards and certain Crown entities (ACC, EQC, NZQA, NZTA, HNZC, NZTE, TEC).https://www.digital.govt.nz/standards-and-guidance/governance/system-assurance/all-of-government-portfolio-programme-and-project-assurance-framework/Mandated2020-11 added as MandatedGCDO Digital functional leadership mandate. Assurance mandate for the GCDO in-scope organisations.DIAGCDO@dia.govt.nzGovernment (NZ)FrameworkGCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2020-11-19 All-of-Government Self-Assessment ToolAgencies can complete their annual self-assessments and other All-of-Government (AoG) reporting requirements online using the Self-Assessment Tool. The Self-Assessment Tool: - gives agencies easy access to all of their assessments in one secure location - pre-populates assessments with last year's data, making it quicker and easier to complete and improving consistency - improves version control through automated workflow and approval processes - gives access to benchmark and trend reporting, providing insights into business performance. Products available through the Self-Assessment Tool - All-of-Government Enterprise Risk Maturity Assessment Framework - GCPO Annual Agency Privacy Self-Assessment Report - Agency ICT Maturity Assessment Framework - Regulatory Stewardship System Assessments https://www.digital.govt.nz/products-and-services/all-of-government-self-assessment-tool/Withdrawn2023-06 changed to withdrawn 2021-10 added as Recommended.Wide adoption across government. Used for: - All-of-Government Enterprise Risk Maturity Assessment Framework - GCPO Annual Agency Privacy Self-Assessment Report - Regulatory Stewardship System Assessments The tool has been assessed as not being fit for purpose and is being withdrawn. DIAself-assess.team@dia.govt.nzGovernment (NZ)ToolGCDO (Government Chief Digital Officer)Current2021-08PUBLISHUpdate2023-06-20 ANSI/TIA-942 Telecommunications Infrastructure Standard for Data CentersANSI/TIA-942 is a popular standard for data centers to ensure uptime and standardize physical infrastructure. Two organizations are responsible for the creation, maintenance and monitoring of this standard and the guidelines that industries use worldwide: American National Standards Institute and the Telecommunications Industry Association. The ANSI/TIA-942 standard covers the telecommunications infrastructure and other physical aspects of the mission-critical data center, such as the site location, architecture, electrical and mechanical systems, fire safety and security. Source: TechTargethttp://www.ieee802.org/3/hssg/public/nov06/diminico_01_1106.pdfAccepted2020-11 added as Accepted. Referenced in the NZSIS PSR under 'Outsourced ICT facilities'. NZSISInternationalStandard - TechnicalTelecommunications Industry AssociationPUBLISHAdd 2020-11-11 AoG Enterprise Risk Maturity Assessment Framework (gERMAF)The All-of-Government (AoG) Enterprise Risk Maturity Assessment Framework (gERMAF) enables agencies to assess their current level of risk maturity and identify ways they can improve.https://www.digital.govt.nz/standards-and-guidance/governance/system-assurance/enterprise-risk-maturity/Recommended2020-05 added as Recommended. GCDO Digital functional leadership mandate. Assurance mandate for the GCDO in-scope organisations.DIAGCDO@dia.govt.nzGovernment (NZ)FrameworkGCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2020-05-29 API ExplorerThe Ministry of Business, Innovation, and Employment (MBIE) API home page. Here you’ll find a diverse range of APIs for connecting directly to various government services and information sources. https://api.business.govt.nz/api/Recommended2021-08 added as Recommended.MBIE#API Guidelines Part A - API Concepts and Management 2021Government (NZ)CatalogueMBIEPUBLISHAdd2021-08-06 API Guidelines Part A - API Concepts and Management 2022There is a wide range in the level of knowledge and skill regarding API design and delivery across government agencies. Hence this document tries to offer a balance of guidance for those new to APIs along with quick lookup standards, which should assist agencies in achieving consistency and commonality in their API deliverables. Part A (this document) looks at the business context for APIs within government and articulates the principles and considerations that could impact an agency when creating APIs. It looks at APIs in the context of their impact on the organisation as well as across government and public services through to commercial innovation. Version 1.0 published in 2016 was called API Standards and Guidelines - Part A – Business.https://www.digital.govt.nz/dmsdocument/230~api-guidelines-part-a-api-concepts-and-management-2022/html Recommended2021-08 Changed to Recommended as approved late June. 2021-03 Added as Development. GCDO Digital functional leadership mandate.DIAAPI guidelines | NZ Digital government#API Guidelines Part B - API Security 2021, #API Guidelines Part C - API Development 2021, #Digital Service Design Standard - NZ Government, #Federated Service Design (FSD) Integration Patterns, #Privacy Impact Assessment Toolkit, #API Explorer#API Guidelines Part B - API Security 2021, #API Guidelines Part C - API Development 2021API Standard and Guidelines API Standard and Guidelines Part A - BusinessGovernment (NZ)GuidanceGCDO (Government Chief Digital Officer)Approved2021-06PUBLISHUpdate2022-06-28 API Guidelines Part B - API Security 2022There is a wide range in the level of knowledge and skill regarding API design and delivery across government agencies. Hence this document tries to offer a balance of guidance for those new to APIs along with quick lookup standards, which should assist agencies in achieving consistency and commonality in their API deliverables. Part B contains the API Security reference architecture and technical details for implementing API Security. Version 1.0 published in 2016 was called API Standards and Guidelines - Part A – Technical but has been split into a Part B - Security and Part C – Development for this version 2.0.https://www.digital.govt.nz/dmsdocument/231~api-guidelines-part-b-api-security-2022/htmlRecommended2021-08 Changed to Recommended as approved late June. 2021-03 Added as Development. Under review led by DIA with MiddlewareGCDO Digital functional leadership mandate.DIAAPI guidelines | NZ Digital government#API Guidelines Part A - API Concepts and Management 2021, #API Guidelines Part C - API Development 2021, #RFC 6749 OAuth 2.0 Authorization Framework, #RFC 6750 OAuth 2.0 Authorization Framework: Bearer Token Usage, #RFC 6819 OAuth 2.0 Threat Model and Security Considerations, #RFC 7009 Token Revocation, #RFC 7519 JSON Web Token (JWT), #RFC 7521 Assertion Framework for OAuth 2.0 Client Authentication and Authorisation Grants, #RFC 7522 Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants, #RFC 7523 JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants, #RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol, #RFC 7592 OAuth 2.0 Dynamic Client Registration Management Protocol, #RFC 6755 An IETF URN Sub-Namespace for OAuth, #RFC 7636 Proof Key for Code Exchange by OAuth Public Clients, #RFC 7662 OAuth 2.0 Token Introspection, #RFC 7800 Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs), #RFC 8176 Authentication Method Reference Values, #RFC 8252 OAuth 2.0 for Native Apps, #RFC 8414 OAuth 2.0 Authorization Server Discovery Metadata, #RFC 8628 OAuth 2.0 Device Authorization Grant, #RFC 8693 OAuth 2.0 Token Exchange, #RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Token, #RFC 8707 Resource Indicators for OAuth 2.0, #RFC 8725 JSON Web Token Best Current Practices#API Guidelines Part A - API Concepts and Management 2021, #API Guidelines Part C - API Development 2021API Standard and Guidelines API Standard and Guidelines Part B - TechnicalGovernment (NZ)GuidanceGCDO (Government Chief Digital Officer)Approved2021-06PUBLISHUpdate2022-06-28 API Guidelines Part C - API Development 2022There is a wide range in the level of knowledge and skill regarding API design and delivery across government agencies. Hence this document tries to offer a balance of guidance for those new to APIs along with quick lookup standards, which should assist agencies in achieving consistency and commonality in their API deliverables. Part C – API Development 2022 Part C contains the technical details for API Development, including general API implementation standards for API developers & consuming application developers. Version 1.0 published in 2016 was called API Standards and Guidelines - Part A – Technical but has been split into a Part B - Security and Part C – Development for this version 2.0.https://www.digital.govt.nz/dmsdocument/232~api-guidelines-part-c-api-development-2022/htmlRecommended2021-08 Changed to Recommended as approved late June. 2021-03 Added as Development. Under review led by DIA with MiddlewareGCDO Digital functional leadership mandate.DIAAPI guidelines | NZ Digital government#API Guidelines Part A - API Concepts and Management 2021, #API Guidelines Part B - API Security 2021, #OpenAPI Specification, #AsyncAPI Specification, #HTTP v1.1 (HyperText Transfer Protocol Version 1.1), #OAuth 2.0 Core, #OpenID Connect 1.0, #JSON (JavaScript Object Notation), #RFC 7159 JSON Web Key (JWK), #RFC 7515 JSON Web Signature (JWS), #RFC 7516 JSON Web Encryption (JWE), #RFC 7518 JSON Web Algorithms (JWA), #RFC 7519 JSON Web Token (JWT), #FHIR (Fast Healthcare Interoperability Resources), #PEPPOL (Pan European Public Procurement Online) #API Guidelines Part A - API Concepts and Management 2021, #API Guidelines Part B - API Security 2021API Standard and Guidelines API Standard and Guidelines Part B - TechnicalGovernment (NZ)GuidanceGCDO (Government Chief Digital Officer)Approved2021-06PUBLISHUpdate2022-06-28 ArchiMate Enterprise Architecture Modelling LanguageThe ArchiMate® Specification, a standard of The Open Group, is an open and independent modelling language for Enterprise Architecture that is supported by different tool vendors and consulting firms. The ArchiMate Specification provides instruments to enable Enterprise Architects to describe, analyse, and visualize the relationships among business domains in an unambiguous way. Just as an architectural drawing in classical building architecture describes the various aspects of the construction and use of a building, the ArchiMate Specification defines a common language for describing the construction and operation of business processes, organizational structures, information flows, IT systems, and technical infrastructure. This insight helps stakeholders to design, assess, and communicate the consequences of decisions and changes within and between these business domains.https://www.opengroup.org/archimate-forum/archimate-overviewAcceptedArchiMate from version 3.0 onwards is Accepted as it includes elements considered essential for Enterprise Architecture Modelling.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandardThe Open GroupPublishedPUBLISH Architecture modelling principlesModelling is an important tool for architects. There is a range of modelling approaches designed to support various stakeholders and business needs. This guidance starts with a set of principles endorsed by the Government Enterprise Architecture Group (GEAG).https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/government-enterprise-architecture/architecture-resources/architecture-modelling-guidance/Recommended2020-05 added as Recommended. GEAG approvedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGovernment (NZ)PrinciplesGCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2020-05-27 Artificial Intelligence Risk Management Framework (AI RMF 1.0)AI RMF 1.0Artificial intelligence (AI) technologies have significant potential to transform society and people’s lives – from commerce and health to transportation and cybersecurity to the environment and our planet. AI technologies can drive inclusive economic growth and support scientific advancements that improve the conditions of our world. AI technologies, however, also pose risks that can negatively impact individuals, groups, organizations, communities, society, the environment, and the planet. Like risks for other types of technology, AI risks can emerge in a variety of ways and can be characterized as long- or short-term, high or low-probability, systemic or localized, and high- or low-impact. Artificial Intelligence Risk Management Framework (AI RMF 1.0) (nist.gov)Future Consideration2023-06 Added as Future ConsiderationDIAGCDO@dia.govt.nzGovernment (US)FrameworkNIST (National Institute of Standards and Technology)PublishedPUBLISHAdd 2023-06-20 AS/NZS 4819:2011 Rural and urban addressingAS/NZS 4819:2011Description: The Standard (AS/NZS 4819:2011) is made for use by territorial authorities and can be bought from Standards New Zealand. It covers: - assigning addresses - naming roads and localities - recording and mapping information - signage. The Standard is to keep addresses as simple as possible so that they can be easily understood by members of the public who are trying to find a property. https://www.standards.govt.nz/shop/asnzs-48192011/RecommendedLINZ#Useful information for people working with Addresses, #Addressing Standards and Guidelines #Street address mandated data standardAS/NZS 4819:2003 Geographic information - Rural and urban addressingRegional (Australia and NZ)StandardStandards Australia and Standards NZCURRENT2011-11-18PUBLISH AS/NZS 5050:2010 Business continuity: managing disruption-related riskAS/NZS 5050:2010 31000Description: Describes the application of the principles, framework and process for risk management, as set out in AS/NZS ISO 31000:2009, to disruption-related risk. Managing such risk effectively will help maintain continuity of an organization’s business. https://www.standards.govt.nz/shop/asnzs-50502010/Recommended2021-04 changed from Accepted to Recommended as confirmed by Mike Chapman from ArchivesDIA-Archives NZDIA-Archives NZAS/NZS 5050(Int):2020 Managing disruption-related riskAS/NZS ISO 31000:2009Regional (Australia and NZ)StandardStandards Australia and Standards NZCURRENT2010-06-28PUBLISHUpdate2021-04-06 AS/NZS 5478:2015 Recordkeeping metadata property reference set (RMPRS)AS/NZS 5478:2015Provides a reference set of recordkeeping metadata to support systems interoperability and records sustainability. Based on the Technical Specifications for the Electronic Recordkeeping Metadata Standard (2008) https://www.standards.govt.nz/shop/asnzs-54782015/RecommendedThis standard is referenced in the 16/G8 Impelementation Guide to the 16/S1 Record Management Standard. DIA-Archives NZ#16/G8 Impelemtnation GuideRegional (Australia and NZ)StandardStandards Australia and Standards NZCURRENT2015-06-30PUBLISH AS/NZS ISO 13028:2012 Information and documentation - Implementation guidelines for digitization of recordsAS/NZS ISO 13028:201213028Provides implementation guidelines for processes and policies for converting hard copy or non-digital records into digital format. Identical to and reproduced from ISO 13028:2010. https://www.standards.govt.nz/shop/asnzs-iso-130282012/ RecommendedThis standard is referenced in the 16/G8 Impelemtnation Guide to the 16/S1 Record Management Standard. DIA-Archives NZ#16/G8 Impelemtnation GuideISO/TR 13028:2010 Information and documentation - Implementation guidelines for digitization of recordsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2012-04-24PUBLISHUpdate2019-10-21 AS/NZS ISO 16175.1:2021 Information and documentation - Processes and functional requirements for software for managing records, Part 1: Functional requirements and associated guidance for any applications that manage digital recordsAS/NZS ISO 16175.1:202116175Standard identically adopts ISO 16175-1:2020 which provides model, high-level functional requirements and associated guidance for software applications that are intended to manage digital records (including digital copies of analogue source records), either as the main purpose of the application or as a part of an application that is primarily intended to enable other business functions and processes. KEYWORDS: Software applications; Digital record management; Processeshttps://www.standards.govt.nz/shop/asnzs-iso-16175-12021/Accepted2021-05 Added as Accepted as an AS/NZS Standard. The Chief Archivist has to power to mandate standards for records management under the Public Records Act 2005.DIA-Archives NZISO 16175-1:2020Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2021-03-19PUBLISHAdd2021-05-31 AS/NZS ISO 19011:2019 Guidelines for auditing management systemsAS/NZS ISO 19011:201919011Provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process. These activities include the individual(s) managing the audit programme, auditors and audit teams. Identical to and reproduced from ISO 19011:2018.https://www.standards.govt.nz/shop/asnzs-iso-190112019/Accepted2019-10 added as Accepted as it replaces AS/NZS ISO 19011:2014 Guidelines for auditing management systemsOffice of the Auditor GeneralAS/NZS ISO 19011:2014 Guidelines for auditing management systemsISO 19011:2018 Guidelines for auditing management systemsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-02-22PUBLISHAdd2019-10-31 AS/NZS ISO 19101.1:2015 Geographic information - Reference model - Part 1: FundamentalsAS/NZS ISO 19101.1:201519101Specifies and provides geographic information system developers with the schema required for describing geographic information and services. Identical to and reproduced from ISO 19101-1:2014.https://www.standards.govt.nz/shop/asnzs-iso-19101-12015/AcceptedStatus Accepted geographic standard as per information from LINZ in 2018.Current regional standard (Australia and NZ)Standards Australia and Standards NZAS/NZS ISO 19101:2003 Geographic information - Reference modelISO 19101-1:2014 Geographic information — Reference model — Part 1: FundamentalsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2015-02-13PUBLISH AS/NZS ISO 19101.2:2019 Geographic information - Reference model Part 2: ImageryAS/NZS ISO 19101.2:201919101This standard defines a reference model for standardisation in the field of geographic imagery processing. This reference model identifies the scope of the standardization activity being undertaken and the context in which it takes place. The reference model includes gridded data with an emphasis on imagery. Although structured in the context of information technology and information technology standards, this document is independent of any application development method or technology implementation approach.https://www.standards.govt.nz/shop/asnzs-iso-19101-22019/AcceptedAdded as Accepted as a Regional (Australian and NZ) standard. Replaced AS/NZS ISO 19101.2:2011 Geographic information - Reference model - Part 2: ImageryCurrent regional standard (Australia and NZ)Standards Australia and Standards NZAS/NZS ISO 19101.2:2011 Geographic information - Reference model - Part 2: ImageryISO 19101-2:2018 Geographic information — Reference model — Part 2: ImageryRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-05-29PUBLISH AS/NZS ISO 19103:2006 Geographic information - Conceptual schema languageAS/NZS ISO 19103:200619103Provides system designers and analysts with a profile of the Unified Modelling Language (UML) for use with geographic information, and provides guidelines on how UML should be used to create standardized geographic information and service models. Reproduced from and identical to ISO/TS 19103:2005.http://www.standards.nz/shop/asnzs-iso-191032006/Informational2022-03 Set to Informational as the source standard has been replaced by AS ISO 19103:2018. This standard has been superseded by AS ISO 19103:2018 (which is delinked). However this standard is CURRENT on Standard New Zealand site. Needs review. Use ISO 19103:2015 instead of AS/NZS ISO 19103:200.Current regional standard (Australia and NZ)Standards Australia and Standards NZAS ISO 19103:2018 Geographic information - Conceptual schema languageISO/TS 19103:2005 Geographic information — Conceptual schema languageRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT (Source replaced)2006-02-19PUBLISHUpdate2022-03-17 AS/NZS ISO 19106:2005 Geographic information - ProfilesAS/NZS ISO 19106:200519106Specifies and provides geographic information system developers with the concept of a profile of the ISO geographic information standards developed by ISO/TC 211. It provides the user with guidance for the creation of such profiles. Identical to and reproduced from ISO 19106:2004.https://www.standards.govt.nz/shop/asnzs-iso-191062005/Accepted2022-03 Source standard is current. Status Accepted as Regional (Australian and NZ) adoption of an ISO standardCurrent regional standard (Australia and NZ)Standards Australia and Standards NZ#AS/NZS ISO 19115.1:2015 Geographic information - Metadata - Part 1: FundamentalsISO 19106:2004 Geographic information — ProfilesRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2006-04-272016PUBLISHUpdate2022-03-17 AS/NZS ISO 19107:2020 Geographic information - Spatial schemaAS/NZS ISO 19107:202019107Objective of this Standard is to specify conceptual schemas for describing the spatial characteristics of geographic entities, and a set of spatial operations consistent with these schemas. It treats "vector" geometry and topology. It defines standard spatial operations for use in access, query, management, processing and data exchange of geographic information for spatial (geometric and topological) objects. Because of the nature of geographic information, these geometric coordinate spaces will normally have up to three spatial dimensions, one temporal dimension and any number of other spatially dependent parameters as needed by the applications. In general, the topological dimension of the spatial projections of the geometric objects will be at most three. This Standard is identical with, and has been reproduced from, ISO 19107:2019, Geographic information - Spatial schema.https://www.standards.govt.nz/shop/asnzs-iso-191072020/Accepted2020-05 added as Accepted as it replaces Regional (Australian and NZ) standard AS/NZS ISO 19107:2005 Geographic information - Spatial schema Current regional standard (Australia and NZ)Standards Australia and Standards NZ#AS/NZS ISO 19115.1:2015 Geographic information - Metadata - Part 1: Fundamentals#Asset Management Data Standard (AMDS) Location StandardAS/NZS ISO 19107:2005 Geographic information - Spatial schemaISO 19107:2019, Geographic information - Spatial schemaRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2020-04-17PUBLISHAdd2020-05-14 AS/NZS ISO 19109:2006 Geographic information - Rules for application schemaAS/NZS ISO 19109:200619109Provides geographic information designers and analysts with defined rules for creating and documenting application schemas, including principles for the definition of geographic feature. Reproduced from and identical to ISO 19109:2005.http://www.standards.nz/shop/asnzs-iso-191092006/Informational2022-03 Set to Informational as the source standard has been replaced by ISO 19109:2015. This standard has been superseded by AS ISO 19109:2018 (which is delinked). However this standard is CURRENT on Standard New Zealand site. Needs review. Use ISO 19109:2015 instead. AS/NZS ISO 19109:2006 has been superseded by AS ISO 19109:2018 (which is delinked). However AS/NZS ISO 19109:2006 is CURRENT on Standard New Zealand site. Needs review. Current regional standard (Australia and NZ)Standards Australia and Standards NZAS ISO 19109:2018 Geographic information - Rules for application schemaISO 19109:2005 Geographic information - Rules for application schemaRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT (Source replaced)2006-02-19PUBLISHUpdate2022-03-17 AS/NZS ISO 19110:2006 Geographic information - Methodology for feature cataloguingAS/NZS ISO 19110:200619110Provides designers and analysts with a specification of how the classification of feature types is organized into a feature catalogue and presented to the users of a set of geographic data. Reproduced from and identical to ISO 19110:2005.https://www.standards.govt.nz/shop/asnzs-iso-191102006/Informational2022-03 Set to Informational as the source standard has been replaced by ISO 19110:2016. This standard has been superseded by AS ISO 19110:2018 (which is delinked) however this standard is CURRENT on Standard New Zealand site. Needs review. Use ISO 19110:2016 instead. AS/NZS ISO 19110:2006 has been superseded by AS ISO 19110:2018 (which is delinked). However AS/NZS ISO 19110:2006 is CURRENT on Standard New Zealand site. Needs review. Current regional standard (Australia and NZ)Standards Australia and Standards NZAS ISO 19110:2018 Geographic information - Methodology for feature cataloguingISO 19110:2005 Geographic information - Methodology for feature cataloguingRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT (Source replaced)2006-02-192016PUBLISHUpdate2022-03-17 AS/NZS ISO 19111:2019 Geographic information - Referencing by coordinatesAS/NZS ISO 19111:201919111The objective of this standard is to define the conceptual schema for the description of referencing by coordinates. It describes the minimum data required to define coordinate reference systems. This standard is identical with, and will be reproduced from, ISO 19111:2019 Geographic information — Referencing by coordinates. Note: The standard is also an OGC standard and publicly available on Alternative_link https://portal.opengeospatial.org/files/?artifact_id=41579https://www.standards.govt.nz/shop/asnzs-iso-191112019/https://docs.opengeospatial.org/as/18-005r4/18-005r4.htmlAccepted2020-08 changed to Accepted from Future Consideration as a Regional (Australian and NZ) standard.Current regional standard (Australia and NZ)Standards Australia and Standards NZ#Asset Management Data Standard (AMDS) Location StandardAS/NZS ISO 19111:2008 Geographic information - Spatial referencing by coordinatesISO 19111:2019 Geographic information — Referencing by coordinatesRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-05-22PUBLISHUpdate2020-08-20 AS/NZS ISO 19112:2019 Geographic information - Spatial referencing by geographic identifiersAS/NZS ISO 19112:2019 19112Defines the conceptual schema for spatial references based on geographic identifiers. It establishes a general model for spatial referencing using geographic identifiers and defines the components of a spatial reference system It also specifies a conceptual scheme for a gazetteer. Spatial referencing by coordinates is addressed in AS/NZS ISO 19111. However, a mechanism for recording complementary coordinate references is included in this document. Enables producers of data to define spatial reference systems using geographic identifiers and assists users in understanding the spatial references used in data sets. It enables gazetteers to be constructed in a consistent manner and supports the development of other standards in the field of geographic information. Applicable to digital geographic data, and its principles may be extended to other forms of geographic data such as maps, charts and textual documents. Identical to ISO 19112:2019https://www.standards.govt.nz/shop/asnzs-iso-191122019/Accepted2019-11 added as Accepted.Current regional standard (Australia and NZ)Standards Australia and Standards NZ#AS/NZS ISO 19115.1:2015 Geographic information - Metadata - Part 1: FundamentalsAS/NZS ISO 19112:2005 Geographic information - Spatial referencing by geographic identifiersISO 19112:2019 Geographic information — Spatial referencing by geographic identifiersRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-08-01PUBLISHAdd2019-11-05 AS/NZS ISO 19115.1:2015 A1 Geographic information - Metadata - Part 1: Fundamentals - Amendment 1:2018AS/NZS ISO 19115.1:2015 A1 19115This amendment applies to the Front cover, Preface and ISO 19115-1:2015/Amd.1:2018.https://www.standards.govt.nz/shop/asnzs-iso-19115-12015-a1/Recommended2021-07 added as Recommended. This is an amendment to AS/NZS ISO 19115.1:2015Current regional standard (Australia and NZ)Standards Australia and Standards NZ#AS/NZS ISO 19115.1:2015 Geographic information - Metadata - Part 1: FundamentalsISO 19115-1:2014/AMD 1:2018 Geographic information — Metadata — Part 1: Fundamentals — Amendment 1Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2018-07-24PUBLISHAdd2021-07-29 AS/NZS ISO 19115.1:2015 A2 Geographic information - Metadata, Part 1: FundamentalsAS/NZS ISO 19115.1:2015 A219115This amendment applies to the following elements: Front cover, Preface, Amendment 2https://www.standards.govt.nz/shop/asnzs-iso-19115-12015-a2/Recommended2021-07 added as Recommended. This is an amendment to AS/NZS ISO 19115.1:2015Current regional standard (Australia and NZ)Standards Australia and Standards NZ#AS/NZS ISO 19115.1:2015 Geographic information - Metadata - Part 1: FundamentalsISO 19115-1:2014/AMD 2:2020 Geographic information — Metadata — Part 1: Fundamentals — Amendment 2Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2021-07-21PUBLISHAdd2021-07-29 AS/NZS ISO 19115.1:2015 Geographic information - Metadata - Part 1: FundamentalsAS/NZS ISO 19115.1:201519115Defines the schema required for describing geographic information and services by means of metadata. It provides information about the identification, the extent, the quality, the spatial and temporal aspects, the content, the spatial reference, the portrayal, distribution, and other properties of digital geographic data and services. Identical to and reproduced from ISO 19115-1:2014.https://www.standards.govt.nz/shop/asnzs-iso-19115-12015/https://www.anzlic.gov.au/resources/asnzs-iso-1911512015-metadataRecommended2021-07-29 changed to Recommended as it is fundamental to geospatial metadata. Current regional standard (Australia and NZ)Standards Australia and Standards NZ#AS/NZS ISO 19115.1:2015 A1 Geographic information - Metadata - Part 1: Fundamentals - Amendment 1:2018, #AS/NZS ISO 19115.1:2015 A2 Geographic information - Metadata, Part 1: Fundamentals ISO 19115-1:2014 Geographic information -- Metadata -- Part 1: FundamentalsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2015-02-13PUBLISHUpdate2021-07-29 AS/NZS ISO 19115.2:2019 Geographic information - Metadata, Part 2: Extensions for acquisition and processingAS/NZS ISO 19115.2:201919115Defines the schema required for describing geographic information and services by means of metadata. It provides information about the identification, extent, quality, spatial and temporal aspects, content, spatial reference, portrayal, distribution, and other properties of digital geographic data and services. This part of AS/NZS ISO 19115 is applicable to the cataloguing of all types of resources, clearinghouse activities, and the full description of data sets and services, and geographic services, geographic data sets, data set series, and individual geographic features and feature properties. It defines mandatory and conditional metadata sections, metadata entities, and metadata elements; the minimum set of metadata required to serve most metadata applications (data discovery, determining data fitness for use, data access, data transfer, and use of digital data and services); optional metadata elements to allow for a more extensive standard description of resources, if required; and a method for extending metadata to fit specialized needs. Though it is applicable to digital data and services, its principles can be extended to many other types of resources, such as maps, charts, and textual documents as well as nongeographic data. Certain conditional metadata elements might not apply to these other forms of data. Identical to and reproduced from ISO 19115-2:2019.https://www.standards.govt.nz/shop/asnzs-iso-19115-22019/Accepted2021-11 changed to Accepted as we are unable to confirm with LINZ any mandate or support. 2021-07 added as RecommendedCurrent regional standard (Australia and NZ)Standards Australia and Standards NZAS/NZS ISO 19115.2:2011 Geographic information - Metadata - Part 2: Extensions for imagery and gridded dataISO 19115-2:2019 Geographic information — Metadata — Part 2: Extensions for acquisition and processingRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-05-01PUBLISHAdd2021-07-29 AS/NZS ISO 19116:2020 Geographic information - Positioning servicesAS/NZS ISO 19116:202019116Standard identically adopts ISO 19116:2019, specifying data structure and content of an interface that permits communication between position-providing device(s) and position-using device(s) enabling the position-using device(s) to obtain and unambiguously interpret position information and determine, based on a measure of the degree of reliability, whether the resulting position information meets the requirements of the intended use.https://www.standards.govt.nz/shop/asnzs-iso-191162020/Accepted2020-11 added as Accepted as this is a regional adoption of ISO 19116:2019. Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19116:2019 Geographic information — Positioning servicesRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2020-09-18PUBLISHAdd2020-11-13 AS/NZS ISO 19117:2013 Geographic information - PortrayalAS/NZS ISO 19117:2013 19117Specifies a conceptual schema for portrayal data, in particular symbols and portrayal functions. Identical to and reproduced from ISO 19117:2012.https://www.standards.govt.nz/shop/asnzs-iso-191172013/Accepted2022-03 Source standard still current. 2020-09 Changed to Accepted from Informational.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19117:2012 Geographic information — PortrayalRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2013-04-03PUBLISHUpdate2022-03-17 AS/NZS ISO 19118:2012 Geographic information - EncodingAS/NZS ISO 19118:2012 19118Provides information system designers and analysts with the requirements for defining encoding rules to be used for interchange of geographic data within the ISO 19100 series of International Standards, including requirements for creating encoding rules based on UML schemas, requirements for creating encoding services, and an informative XML-based encoding rule for neutral interchange of geographic data. Identical to and reproduced from ISO 19118:2011. Source ISO/TR 19121:2000 reviewed and confirmed in 2017.https://www.standards.govt.nz/shop/asnzs-iso-191182012/Accepted2020-09 Changed to Accepted from Informational.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19118:2011 Geographic information — EncodingRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2012-10-05PUBLISHUpdate2020-09-16 AS/NZS ISO 19119:2006 Geographic information - ServicesAS/NZS ISO 19119:200619119Provides system designers and analysts with identification and definition of the architecture patterns for service interfaces used for geographic information and definition of the relationships to the Open Systems Environment model. Reproduced from and identical to ISO 19119:2005.https://www.standards.govt.nz/shop/asnzs-iso-191192006/Informational2022-03 Set to Informational as the source standard has been replaced by ISO 19119:2016. This standard has been superseded by AS ISO 19119:2018 (which is delinked). However this standard is CURRENT on Standard New Zealand site. Needs review. Current regional standard (Australia and NZ)Standards Australia and Standards NZAS ISO 19119:2018 Geographic information - ServicesISO 19119:2005 Geographic information — ServicesRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT (Source replaced)2006-02-19PUBLISHUpdate2022-03-17 AS/NZS ISO 19121:2006 Geographic information - Imagery and gridded dataAS/NZS ISO 19121:200619121To provide systems designers and analysts with aspects of imagery and gridded data that have been standardized or are being standardized in other ISO committees and external standards organizations, and that influence or support the establishment of raster and gridded data standards for geographic information, and to describe the components of identified ISO and external imagery and gridded data standards that can be harmonized with the ISO 19100 series of geographic information/geomatics standards. Source ISO/TR 19121:2000 reviewed and confirmed in 2019.https://www.standards.govt.nz/shop/asnzs-iso-191212006/Accepted2020-09 Changed to Accepted from Informational as this is a regional (Australia and NZ) standard.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO/TR 19121:2000 Geographic information - Imagery and gridded dataRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2006-02-192016PUBLISHUpdate2020-08-20 AS/NZS ISO 19123.2:2019 Geographic information - Schema for coverage geometry and functions - Part 2: Coverage implementation schemaAS/NZS ISO 19123.2:201919123This standard specifies a concrete, implementable, conformance-testable coverage structure based on the abstract schema for coverages defined in the AS/NZS ISO 19123 schema for coverage geometry. This Standard defines a structure that is suitable for encoding in many encoding formats. This standard is identical with, and has been reproduced from, ISO 19123-2:2018 Geographic information - Schema for coverage geometry and functions - Part 2: Coverage implementation schema.https://www.standards.govt.nz/shop/asnzs-iso-19123-22019/Accepted2020-08 Changed to Accepted from Informational as this is a regional (Australia and NZ) standard.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19123-2:2018 Geographic information — Schema for coverage geometry and functions — Part 2: Coverage implementation schemaRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-05-02PUBLISHUpdate2020-08-22 AS/NZS ISO 19123:2006 Geographic information - Schema for coverage geometry and functionsAS/NZS ISO 19123:200619123Provides systems users and designers with definitions of conceptual schema for the spatial characteristics of coverages. Identical to and reproduced from ISO 19123:2005https://www.standards.govt.nz/shop/asnzs-iso-191232006/Accepted2020-09 Changed from Informational to Accepted. 2019-10 Added as Informational.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19123:2005 Geographic information -- Schema for coverage geometry and functionsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2006-10-232016PUBLISHUpdate2020-09-11 AS/NZS ISO 19125.1:2004 Geographic information - Simple feature access - Common architectureAS/NZS ISO 19125.1:200419125Provides a common architecture and define terms to use within the architecture. Source ISO 19125-1:2004 reviewed and confirmed in 2018.https://www.standards.govt.nz/shop/asnzs-iso-19125-12004/Accepted2020-09 Changed to Accepted from Informational.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19125-1:2004 Geographic information -- Simple feature access -- Part 1: Common architectureRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2004-11-162016PUBLISHUpdate2020-09-16 AS/NZS ISO 19126:2021 Geographic information - Feature concept dictionaries and registersAS/NZS ISO 19126:202119126Standard identically adopts ISO 19126:2021 and specifies a schema for feature concept dictionaries to be established and managed as registers. It does not specify schemas for feature catalogues or for the management of feature catalogues as registers. However, as feature catalogues are often derived from feature concept dictionaries, this document does specify a schema for s hierarchical register of feature concept dictionaries and feature catalogues. These registers are in accordance with AS/NZS ISO 19135.1. AS/NZS ISO 19126:2021 :: Standards New ZealandAccepted2022-03 Added as Accepted as it is a Regional (Australian and NZ) standard Current regional standard (Australia and NZ)Standards Australia and Standards NZAS/NZS ISO 19126:2011 Geographic information - Feature concept dictionaries and registersISO 19126:2021 Geographic information — Feature concept dictionaries and registersRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2021-09-17PUBLISHAdd2022-03-08 AS/NZS ISO 19127:2019 Geographic information - Geodetic registerAS/NZS ISO 19127:2019 19127This standard defines the management and operations of the ISO geodetic register and to identify the data elements, in accordance with AS/NZS ISO 19111 and the core schema within AS ISO 19135.1, required within the geodetic register. Identical with and reproduced from ISO 19127:2019https://www.standards.govt.nz/shop/asnzs-iso-191272019/Accepted2020-09 Changed from Informational to Accepted as it is a Regional (Australian and NZ) standard Current regional standard (Australia and NZ)Standards Australia and Standards NZAS/NZS ISO 19127:2006 Geographic information - Geodetic codes and parametersISO 19127:2019 Geographic information — Geodetic register Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-10-09PUBLISHUpdate2020-09-11 AS/NZS ISO 19128:2006 Geographic information - Web map server interfaceAS/NZS ISO 19128:200619128Provides systems users and designers with the specifics of the behaviour of a service that produces spatially referenced maps dynamically from geographic information. It specifies operations to retrieve a description of the maps offered by a server, to retrieve a map, and to query a server about features displayed on a map. Identical to and reproduced from ISO 19128:2005. Source ISO 19128:2005 reviewed and confirmed in 2021.https://www.standards.govt.nz/shop/asnzs-iso-191282006/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19128:2005 Geographic information -- Web map server interfaceRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2006-10-292016PUBLISHUpdate2020-09-16 AS/NZS ISO 19129:2011 Geographic information - Imagery, gridded and coverage data frameworkAS/NZS ISO 19129:201119129Defines the framework for imagery, gridded and coverage data. This framework defines a content model for the content type imagery and for other specific content types that can be represented as coverage data. These content models are represented as a set of generic UML patterns for application schemas. Source ISO/TS 19129:2009 reviewed and confirmed in 2019.https://www.standards.govt.nz/shop/asnzs-iso-191292011/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO/TS 19129:2009 Geographic information — Imagery, gridded and coverage data frameworkRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2011-11-30PUBLISHUpdate2020-09-16 AS/NZS ISO 19131:2008 Geographic information - Data product specificationsAS/NZS ISO 19131:200819131Describes requirements for the specification of geographic data products based upon the concepts of other ISO 19100 Standards. Identical to ISO 19131:2007. Source ISO 19131:2007 reviewed and confirmed in 2022.https://www.standards.govt.nz/shop/asnzs-iso-191312008/Accepted2020-09 Changed to Accepted from Informational as it is a Regional (Australian and NZ) standard Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19131:2007 Geographic information -- Data product specificationsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT 2008-09-162018PUBLISHUpdate2020-09-16 AS/NZS ISO 19132:2011 Geographic information - Location-based services - Reference modelAS/NZS ISO 19132:2011 19132Defines a reference model and a conceptual framework for location-based services (LBS), and describes the basic principles by which LBS applications may interoperate. Identical with and reproduced from ISO 19132:2007 Source ISO 19132:2007 reviewed and confirmed in 2021.https://www.standards.govt.nz/shop/asnzs-iso-191322011/Accepted2020-09 Changed to Accepted from Informational as it is a Regional (Australian and NZ) standard Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19132:2007 Geographic information -- Location-based services -- Reference modelRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2011-11-302016PUBLISHUpdate2020-09-16 AS/NZS ISO 19133:2006 Geographic information - Location based services - Tracking and navigationAS/NZS ISO 19133:2006 19133Provides users and designers with a description of the data types, and operations associated with those types, for the implementation of tracking and navigation services. Identical to and reproduced from ISO 19133:2005. Source ISO 19133:2005 reviewed and confirmed in 2016.https://www.standards.govt.nz/shop/asnzs-iso-191332006/Accepted2020-09 Changed to Accepted from Informational as it is a Regional (Australian and NZ) standard Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19133:2005 Geographic information -- Location-based services -- Tracking and navigationRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2006-10-232016PUBLISHUpdate2020-09-16 AS/NZS ISO 19134:2008 Geographic information - Location-based services - Multimodal routing and navigationAS/NZS ISO 19134:2008 19134Specifies the data types and their associated operations for the implementation of multimodal location-based services for routing and navigation. It is designed to specify web services that may be made available to wireless devices through web-resident proxy applications, but is not limited to that environment. Identical to ISO 19134:2007. Source ISO 19134:2007 reviewed and confirmed in 2021.https://www.standards.govt.nz/shop/asnzs-iso-191342008/Accepted2020-09 Changed to Accepted from Informational as it is a Regional (Australian and NZ) standard Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19134:2007 Geographic information -- Location-based services -- Multimodal routing and navigationRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2008-09-152018PUBLISHUpdate2020-09-16 AS/NZS ISO 19136.1:2020 Geographic information - Geography Markup Language (GML), Part 1: FundamentalsAS/NZS ISO 19136.1:202019136Standard adopts ISO 19136-1:2020 which define the XML Schema syntax, mechanisms and conventions.https://www.standards.govt.nz/shop/asnzs-iso-19136-12020/Accepted2020-11 added as Accepted as this is a regional adoption of ISO 19136.1:2020. It replaced AS/NZS ISO 19136:2008.Current regional standard (Australia and NZ)Standards Australia and Standards NZAS/NZS ISO 19136:2008 Geographic information - Geography Markup Language (GML)ISO 19136-1:2020 Geographic information — Geography Markup Language (GML) — Part 1: FundamentalsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2020-08-28PUBLISHAdd2020-11-16 AS/NZS ISO 19137:2008 Geographic information - Core profile of the spatial schemaAS/NZS ISO 19137:2008 19137Defines a core profile of the spatial schema specified in ISO 19107 that specifies, in accordance with ISO 19106, a minimal set of geometric elements necessary for the efficient creation of application schemata. It supports many of the spatial data formats and description languages already developed and in broad use within several nations or liaison organizations. Identical to ISO 19137:2007.https://www.standards.govt.nz/shop/asnzs-iso-191372008/Accepted2020-09 Changed from Informational to Accepted as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19137:2007 Geographic information — Core profile of the spatial schemaRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2008-09-152018PUBLISHUpdate2020-09-16 AS/NZS ISO 19141:2011 Geographic information - Schema for moving featuresAS/NZS ISO 19141:201119141Specifies a conceptual schema that addresses moving features, such as features whose locations change over time. This schema includes classes, attributes, associations and operations that provide a common conceptual framework that can be implemented to support various application areas that deal with moving features. Identical to and reproduced from ISO 19141:2008.https://www.standards.govt.nz/shop/asnzs-iso-191412011/Accepted2020-09 Changed from Informational to Accepted as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19141:2008 Geographic information -- Schema for moving featuresRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2011-11-302017PUBLISHUpdate2020-09-16 AS/NZS ISO 19142:2011 Geographic information - Web Feature ServiceAS/NZS ISO 19142:2011 19142Specifies the behaviour of a web feature service that provides transactions on and access to geographic features in a manner independent of the underlying data store. It specifies discovery operations, query operations, locking operations, transaction operations and operations to manage stored parameterized query expressions. Identical to and reproduced from ISO 19142:2010https://www.standards.govt.nz/shop/asnzs-iso-191422011/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19142:2010 Geographic information -- Web Feature ServiceRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2011-12-232018PUBLISHUpdate2020-09-16 AS/NZS ISO 19143:2011 Geographic information - Filter encodingAS/NZS ISO 19143:201119143Identical to and reproduced from ISO 19143:2010. Describes an XML and KVP encoding of a system neutral syntax for expressing projections, selection and sorting clauses collectively called a query expression. These components are modular and intended to be used together or individually by other International Standards which reference ISO 19143:2010. ISO 19143:2010 defines an abstract component, named AbstractQueryExpression, from which other specifications can subclass concrete query elements to implement query operations. https://www.standards.govt.nz/shop/asnzs-iso-191432011/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19143:2010 Geographic information -- Filter encodingRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2011-12-232018PUBLISHUpdate2020-09-16 AS/NZS ISO 19144.1:2011 Geographic information - Classification systems - Part 1: Classification system structureAS/NZS ISO 19144.1:201119144Establishes the structure of a geographic information classification system, together with the mechanism for defining and registering the classifiers for such a system. It specifies the use of discrete coverages to represent the result of applying the classification system to a particular area and defines the technical structure of a register of classifiers. Identical to and reproduced from ISO 19144-1:2009.https://www.standards.govt.nz/shop/asnzs-iso-19144-12011/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19144-1:2009 Geographic information -- Classification systems -- Part 1: Classification system structureRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2011-12-23PUBLISHUpdate2020-09-16 AS/NZS ISO 19144.2:2012 Geographic information - Classification systems - Part 2: Land Cover Meta Language (LCML)AS/NZS ISO 19144.2:201219144Specifies a Land Cover Meta Language (LCML) expressed as a UML metamodel that allows different land cover classification systems to be described based on the physiognomic aspects. Identical to, and reproduced from, ISO 19144-2:2012.https://www.standards.govt.nz/shop/asnzs-iso-19144-22012/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19144-2:2012 Geographic information - Classification systems -- Part 2: Land Cover Meta Language (LCML)Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2012-11-30PUBLISHUpdate2020-09-16 AS/NZS ISO 19145:2015 Geographic information - Registry of representations of geographic point locationAS/NZS ISO 19145:201519145Specifies procedures to be followed in establishing, maintaining and publishing registers of unique, unambiguous and permanent identifiers, and meanings that are assigned to items of geographic information. In order to accomplish this purpose, ISO 19135:2005 specifies elements of information that are necessary to provide identification and meaning to the registered items and to manage the registration of these items. Identical to and reproduced from ISO 19145:2013.https://www.standards.govt.nz/shop/asnzs-iso-191452015/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19145:2013 Geographic information -- Registry of representations of geographic point locationRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2015-02-132018PUBLISHUpdate2020-09-16 AS/NZS ISO 19146:2019 Geographic information - Cross-domain vocabulariesAS/NZS ISO 19146:2019 19146This standard establishes a methodology for cross-mapping vocabularies. It also specifies an implementation of AS ISO 19135.1:2018 for the purpose of registering cross-mapped vocabulary entries. Methodologies for the development of ontologies and taxonomies that relate to geographic information and geomatics are not within the scope of this document. This standard is identical with, and has been reproduced from, ISO 19146:2018, Geographic information - Cross-domain vocabularies.https://www.standards.govt.nz/shop/asnzs-iso-191462019/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19146:2018 Geographic information — Cross-domain vocabulariesRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-05-02PUBLISHUpdate2020-09-16 AS/NZS ISO 19148:2012 Geographic information - Linear referencingAS/NZS ISO 19148:201219148Specifies a conceptual schema for locations relative to a one dimensional object as measurement along (and optionally offset from) that object. It defines a description of the data and operations required to use and support linear referencing. Identical to, and reproduced from, ISO 19148:2012.https://www.standards.govt.nz/shop/asnzs-iso-191482012/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZ#Asset Management Data Standard (AMDS) Location StandardISO 19148:2012 Geographic information -- Linear referencingRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2012-11-20PUBLISHUpdate2020-09-16 AS/NZS ISO 19149:2012 Geographic information - Rights expression language for geographic information - GeoRELAS/NZS ISO 19149:2012 19149Defines an XML-based vocabulary or language to express rights for geographic information in order that digital licenses can be created for such information and related services. This language, GeoREL, is an extension of the rights expression language in ISO/IEC 21000-5 and is to be used to compose digital licenses. Each digital license will unambiguously express those particular rights that the owners (or their agent) of a digital geographic resource extend to the holders of that license. The digital rights management system in which these licenses are used can then offer ex ante (before the fact) protection for all such resources. NOTE The proper use of a GeoREL includes the preservation of rights access by formula expressed in usage licenses. Thus, data in the public or private domain, when protected, remain in their respective domains if the usage rights granted so state. These "rights" are not always covered by copyright law, and are often the result of contracts between individuals that specify the proper and allowed uses of resources, as opposed to the threat of copyright litigations which is an ex post facto (after the fact) remediation measure, not an ex ante protection measure. ISO 19149:2011 is not a reflection of, or extension of, copyright law. Mechanisms for the enforcement and preservation of those contract rights are specified in ISO/IEC 21000; this standard adopts them.https://www.standards.govt.nz/shop/asnzs-iso-191492012/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19149:2011 Geographic information — Rights expression language for geographic information — GeoRELRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2012-11-302017PUBLISHUpdate2020-09-16 AS/NZS ISO 19150.2:2018 Geographic information - Ontology, Part 2: Rules for developing ontologies in the Web Ontology Language (OWL)AS/NZS ISO 19150.2:201819150The objective of this Standard is to define rules and guidelines for the development of ontologies to support better the interoperability of geographic information over the Semantic Web. The Web Ontology Language (OWL) is the language adopted for ontologies.https://www.standards.govt.nz/shop/asnzs-iso-19150-22018/Accepted2020-09 Changed from Informational to Accepted as this is a current NZ standard. 2019-11 Added as Informational.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19150-2:2015 Geographic information -- Ontology -- Part 2: Rules for developing ontologies in the Web Ontology Language (OWL)Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCurrent2018-06-29PUBLISHUpdate2020-09-11 AS/NZS ISO 19152:2012 Geographic information - Land Administration Domain Model (LADM)AS/NZS ISO 19152:201219152Defines a reference Land Administration Domain Model (LADM) covering basic information-related components of Land Administration, including those over water and land, and elements above and below the surface of the earth. Identical to and reproduced from ISO 19152:2012.https://www.standards.govt.nz/shop/asnzs-iso-191522012/Accepted2021-08 added as Accepted as a regional standard.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19152:2012 Geographic information -- Land Administration Domain Model (LADM)Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2013-02-01PUBLISHAdd2021-08-05 AS/NZS ISO 19153:2015 Geospatial Digital Rights Management Reference Model (GeoDRM RM)AS/NZS ISO 19153:2015 19153A reference model for digital rights management (DRM) functionality for geospatial resources (GeoDRM). As such, it is connected to the general DRM market in that geospatial resources shall be treated as nearly as possible like other resources, such as music, text, or services. It is not the intention to reinvent a market nor the technology that already exists and is thriving, but to make sure that a larger market has access to geospatial resources through a mechanism that it understands and that is similar to and consistent with the ones already in use. Identical to and reproduced from ISO 19153:2014.https://www.standards.govt.nz/shop/asnzs-iso-191532015/Informational2022-03 Changed to Informational as source standard ISO 19153:2014 is withdrawn and not replaced.However this standard is CURRENT on Standard New Zealand site. Needs review. Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19153:2014 Geospatial Digital Rights Management Reference Model (GeoDRM RM)Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT (Source withdrawn and not replaced)2015-02-08PUBLISHUpdate2022-03-17 AS/NZS ISO 19155:2013 Geographic information - Place identifier (PI) architectureAS/NZS ISO 19155:201319155Specifies architecture that defines a reference model with an encoding method for an identifier of a place. Identical to and reproduced from ISO 19155:2012.https://www.standards.govt.nz/shop/asnzs-iso-191552013/AcceptedAugust 2020 changed from Informational to Accepted as this is a current regional AS/NZS standard.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19155:2012 Geographic information -- Place Identifier (PI) architectureRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2013-03-082018PUBLISHUpdate2020-08-06 AS/NZS ISO 19156:2012 Geographic information - Observations and measurementAS/NZS ISO 19156:2012 19156Defines a conceptual schema for observations, and for features involved in sampling when making observations. These provide models for the exchange of information describing observation acts and their results, both within and between different scientific and technical communities. Identical to, and reproduced from, ISO 19156:2011. Note the standards is also an OGC standard and publicly available on the Alternative_link https://portal.opengeospatial.org/files/?artifact_id=41579https://www.standards.govt.nz/shop/asnzs-iso-191562012/https://portal.opengeospatial.org/files/?artifact_id=41579Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19156:2011 Geographic information -- Observations and measurementsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2012-11-302017PUBLISHUpdate2020-09-16 AS/NZS ISO 19157:2015 Geographic information - Data qualityAS/NZS ISO 19157:2015 19157Establishes the principles for describing the quality of geographic data: - defines components for describing data quality - specifies components and content structure of a register for data quality measures - describes general procedures for evaluating the quality of geographic data - establishes principles for reporting data quality - defines a set of data quality measures for use in evaluating and reporting data quality. It is applicable to data producers providing quality information to describe and assess how well a data set conforms to its product specification. It is applicable to data users attempting to determine whether or not specific geographic data are of sufficient quality for their particular application.https://www.standards.govt.nz/shop/asnzs-iso-191572015/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZ#AS/NZS ISO 19115.1:2015 Geographic information - Metadata - Part 1: FundamentalsAS/NZS ISO 19113:2004 AS/NZS ISO 19114:2005 AS/NZS ISO 19138:2008ISO 19157:2013 Geographic information — Data qualityRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2015-02-20PUBLISHUpdate2020-09-16 AS/NZS ISO 19158:2013 Geographic information - Quality assurance of data supplyAS/NZS ISO 19158:2013 19158Provides a quality assurance framework for the producer and customer in their production relationship and identifies methods of managing the quality of production more efficiently and effectively. Identical to and reproduced from ISO/TS 19158:2012.https://www.standards.govt.nz/shop/asnzs-iso-191582013/AcceptedCurrent regional standard (Australia and NZ)Standards Australia and Standards NZISO/TS 19158:2012 Geographic information — Quality assurance of data supplyRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2013-01-292019PUBLISHUpdate2020-09-16 AS/NZS ISO 19160.1:2018 Addressing - Part 1: Conceptual modelAS/NZS ISO 19160.1:201819160Defines a conceptual model for address information (address model), together with the terms and definitions that describe the concepts in the model. Lifecycle, metadata, and address aliases are included in the conceptual model. The model is presented in the Unified Modelling Language (UML). The model provides a common representation of address information, independent of actual addressing implementations. It is not intended to replace conceptual models proposed in other specifications, but provides a means to cross-map between different conceptual models for address information and enables the conversion of address information between specifications. The model provides a basis for developing address specifications by individual countries or communities. Identical to and reproduced from ISO 19160-1:2015.https://www.standards.govt.nz/shop/asnzs-iso-19160-12018/Accepted2020-11 added as Accepted as a regional adoption of ISO 19160-1:2015 which is mandated by the Street Address Data Content RequirementLINZ#New Zealand’s draft Profile of ISO 19160-1:2015 Addressing – Part 1: Conceptual ModelISO 19160-1:2015 Addressing -- Part 1: Conceptual modelRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2018-06-29PUBLISHAdd2020-11-19 AS/NZS ISO 19160.3:2020 Addressing, Part 3: Address data qualityAS/NZS ISO 19160.3:202019160Standard adopts ISO 19160-3:2020 which: a) establishes a set of data quality elements and measures for describing the quality of address data; b) describes procedures for reporting data quality; and c) provides guidelines for the use of the established set of data quality elements and measures for describing the quality of address data.https://www.standards.govt.nz/shop/asnzs-iso-19160-32020/Accepted2020-11 added as Accepted as this is a regional adoption of ISO 19160-4:2017 LINZISO 19160-3:2020 Addressing — Part 3: Address data qualityRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2020-08-28PUBLISHAdd2020-11-19 AS/NZS ISO 19160.4:2020 Addressing, Part 4: International postal address components and template languageAS/NZS ISO 19160.4:202019160Standard identically adopts ISO 19160-4:2017, defining key terms for postal addressing, postal address components and constraints. Defines postal address components organized into hierarchical levels: elements; constructs; segments. Specifies mechanism for creation of sub-elements. Defines codes to identify elements and sub-elements. Specifies postal address rules and language for computer processing to express postal address templates.https://www.standards.govt.nz/shop/asnzs-iso-19160-42020/Accepted2020-11 added as Accepted as this is a regional adoption of ISO 19160-4:2017 LINZISO 19160-4:2017 Addressing — Part 4: International postal address components and template languageRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2020-09-11PUBLISHAdd2020-11-19 AS/NZS ISO 19161.1:2020 Geographic information - Geodetic references, Part 1: International terrestrial reference system (ITRS)AS/NZS ISO 19161.1:202019161Objective of this document is to provide the basic information and the requirements related to the International Terrestrial Reference System (ITRS), its definition, its realizations and how to access and use these realizations.https://www.standards.govt.nz/shop/asnzs-iso-19161-12020/Accepted2020-11 added as Accepted as this is a regional adoption of ISO 19161-1:2020Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19161-1:2020 Geographic information — Geodetic references — Part 1: International terrestrial reference system (ITRS)Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2020-08-27PUBLISHAdd2020-11-19 AS/NZS ISO 19162:2020 Geographic information - Well-known text representation of coordinate reference systemsAS/NZS ISO 19162:2020Standard identically adopts ISO 19162:2019, defining the structure and content of a text string implementation of the abstract model for coordinate reference systems. The string defines frequently needed types of coordinate reference systems and coordinate operations in a self-contained form that is easily readable by machines and by humans. Excludes parameter grouping and pass-through coordinate operations.https://www.standards.govt.nz/shop/asnzs-iso-191622020/Accepted2020-11 added as Accepted as this is a regional adoption of ISO 19162:2019Current regional standard (Australia and NZ)Standards Australia and Standards NZAS/NZS ISO 19162:2018 Geographic information - Well-known text representation of coordinate reference systemsISO 19162:2019 Geographic information — Well-known text representation of coordinate reference systemsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2020-09-18PUBLISHAdd2020-11-16 AS/NZS ISO 19165.1:2019 Geographic information - Preservation of digital data and metadata - Part 1: FundamentalsAS/NZS ISO 19165.1:201919165The objective of this standard is to define a preservation metadata extension of AS/ NZS ISO 19115.1. It defines the requirements for the long-term preservation of digital geospatial data. These data also include metadata, representation information, provenance, context and any other content items that capture the knowledge that are necessary to fully understand and reuse the archived data. This standard also refers to characteristics of data formats that are useful for the purpose of archiving. This standard is identical with, and has been reproduced from, ISO 19165-1:2018 Geographic information - Preservation of digital data and metadata - Part 1: Fundamentals.https://www.standards.govt.nz/shop/asnzs-iso-19165-12019/ Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 19165-1:2018 Geographic information — Preservation of digital data and metadata — Part 1: FundamentalsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2019-05-27PUBLISHUpdate2020-09-16 AS/NZS ISO 23081.3:2012 Information and documentation - Managing metadata for records - Part 3: Self-assessment methodAS/NZS ISO 23081.3:201223081Provides guidance to records and IT professionals for conducting a self-assessment on records metadata in relation to the creation, capture and control of records. Also provided is a spread sheet as a download for customers who purchase the PDF. Customers who purchase the hardcopy will receive it on a CD-ROM along with the spreadsheet. Identical to and reproduced from ISO/TR 23081-3:2011.https://www.standards.govt.nz/shop/asnzs-iso-23081-32012/Recommended2022-03 Source remains current. 2021-04 added as Recommended as conformed with Mike Chapman from Archives.The Chief Archivist has to power to mandate standards for records management under the Public Records Act 2005.DIA-Archives NZISO/TR 23081-3:2011Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2012-05-01PUBLISHUpdate2022-03-17 AS/NZS ISO 23081-2:2007 Information and documentation - Records management processes - Metadata for records - Conceptual and implementation issuesAS/NZS ISO 23081-2:200723081Description: Establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1:2006. It also identifies some of the critical decision points that need to be addressed and documented to enable implementation of metadata for managing records. Identical to ISO 23081-2:2007. https://www.standards.govt.nz/shop/asnzs-iso-23081-22007/Recommended2022-03 Source superceded by ISO 23081-2:2009, which in turn has been superseded by ISO 23081-2:2021. Advised Mike Chapman at Archives.This standards source has been revised by ISO 23081-2:2009The Chief Archivist has to power to mandate standards for records management under the Public Records Act 2005.DIA-Archives NZISO 23081-2:2007 Information and documentation - Records management processes - Metadata for records - Conceptual and implementation issuesRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT (Source replaced)2010-02-28PUBLISHUpdate2022-03-17 AS/NZS ISO 31000:2009 Risk Management – Principles and guidelinesAS/NZS ISO 31000:200931000Risk Management – Principles and guidelines provides organisations with guiding principles, a generic framework and a process for managing risk. Apart from the preamble this standard is an exact replication of ISO 31000:2009. Superseded by: AS ISO 31000:2018 Risk management—Guidelines Related: SA/SNZ HB 436:2013 provides guidance on the implementation of AS/NZS ISO 31000:2009 Risk management – Principles and guidelines. https://www.standards.govt.nz/shop/asnzs-iso-310002009/AcceptedThis is shown as Accepted as Wroksafe reguklation specifically referenbces this standard. Its source has been superseded by ISO 31000:2018 and Australia has their own National version AS ISO 31000:2018Source replaced by ISO 31000:2018Work SafeAS ISO 31000:2018 Risk management—GuidelinesISO 31000:2009 Risk management — Principles and guidelinesRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT (Source replaced)2009-11-19PUBLISH AS/NZS ISO 3297:2021 Information and documentation - International standard serial number (ISSN)AS/NZS ISO 3297:20213297Standard identically adopts ISO 3297:2020 which define and promote the use of a standard code (ISSN) for the unique identification of serials and other continuing resources. KEYWORDS: Identification; Serials; Continuing resources; ISSN; Standard code.https://www.standards.govt.nz/shop/asnzs-iso-32972021/Accepted2021-05 Added as Accepted as an AS/NZS Standard. Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 3297:2020Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2021-04-09PUBLISHAdd2021-05-31 AS/NZS ISO 6709:2011 Standard representation of geographic point location by coordinatesAS/NZS ISO 6709:20116709Provides geographic point location data formats which are universally interpretable and that allow unique identification of points on, above or below the earth’s surface, for the representation of latitude, longitude and altitude for use in data interchange. This Standard provides a variable-length format. Identical to and reproduced from ISO 6709:2008.https://www.standards.govt.nz/shop/asnzs-iso-67092011/Accepted2020-09 Changed to Accepted from Informational as it is a current regional standard (Australia and NZ)Current regional standard (Australia and NZ)Standards Australia and Standards NZISO 6709:2008 Standard representation of geographic point location by coordinatesRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2011-12-23PUBLISHUpdate2020-09-07 AS/NZS ISO 9001:2016 Quality management systems – RequirementsAS/NZS ISO 9001:20169001Specifies requirements for a quality management system when an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements. All the requirements in this standard are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides. Identical to and reproduced from ISO 9001:2015.https://www.standards.govt.nz/shop/asnzs-iso-90012016/Recommended2021-04 Changed to Recommended as confirmed with Mike Chapman at Archives. 2019-11 added as Accepted as this is a current NZ StandardThis standard is recommended by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZAS/NZS ISO 9001:2008 Quality management systems - RequirementsISO 9001:2015 Quality management systems — RequirementsRegional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2016-02-26PUBLISHUpdate2021-04-06 Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0This specification defines the syntax and semantics for XML-encoded assertions about authentication, attributes, and authorization, and for the protocols that convey this information. Note: Part of the basis for the New Zealand Security Assertion Messaging Standard (NZSAMS) which is a standard under the GCDO Digital functional leadership mandate.https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdfAccepted2020-02 added as Accepted. GCDO Digital functional leadership mandate.DIA#New Zealand Security Assertion Messaging Standard (NZSAMS)New Zealand Security Assertion Messaging Standard [NZSAMS]InternationalStandard - TechnicalOASISOASIS Standard2005-03-15PUBLISHAdd2020-02-03 Asset Management Data Standard (AMDS) A new standard for data on physical assets being led by NZTA. https://www.nzta.govt.nz/roads-and-rail/asset-management-data-standard/Recommended2021-05 Changed to Recommended 2020-09 added as DevelopmentWaka Kotahi (NZTA)National (NZ)StandardNZTAPublishedPUBLISHUpdate2021-05-06 ATOM 1.0Description: The name Atom applies to a pair of related Web standards. The Atom Syndication Format is an XML language used for web feeds, while the Atom Publishing Protocol (AtomPub or APP) is a simple HTTP-based protocol for creating and updating web resources. The Atom syndication format was published as an IETF proposed standard in RFC 4287 (December 2005), and the Atom Publishing Protocol was published as RFC 5023 (October 2007). Atom compared to RSS 2.0: - The Atom working group use timestamps formatted according to the rules specified by RFC 3339. The RSS 2.0 specification relies on the use of RFC 822 formatted timestamps to communicate information about when items in the feed were created and last updated. - Atom uses the standard xml:lang attribute to make it possible to specify a language context for every piece of human-readable content in the feed. The RSS vocabulary has a mechanism to indicate a human language for the feed, but there is no way to specify a language for individual items or text elements. - The Atom syntax was specifically designed to allow elements to be reused outside the context of an Atom feed document. For instance, it is not uncommon to find atom:link elements being used within RSS 2.0 feeds. The elements of the RSS vocabulary are not generally reusable in other XML vocabularies. Source: Wikipediahttps://tools.ietf.org/html/rfc4287AcceptedDIAGCDO@dia.govt.nzInternationalStandardIETF (Internet Engineering Task Force)PUBLISH Australian and New Zealand Standard Classification of OccupationsLabour market analysis is currently the primary use of data collected on occupation. However, the Australian and New Zealand Standard Classification of Occupations (ANZSCO), which is supported by this statistical standard, is used by a wide range of people and organisations for a variety of other purposes.http://aria.stats.govt.nz/aria/#StandardView:uri=http://stats.govt.nz/cms/StatisticalStandard/IkPVEIFDEuDNZfmVRecommended2020-11 added as Recommended from Stats NZGovernment Chief Statistican mandateStatistics NZGovernment (NZ)StandardStatistics NZApprovedPUBLISHAdd2020-11-23 Australian and New Zealand Standard Industrial ClassificationThe Australian and New Zealand Standard Industrial Classification (ANZSIC) 2006 is used to compile and analyse industry statistics in New Zealand and Australia.http://aria.stats.govt.nz/aria/#StandardView:uri=http://stats.govt.nz/cms/StatisticalStandard/iKs9MH7Y0gxXNojVRecommended2020-11 added as Recommended from Stats NZGovernment Chief Statistican mandateStatistics NZGovernment (NZ)StandardStatistics NZApprovedPUBLISHAdd2020-11-23 Authentication Assurance StandardThis standard provides the controls used to ensure that 1 or more authenticators are still possessed and solely controlled by the authorised holder. Application of this standard Application of the controls in this standard will contribute to the reduction of identity fraud by reducing the ability for unauthorised entities to gain access to the information and entitlements belonging to an enrolled entity. The scope of the requirements in this standard is explicitly related to the use of authenticators and the process of authentication. It does not include considerations for security, messaging methods, or other implementation matters.https://www.digital.govt.nz/standards-and-guidance/identification-management/identification-management-standards/authentication-assurance-standard/Recommended2021-05 Changed to Recommended 2020-09 Changed to Development from Future Consideration This standard replaced the: Authentication Key Strengths Standard, Version 1.0 (published June 2006) and subsequent amendments Password Standard, Version 1.0 (published June 2006) and subsequent amendments, for organisations not subject to compliance with the New Zealand Information Security Manual.GCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Identification Management Standards#Identification management guidanceAuthentication Key Strengths Standard - June 2006 Password Standard v1.0 June 2006Government (NZ)StandardGCDO (Government Chief Digital Officer)Draft 2021-03-01PUBLISHUpdate2021-05-06 Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0This specification defines a syntax for the definition of authentication context declarations and an initial list of authentication context classes for use with SAML.https://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdfAccepted2020-02 added as Accepted. Part of the basis for the New Zealand Security Assertion Messaging Standard (NZSAMS) which is a standard under the GCDO Digital functional leadership mandate.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzNew Zealand Security Assertion Messaging Standard (NZSAMS)New Zealand Security Assertion Messaging Standard [NZSAMS]InternationalStandard - TechnicalOASISOASIS Standard2005-03-15PUBLISHAdd2020-02-03 Authority to retain public records in electronic form only (17/Sp7)This Authority to retain public records in electronic form only (the Authority) is issued by the Chief Archivist under section 229(2) of the Contract and Commercial Law Act 2017 (CCLA). The purpose of the Authority is to grant general approval from the Chief Archivist to public offices to retain public records in electronic (digital) form only, subject to exclusions. This means that the source public records do not need to be retained after digitisation and can be destroyed without further authorisation. https://records.archives.govt.nz/resources-and-guides/authority-to-retain-public-records-in-electronic-form-only/Mandated2021-01 Confirmed with Archives that if requirement applies then actions within this authroirty are mandatory. Changed to Mandatoery from Recommended. This is guidance produced by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZGovernment (NZ)StandardArchives NZPublished2017-10PUBLISHUpdate2021-01-11 Better Business CasesThe primary objective of BBC is to enable smart investment decisions for public value. http://www.treasury.govt.nz/statesector/investmentmanagement/plan/bbcRecommendedThe TreasuryGovernment (NZ)GuidanceThe TreasuryPublishedPUBLISH Binding Assurance StandardThis standard provides specific controls for ensuring an entity is appropriately bound to their entity information and to an authenticator in order to prevent identity theft. Application of this standard Application of the controls in this standard will contribute to the reduction of identity theft, entity information (account) takeover, and therefore the impacts that result.https://www.digital.govt.nz/standards-and-guidance/identification-management/identification-management-standards/binding-assurance-standard/Recommended2021-05 Changed to Recommended 2020-09 Changed to Development from Future Consideration This standard replaced part of the Evidence of Identity (EOI) Standard Version 2.0 — Dec 2009, in particular the requirements outlined in Table 8 of the EOI Standard relating to Object C — Presenter ‘links’ to identity.GCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Identification Management Standards#Identification management guidancePart of the Evidence of Identity (EOI) Standard Version 2.0 — Dec 2009, in particular the requirements outlined in Table 8 of the EOI Standard relating to Object C — Presenter ‘links’ to identity.Government (NZ)StandardGCDO (Government Chief Digital Officer)Published2021-03-01PUBLISHUpdate2021-05-06 Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0This specification defines protocol bindings for the use of SAML assertions and request-response messages in communications protocols and frameworks. Note: Part of the basis for the New Zealand Security Assertion Messaging Standard (NZSAMS) which is a standard under the GCDO Digital functional leadership mandate.https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdfAccepted2020-02 added as Accepted. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz New Zealand Security Assertion Messaging Standard (NZSAMS)New Zealand Security Assertion Messaging Standard [NZSAMS]InternationalStandard - TechnicalOASISOASIS Standard2005-03-15PUBLISHAdd2020-02-03 BPMN v2.0 (Business Process Model and Notation v2.0)A standard Business Process Model and Notation (BPMN) will provide businesses with the capability of understanding their internal business procedures in a graphical notation and will give organizations the ability to communicate these procedures in a standard manner. Furthermore, the graphical notation will facilitate the understanding of the performance collaborations and business transactions between the organizations. This will ensure that businesses will understand themselves and participants in their business and will enable organizations to adjust to new internal and B2B business circumstances quickly. Source: Object Management Group Link: http://www.bpmn.org/ http://www.omg.org/spec/BPMN/2.0/Accepted2019-11 Set Catalogue Standard Status to Accepted DIAInternationalStandard - TechnicalOMG (Object Management Group)CurrentPUBLISHUpdate2019-11 Business Architecture Guild Government Reference Model (GRM)The business architecture reference model contained herein represents a basic business architecture for government. This reference model includes capabilities specific to government as well as commonly used strategic and supporting capabilities, a set of value streams, information map, organization map and a stakeholder map. This reference model is a work-in-progress and will continue to evolve based on Guild member contributions. https://www.businessarchitectureguild.org/store/viewproduct.aspx?id=14702172Future Consideration2023-06 added as Future ConsiderationThe Gommon Capabilities of this model are being used to validate the GEANZ Businss Capabilities Model. The model is available for purchase for USD$350GCDO Government Enteprrise Architecture for NZDIAGEA@dia.govt.nzGovernment (NZ)Common LanguageBusiness Architecture Guild®PublishedPUBLISHAdd 2023-06-27 Civil Defence National Emergencies (Information Sharing) Code 2020The Civil Defence National Emergencies (Information Sharing) Code 2020 provides agencies with broader discretion to collect, use and disclose personal information in the rare event of a major disaster that has triggered a state of national emergency. In particular, the code will facilitate the disclosure of personal information to public sector agencies to assist in the government response to a national emergency. The code promotes the vital interests of individuals in national emergencies by, for example, facilitating the sharing of information to help identify individuals who have been caught up in the emergency, to assist individuals to obtain essential services and to coordinate the management of the emergency.https://www.privacy.org.nz/privacy-act-2020/codes-of-practice/cdneisc2020/Mandated2020-12 added as Mandated.Privacy CommissionerCivil Defence National Emergencies (Information Sharing) Code 2013National (NZ)StandardThe Privacy CommissionerCurrentPUBLISHAdd2020-12-01 Cloud Data Centre CertificationDetails to be addedDevelopment2022-09 added as DevelopmentGCDO Digital functional leadership mandate. GCDO is the certification authority. DIAGCDO@dia.govt.nz#AS 1725.1-2010 Chain link fabric fencing, Part 1: Security fences and gates - General requirements, #AS/NZS 3016:2002 Electrical installations - Electric security fences, #AS/NZS 2201.5:2008 Intruder alarm systems - Alarm transmission systems, #AS/NZS 2201.1:2007 Intruder alarm systems - Client's premises - Design, installation, commissioning and maintenance, #AS 2201.3:1991 Intruder alarm systems, Part 3: Detection devices for internal use, #AS 2201.2-2004 Intruder alarm systems, Part 2: Monitoring centres, #AS 2201.2:2022 Alarm and electronic security systems, Part 2: Monitoring centres, #AS 4145.2-2008 Locksets and hardware for doors and windows, Part 2: Mechanical locksets for doors and windows in buildings, #AS/NZS ISO 45001:2018 Occupational health and safety management systems - Requirements with guidance for use, #AS/NZS IEC 60839-11-1:2019 Alarm and electronic security systems - Part 11-1: Electronic access control systems - System and components requirements,Government (NZ)CertificationGCDO (Government Chief Digital Officer)Under DevelopmentPUBLISHAdd2022-09-20 Cloud Risk Discovery ToolSee Andrew Stephen for detals.Development2022-09 added as DevelopmentGCDO Digital functional leadership mandateDIAGCDO@dia.govt.nzCloud Risk Assessment ToolGovernment (NZ)ToolGCDO (Government Chief Digital Officer)Under DevelopmentPUBLISHAdd2022-09-20 Cloud servicesGovernment organisations must adopt public cloud services on a case-by-case basis, following risk assessments. Includes: - About public cloud services (has specific entry in catalogue) - Help with public cloud services (has specific entry in catalogue) - Risks assessments before using public cloud services (has specific entry in catalogue) - Information value for public cloud services (has specific entry in catalogue) - Risk discovery for public cloud services (has specific entry in catalogue) - Technical guidance for public cloud services (has specific entry in catalogue) https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/Mandated2022-10 updated to Mandated from Recommended. 2020-11 added as Recommended as this is where the GCDO advice and guidance can be found. Government organdisations must follow this guidance. DIAGCDO@dia.govt.nzCloud services - About public cloud services, Cloud services - Help with public cloud services, Cloud services - Risks assessments before using public cloud services, Cloud services - Information value for public cloud services, Cloud services - Risk discovery for public cloud services, Cloud services - Technical guidance for public cloud services Government (NZ)Guidance GCDO (Government Chief Digital Officer)PUBLISHUpdate2022-10-13 Cloud services - About public cloud services - Risk assessment tool for public cloud servicesCloud services - About public cloud servicesPublic cloud services are no different from other information technology systems — you must assess the risk first. Includes: - How to use the tool to help with your risk assessment - Risk assessment tool for public cloud services — Excel version https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/about/tool-for-assessing-risks/Mandated2022-10 added as MandatedGovernment organisations must do risk assessments before using cloud servicesGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud services - About public cloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - About public cloud services - Write and carry out a cloud planCloud services - About public cloud servicesSenior leaders are required to write cloud plans that explain their organisation’s approach to using public cloud services. Includes: - How to write a cloud plan - Offer a choice of public cloud services to your people - Business changes from the cloud plan - Use your cloud planhttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/about/cloud-plans/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud services - About public cloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - About public cloud servicesCloud servicesFind out why and how government organisations use public cloud services to work more productively. Includes: - Why government organisations use public cloud services - How to adopt public cloud services (has specific entry in catalogue) - Risk assessment tool for public cloud services (has specific entry in catalouge) - Write and carry out a cloud plan (has specific entry in catalogue) - Cabinet minutes for public cloud services https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/about/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud services - How to adopt public cloud services, Cloud services - Risk assessment tool for public cloud services, Cloud services - Write and carry out a cloud planCloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - About public cloud services - How to adopt public cloud servicesCloud services - About public cloud servicesWhat to do before using public cloud services, and how government organisations make them available to their people. Includes: - Before using public cloud services - How to buy public cloud services - Use your organisation’s cloud planhttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/about/how/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud services - About public cloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - Help with public cloud servicesCloud servicesGovernment organisations can get help with the different aspects of using public cloud services. Includes: - Join the Cloud Capabilities Network - Create or improve your organisation’s process for assessing risks - Ways to buy public cloud services - Service models for public cloud - Help with negotiating contracts for public cloud services - Data sovereignty - Shadow cloud — concerns and opportunities https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/help/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - Information value for public cloud servicesCloud servicesQuestions 1 to 27 of the risk assessment tool — for the information you’re looking to use with a public cloud service, find out how important it is to your organisation, the NZ government and New Zealanders. Includes: - How to check the information value - Business and technical contexts of the information - Classify information - Criticality of the information - Sovereignty over the information - Privacy of the information - Tips for right-sizing your risk assessment - Decide if you need a risk discovery before using a public cloud servicehttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/information-value-questions-1-to-27/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud servicesCloud Risk Discovery ToolGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - Risk discovery for public cloud servicesCloud servicesQuestions 28 to 105 of the risk assessment tool — discover the risks to information security and privacy in a public cloud service, and identify the controls to manage them. Includes: - How to discover the risks - Governance of the information - Confidentiality of the information - Integrity of the information - Availability of the information - Incident response and management of the information - Make a decision from the risk discoveryhttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/risk-discovery-questions-28-to-105/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud servicesCloud Risk Discovery ToolGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - Risks assessments before using public cloud servicesCloud servicesWhen and how to assess the risks of using public cloud services — including who approves it, sending certain risk documents to the Government Chief Digital Officer (GCDO) and using your risk assessment. Includes: - When to assess the risks of using a public cloud service - Assess the risks of using a public cloud service - Check who can approve the risk level - Send your risk documents to the GCDO - Use your risk assessmenthttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/assess-the-risks/Mandated2022-10 added as MandatedGovernment organisations must do risk assessments before using cloud servicesGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - Technical guidance for public cloud servicesCloud servicesCloud characteristics, security templates, advice for vendors, and guides for optimising network capacity and managing updates on remote endpoints. Includes: - Essential characteristics of cloud services - Security templates — public cloud services (has specific entry in catalouge) - How vendors fill in the risk assessment tool for public cloud services - Guide to optimising network traffic for cloud services (has specific entry in catalouge) - Guide to managing updates on remote endpoints (has specific entry in catalouge) https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/technical/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud services - Technical guidance for public cloud services - Guide to managing updates on remote endpoints, Cloud services - Technical guidance for public cloud services - Guide to optimising network traffic for cloud services, Cloud services - Technical guidance for public cloud services - Security templates — public cloud servicesCloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - Technical guidance for public cloud services - Guide to managing updates on remote endpointsCloud services - Technical guidance for public cloud servicesTechnical advice for agencies, information technology managers and engineers managing workstations for people working remotely. This guide is intended for agencies moving towards a cloud-enabled infrastructure or who have people working remotely for extended periods. It focuses on managing updates for Windows machines for staff working from home. https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/technical/guide-to-managing-updates-on-remote-endpoints/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud services - Technical guidance for public cloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - Technical guidance for public cloud services - Guide to optimising network traffic for cloud servicesCloud services - Technical guidance for public cloud servicesTechnical advice for agencies, information technology managers and engineers managing workstations for people working remotely. This guide is intended for agencies moving towards a cloud-enabled infrastructure or who have people working remotely for extended periods. It focuses on managing updates for Windows machines for staff working from home. https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/technical/guide-to-managing-updates-on-remote-endpoints/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud services - Technical guidance for public cloud servicesGovernment (NZ)Guidance NZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 Cloud services - Technical guidance for public cloud services - Security templates — public cloud servicesCloud services - Technical guidance for public cloud servicesSample templates of how government organisations can set providers’ security controls to meet the requirements in the New Zealand Information Security Manual (NZISM). Includes: - Amazon Web Services. Managed Config rules mapped to the NZISM. - Microsoft. Azure Policy definitions mapped to the NZISM. - Office Productivity — restricted security controls for public cloud services. Office Productivity's template for security controls mapped to the NZISM applies to most public cloud services using ‘RESTRICTED’ information.https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/technical/security-templates/Recommended2022-10 added as RecommendedGCDO Digital system leadership mandate. Cloud 1st mandate.DIAGCDO@dia.govt.nzCloud services - Technical guidance for public cloud servicesGovernment (NZ)TemplatesNZ GovernmentPublished2022-10-10PUBLISHAdd2022-10-13 CNSS Instruction No. 4009 April 6, 2015 Committee on National Security Systems (CNSS) GlossaryThe Committee on National Security Systems (CNSS) Glossary Working Group convened to review and update the Committee on National Security Systems (CNSS) Glossary, Committee on National Security Systems Instruction (CNSSI) No. 4009, dated April 2010. This revision of CNSSI No. 4009 incorporates many new terms submitted by the CNSS Membership. Most of the terms from the 2010 version of the Glossary remain, but a number of terms have updated definitions in order to remove inconsistencies among the communities.https://rmf.org/wp-content/uploads/2017/10/CNSSI-4009.pdfRecommended2022-03 Set to Recommended as NZISM list this in '1.1.62 Key Standards' GCISO information security functional leadership mandate.GCSB#NZISM 1.1.62. Key Standards CNSS Instruction No. 4009 26 April 2010 National Information Assurance (IA) GlossaryGovernment (US)Common LanguageCNSS (Committee on National Security Systems) Current2015-04-06PUBLISHUpdate2022-03-21 Common Alerting Protocol CAP-NZ Technical Standard [TS04/18] The CAP-NZ Technical Standard provides guidance for a consistent approach to implementing CAP in New Zealand. CAP is recognised as a standard for use across the New Zealand Government by Government Enterprise Architecture for New Zealand (GEA-NZ). CAP is used throughout the world, and many software and hardware systems are already set up to use CAP because of its widespread uptake. New Zealand CAP alerts can be used by other countries, and vice versa. For example, Google Public Alerts monitors international CAP alerts and, within an affected area, notifies mobile devices that use Google Now. This is a valuable extra channel that gets the message through to people, without having to download an app. Common Alerting Protocol (CAP) is an international, non-proprietary digital message format for exchanging all-hazard emergency alerts. The CAP standard was developed by the Organisation for the Advancement of Structured Information Standards (OASIS) and is based on best practices identified in academic research and practical experience. NEMA leads the CAP-NZ Working Group, with members from many government agencies, research institutes, and emergency hardware and software suppliers.https://www.civildefence.govt.nz/cdem-sector/guidelines/common-alerting-protocol/RecommendedNEMACommon Alerting Protocol Version 1.2Government (NZ)GuidanceHazard Risk Board (secretariat provided by DPMC)Published2018-02PUBLISHUpdate2019-11-11 Common Alerting Protocol Version 1.2The Common Alerting Protocol (CAP) is the OASIS Emergency Management Technical Committee's standard for security and civil emergency management. CAP is a simple, flexible data interchange format for collecting and distributing "all-hazard" safety notifications and emergency warnings over information networks and public alerting systems. Was: CAP [Common Alerting Protocol] Version 1.2 http://docs.oasis-open.org/emergency/cap/v1.2/CAP-v1.2-os.htmlAcceptedNEMACommon Alerting Protocol CAP-NZ Technical Standard [TS04/18]InternationalStandardOASISOASIS Standard2010-07-01PUBLISHUpdate2019-11-11 Common corporate service public records (GDA6)GDA6This General Disposal Authority 6 (hereafter GDA6) has been developed for the use of public offices wishing to dispose of common corporate public records legally. Public offices may use GDA6 without requiring any further authorisation from the Chief Archivist. GDA6 covers generic classes of records created through business functions which are common to most public offices. GDA6 does not cover records that relate to a public office’s primary core business functions, duties and responsibilities. Was: 16/Sp5 GDA6: Common corporate service public records https://assets.ctfassets.net/etfoy87fj9he/78KkF8gKV8zhvi17aYrpDK/e0543d28f8f8ac4ff7452ca342c344e8/16-GDA6-General-disposal-authority-6.pdfMandatedAdded as mandated. 2021-04 confirmed with Archives that this is mandatory for those within its scope. The Chief Archivist has to power to mandate standards for records management under the Public Records Act 2005. DIA-Archives NZhttps://www.archives.govt.nz/manage-information/how-to-manage-your-information/disposal/general-disposal-authoritiesGovernment (NZ)StandardArchives NZPublishedPUBLISHAdd2021-04-07 Common Process ModelThe All-of-Government (AoG) Common Process Model is a cloud-based set of standard business process models that enable public service agencies to design their key back-office functions such as finance, human resources (HR), payroll, procurement, enterprise asset management, workplace health and safety, and information technology (IT) service management. The Model brings consistent, common processes to public service back-offices. The Model enables agencies to have a head start and strong foundation to develop their business requirements which makes it easier for staff and project teams. Service description The Back Office Digital Transformation unit provides access to, support, governance and maintenance of business processes for: - Finance - Human Resources (HR) Management - Payroll — being developed - Enterprise Asset Management - Information Technology (IT) Service Management - Procurement - Work Health and Safety.https://www.digital.govt.nz/products-and-services/products-and-services-a-z/common-process-model/https://aris.enterprisesupport.govt.nzRecommended2022-08 added as RecommendedAs at the 12th of October 2022 there are 70 agencies are using it. The full set is being used for gap analysis and supporting design of organisation ERP systems. Reccommended to useDIAEnterpriseSupport@dia.govt.nz.Common Process Model Finance, Common Process Model Human Resources (HR) Management, Common Process Model Payroll, Common Process Model Enterprise Asset Management, Common Process Model Information Technology (IT) Service Management, Common Process Model Procurement, Common Process Model Work Health and Safety, Common Proces Model Master Data ManagementGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2022-08-10 Common Process Model Enterprise Asset ManagementThese processes provide government agencies with the process steps required to manage all stages of the Asset Management Lifecycle, Asset Management operations and reflect Asset Management strategy and policy.https://www.digital.govt.nz/products-and-services/products-and-services-a-z/common-process-model/https://aris.enterprisesupport.govt.nz/#default/item/c.chain.NZ%20AOG%20Common%20Process%20Model%20V1~d0.hPFUIB2vEedfOABQVq5dyQ.-1Recommended2022-08 added as Recommended Reccommended to useDIAEnterpriseSupport@dia.govt.nz.Common Process ModelGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2022-09-21 Common Process Model FinanceThese processes provide Government Departments and Agencies with a step-by-step guide to planning, transacting and controlling financial transactions to ensure compliance to policies and adherence to best practices across Shared Services.https://www.digital.govt.nz/products-and-services/products-and-services-a-z/common-process-model/https://aris.enterprisesupport.govt.nz/#default/item/c.chain.NZ%20AOG%20Common%20Process%20Model%20V1~d0.3WxkAh2vEedfOABQVq5dyQ.-1Recommended2022-08 added as RecommendedSupporting FMIS development for multiple organisations and the Finance working groupReccommended to useDIAEnterpriseSupport@dia.govt.nz.Common Process ModelGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2022-09-21 Common Process Model Human Resources (HR) ManagementThese processes provide Government Departments and Agencies with the process steps required to manage the employee life cycle, transactional HR operations and HR strategy and policy.https://www.digital.govt.nz/products-and-services/products-and-services-a-z/common-process-model/https://aris.enterprisesupport.govt.nz/#default/item/c.chain.NZ%20AOG%20Common%20Process%20Model%20V1~d0.m2WJgh2tEedfOABQVq5dyQ.-1Recommended2022-08 added as RecommendedHR working group reviewing the models and multiple payroll programmes and HRIS systemsReccommended to useDIAEnterpriseSupport@dia.govt.nz.Common Process ModelGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2022-09-21 Common Process Model Information Technology (IT) Service ManagementIT Service Management is a set of specialized organisational capabilities for transforming resources into valuable customer services. These services are to be made available at acceptable levels of quality, cost, and risks. IT Service Management model sceanrios include: - Service Strategy - Service Design - Service Transition - Service Operation - Continual Service Improvementhttps://www.digital.govt.nz/products-and-services/products-and-services-a-z/common-process-model/ Development2022-08 added as Development Reccommended to useDIAEnterpriseSupport@dia.govt.nz.Common Process ModelGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2022-09-21 Common Process Model PayrollPayroll is currently incorporated in the AOG.HR Human Resource Management set of models and are currently looking at creating a standalone scenario of Payroll models.https://www.digital.govt.nz/products-and-services/products-and-services-a-z/common-process-model/ Development2022-08 added as RecommendedNew Payroll Practicioners Group have created a Community of Practice to help review and develop a set of models to support payroll and payroll systemsReccommended to useDIAEnterpriseSupport@dia.govt.nz.Common Process ModelGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2022-09-21 Common Process Model ProcurementThese processes provide Government Departments and Agencies with standard processes to ensure best value for money, whilst supporting Large, small and medium size organisations in the procurement of goods and services by and for government agencies.https://www.digital.govt.nz/products-and-services/products-and-services-a-z/common-process-model/https://aris.enterprisesupport.govt.nz/#default/item/c.chain.NZ%20AOG%20Common%20Process%20Model%20V1~d0.r7FZQh2uEedfOABQVq5dyQ.-1Recommended2022-08 added as RecommendedProcurement Functional Leaders Group have created the Procurement - Community of Practice which will review the models and also inclurporate the changes from the MBIE Procurement for the future projectReccommended to useDIAEnterpriseSupport@dia.govt.nz.Common Process ModelGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2022-09-21 Common Process Model Work Health and SafetyThese processes provide Government Departments and Agencies with the process for managing work health and safety strategy and plans, implementing preventative measures and handling incidentshttps://www.digital.govt.nz/products-and-services/products-and-services-a-z/common-process-model/https://aris.enterprisesupport.govt.nz/#default/item/c.chain.NZ%20AOG%20Common%20Process%20Model%20V1~d0.g43zkh2vEedfOABQVq5dyQ.-1Recommended2022-08 added as Recommended Reccommended to useDIAEnterpriseSupport@dia.govt.nz.Common Process ModelGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2022-09-21 Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0This normative specification provides the technical requirements for SAML V2.0 conformance and specifies the entire set of documents comprising SAML V2.0. Note: Part of the basis for the New Zealand Security Assertion Messaging Standard (NZSAMS) which is a standard under the GCDO Digital functional leadership mandate.https://docs.oasis-open.org/security/saml/v2.0/saml-conformance-2.0-os.pdfAccepted2020-02 added as Accepted. DIAGCDO@dia.govt.nzNew Zealand Security Assertion Messaging Standard [NZSAMS]InternationalStandard - TechnicalOASISOASIS Standard2005-03-15PUBLISHAdd2020-02-03 Credit Reporting Privacy Code 2020This code applies specific rules to credit reporters to ensure the protection of individual privacy. It addresses the credit information collected, held, used, and disclosed by credit reporters. For credit reporters the code takes the place of the information privacy principles.https://www.privacy.org.nz/privacy-act-2020/codes-of-practice/crpc2020/Mandated2020-12 added as Mandated.Privacy CommissionerCredit Reporting Privacy Code 2004National (NZ)StandardThe Privacy CommissionerCurrentPUBLISHAdd2020-12-01 CSV (Comma-Separated Values)CSV is a common data exchange format that is widely supported by consumer, business, and scientific applications. Among its most common uses is moving tabular data between programs that natively operate on incompatible (often proprietary and/or undocumented) formats. This works despite lack of adherence a standard, because so many programs support variations on the CSV format for data import. RFC 4180 proposes a specification for the CSV format, and this is the definition commonly used. However, in popular usage "CSV" is not a single, well-defined format. As a result, in practice the term "CSV" might refer to any file that: - is plain text using a character set such as ASCII, various Unicode character sets (e.g. UTF-8), EBCDIC, or Shift JIS, - consists of records (typically one record per line), - with the records divided into fields separated by delimiters (typically a single reserved character such as comma, semicolon, or tab; sometimes the delimiter may include optional spaces), - where every record has the same sequence of fields. It is documented as RFC 4180. https://www.ietf.org/rfc/rfc4180.txtAccepted Used on Data.govt.nz to publish machine readable data sets.GCDS Data functional leadership mandate.Statistics NZInternationalStandardIETF (Internet Engineering Task Force)In UsePUBLISH Data Documentation InitiativeThe Data Documentation Initiative (DDI) is an international standard for describing the data produced by surveys and other observational methods in the social, behavioural, economic, and health sciences. DDI is a free standard that can document and manage different stages in the research data lifecycle, such as conceptualization, collection, processing, distribution, discovery, and archiving. Documenting data with DDI facilitates understanding, interpretation, and use -- by people, software systems, and computer networks. https://ddialliance.org/explore-documentationRecommended2020-11 added as Recommended from Stats NZGCDS Data functional leadership mandate.Statistics NZInternationalStandard - TechnicalDDI AlliancePublishedPUBLISHAdd2020-11-23 Data ManagementPart of the Data toolkit and covers: - Introduction to data management - Data dictionary - What is a data custodian and what do they do? - Assessing the accuracy of your data - Managing data changes for comparison over timehttps://www.data.govt.nz/toolkit/data-management/Recommended2020-11 added as Recommended from Stats NZGCDS Data functional leadership mandate.Statistics NZGovernment (NZ)Guidance Statistics NZPublishedPUBLISHAdd2020-11-23 Data Protection and Use Policy (DPUP)DPUPDPUP describes what ‘doing the right thing’ looks like when collecting or using people’s data and information. Learn about DPUP The Data Protection and Use Policy’s (DPUP’s) advice applies to a wide range of agencies. Read the DPUP Principles The Data Protection and Use Policy (DPUP) Principles focus on values and behaviours to help ensure your data practices focus on the wellbeing of people and communities. Read the DPUP Guidelines The Data Protection and Use Policy (DPUP) Guidelines describe key activities and processes to help put the Principles in place. Before you start to use DPUP This guidance helps agencies plan for adopting the Data Protection and Use Policy (DPUP) in their work practices. Use DPUP in your work These tools help anyone who works directly with service users to apply the Data Protection and Use Policy (DPUP) in their work. https://www.digital.govt.nz/standards-and-guidance/privacy-security-and-risk/privacy/data-protection-and-use-policy-dpup/Recommended2020-03 added as RecommendedGCPO Privacy functional leadership mandate.DIAGovernment (NZ)PolicyGCPO (Government Chief Privacy Officer)PublishedPUBLISHAdd2020-03-02 Data stewardship framework for NZThe GCDS provides leadership of government-held data and is responsible for enabling greater data use. The GCDS partners with New Zealand data leaders to develop and implement the stewardship framework to enable government to maintain a sustainable data system. The New Zealand data leaders include the Chief Archivist, Government Chief Digital Officer, Government Chief Information and Security Officer, Government Chief Privacy Officer, Government chief executives, Government Statistician, Commissioner of Inland Revenue, Iwi Leaders Forum, sector leads, and Te Mana Raraunga.https://www.data.govt.nz/manage-data/data-stewardship/a-data-stewardship-framework-for-nz/Recommended2021-05 Changed to Recommended 2020-09 Changed to Development from Future Consideration GCDS Data functional leadership mandate.Statistics NZGovernment (NZ)FrameworkGCDS (Government Chief Data Steward)Published2020-11PUBLISHUpdate2021-05-06 Date of birth data mandated standardThe purpose of this standard is to mandate 'ISO 8601 - 1:2019, Date and time — representations for information interchange — part 1: basic rules', to be used to format date of birth for sharing purposes. This mandated standard applies to data being shared between organisations. This mandated standard does not mandate the collection or storage of date of birth. These may vary depending on the needs of the organisation. Was: Date of birth data content requirement, Date of birth data content standardhttps://www.data.govt.nz/toolkit/data-standards/mandated-standards-register/date-of-birth-standard/MandatedGCDS Data functional leadership mandate.Statistics NZMandatedStandards@stats.govt.nz.#ISO 8601 - 1:2019Government (NZ)StandardGCDS (Government Chief Data Steward)Approved2019-12-18PUBLISHUpdate 2020-07-10 Declaration on Open and Transparent GovernmentDeclaration by the New Zealand Government to release public data to enable the private and community sectors to use it to grow the economy, strengthen our social and cultural fabric and sustain our environment. Public data refers to non-personal and unclassified data. The Declaration has been approved by Cabinet. Cabinet has: - directed all Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office, and the New Zealand Security Intelligence Service; - encouraged other State Services agencies; and - invited State Sector agencies to: to commit to releasing high value public data actively for re-use, in accordance with the Declaration and Principles, and in accordance with the NZGOAL Review and Release process. Mandate: The Declaration on Open and Transparent Government was approved by Cabinet on 8 August 2011. https://www.data.govt.nz/manage-data/policies/declaration-on-open-and-transparent-governmentRecommendedGCDS Data functional leadership mandate.Statistics NZGovernment (NZ)PolicyGCDS (Government Chief Data Steward)Current2011-08-08PUBLISH Digital lifecycleThe digital lifecycle helps agencies focus on user needs when delivering digital products. There are 5 phases in the digital lifecycle: Discovery, Alpha, Beta, Live and Decommission. Each phase in the digital lifecycle helps agencies to think about their users' needs as they deliver digital products, for example websites, apps and online services.https://www.digital.govt.nz/standards-and-guidance/strategy-and-planning/digital-lifecycle/Recommended2020-05 added as Recommended. DIAGCDO@dia.govt.nzGovernment (NZ)Guidance GCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2020-05-29 Digital Service Design Standard - NZ GovernmentThe purpose of the Standard is to provide the design thinking for anyone who designs or provides government services. It supports the government to provide public services that are easily accessible, integrated, inclusive and trusted by all New Zealanders. As a sector, the whole of government should move away from siloed and agency-centric services with low-user community input, to more open, inclusive and co-designed services. These principles form the foundation of New Zealand Government’s shift to becoming more responsive, open, citizen-centric and user-focused. The Standard supports New Zealand’s role as one of the Digital 9 (D9) leading digital nations. Keywords: #Inclusion Was: Digital Service Standard - NZ Governmenthttps://www.digital.govt.nz/standards-and-guidance/digital-service-design-standard/RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#API Guidelines Part A – API Concepts and Management 2021Government (NZ)StandardGCDO (Government Chief Digital Officer)Published 2018-07PUBLISHName2020-10-22 Effective website privacy noticesGiving notice to website visitors about how your agency collects and uses personal information is good practice. An effective approach to this task is to use a layered privacy notice, and we have recommended '10 Steps to develop a multilayered privacy notice' as a source of detailed information. Now, based upon continuing collaboration with a small group of NZ agencies who are piloting the layered notice approach, the Office of the Privacy Commissioner has published 'Questions & Answers About Layered Privacy Notices'. In the form of questions and answers, we state why a layered privacy notice can improve communication about how your agency handles personal information. It explains how layered notices structure information in a way that readers can recognise, gives reasons why the layered notice structure can meet the needs of agencies large and small, and introduces a simple process you can adopt to create your own. Collaboration with pilot agencies is not yet complete. Hence, the information shared in 'Questions and Answers' is a work in progress and may expand or change as we learn from experience. Was: New Zealand Privacy Guidelines - Effective Website Privacy Notices Guidehttps://www.privacy.org.nz/news-and-publications/guidance-resources/effective-website-privacy-notices/RecommendedPrivacy CommissionerGovernment (NZ)Guidance The Privacy CommissionerPublished Under developmentPUBLISH EN 301 549 - V2.1.2 - Accessibility requirements for ICT products and servicesEN 301 549 - V2.1.2The present document specifies the functional accessibility requirements applicable to ICT products and services, together with a description of the test procedures and evaluation methodology for each accessibility requirement in a form that is suitable for use in public procurement within Europe. The present document might be useful for other purposes such as procurement in the private sector. Was: ETSI EN 301 549 - V2.1.2 - Accessibility requirements for ICT products and serviceshttps://www.etsi.org/deliver/etsi_en/301500_301599/301549/02.01.02_60/en_301549v020102p.pdfAccepted2020-11 added as Accepted DIAGovernment (EU)StandardETSIPublished2018-08PUBLISHName2021-07-29 ESA - Emergency Services and Government Administration Core Data SpecificationThe Emergency Services and Government Administration (ESA) project was focused on improving the quality of data commonly used to define location, anywhere in New Zealand. This data is especially critical in the responses of emergency services. LINZ, NZ Police and NZ Fire Service analysed the types of information commonly required to more effectively direct officers to incidents. From this, comprehensive specifications have been developed for geocoding street addresses, road centrelines and place names. These specifications are based on the following standards published by the International Organisation for Standardisation: ISO 19101, Geographic Information - Reference Model ISO 19109, Geographic Information - Rules for Application Schema The core data needs of other government departments for the same type of location information were also considered within the specifications. The ESA standard is a recognised schema for use within the e-Government Interoperability Framework (e-GIF). The current version, v1.9.7, of the ESA Data Specification was published in September 2004, after no significant comments were received on its draft form by 31 August 2004.http://www.linz.govt.nz/about-linz/what-were-doing/projects/emergency-services-government-administration-esaRecommendedLINZGovernment (NZ)StandardLINZPUBLISH eXtensible Access Control Markup Language (XACML)XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacmlAcceptedGCDO Digital functional leadership mandate.DIAInternationalStandardOASISPUBLISH Facilitative, transitory, and/or short-term value records (GDA7)GDA7GDA7 covers generic classes of records of any format that have only short-term transitory value in their immediate and minor facilitation of preparing a more complete public record. Therefore they are not required for evidential or legal purposes. These records are created through routine administrative and business processes common to most public offices in the course of performing a public office’s primary core business functions, duties and responsibilities. GDA7 only covers those records within the scope of the above description. For all other records refer to GDA6: Common Corporate Service Public Records (DA 558) and your agency-specific disposal authority. GDA7 does not cover personal correspondence sent or received at work by a staff member as these are considered to be private records and the responsibility of the individual (e.g. family correspondence, medical appointments, lunch dates, light-hearted banter, etc.). Such records do not support or contribute to the business functions of the public office, and are therefore not considered public records under the Public Records Act 2005. GDA7 does not apply under 17/Sp7 Authority to retain public records in electronic form only, a digitised record can be retained in place of the original source record in certain circumstances. This authority comes from the Contract and Commercial Law Act 2017 (CCLA) and is an authority to retain, not to dispose. The original source record ceases to be a public record once the authority has been appropriately applied, resulting in no need for authorisation to destroy the original source record. Records staff should read the guide 17/G13 Destruction of source information after digitisation for guidance on meeting the requirements Was: 16/Sp6 GDA7: Facilitative, transitory and short-term value recordshttps://www.archives.govt.nz/manage-information/how-to-manage-your-information/disposal/disposal-processMandatedAdded as mandated. 2021-04 confirmed with Archives that this is mandatory. The Chief Archivist has to power to mandate standards for records management under the Public Records Act 2005. DIA-Archives NZhttps://www.archives.govt.nz/manage-information/how-to-manage-your-information/disposal/general-disposal-authoritiesGovernment (NZ)StandardArchives NZPublishedPUBLISHAdd2021-04-07 Federated Service Design (FSD) Integration PatternsA set of high level patterns for use when integrating and orchestrating multi-agency customer centric digital services. email request to GCDO@dia.govt.nz https://www.psi.govt.nz/home/guidance/ict-guidance/reference-architecture-and-patterns/federated-service-delivery/RecommendedThis is currently only available to NZ Government agencies on the Public Service Intranet. For non-public service agencies it can be requested via GCDO@dia.govt.nzGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#API Guidelines Part A - API Concepts and Management 2021Government (NZ)PatternGCDO (Government Chief Digital Officer)PublishedPUBLISH Federation Assurance Standard This standard provides additional controls for parties that provide credentials on which others rely. Application of this standard This standard applies to any Credential Provider (CP). The CP is accountable for the controls stated in this standard, even if they have employed or contracted aspects to other parties. Application of the controls in this standard will contribute to the reduction of identity theft, entitlement fraud, misrepresentation of abilities and the impacts that result. The scope of the requirements in this standard is explicitly related to the identification aspects of federation. It does not include considerations for security, other implementation matters or any contractual agreements.https://www.digital.govt.nz/standards-and-guidance/identification-management/identification-management-standards/federation-assurance-standard/Recommended2021-05 added as RecommendedGCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Identification Management StandardsGovernment (NZ)StandardGCDO (Government Chief Digital Officer)Published2021-03-01PUBLISHAdd2021-05-06 FTP (File Transfer Protocol)The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network. Refer to RFC 959 (October 1985) Source: Wikipediahttps://www.ssh.com/ssh/sftp/Not Accepted2020-11 made Not Accepted as NZ Govt should be using SFTP or other alternatives.In November 2020, support for the FTP protocol was deprecated in Google ChromeGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalIETF (Internet Engineering Task Force)CurrentPUBLISHUpdate2020-11-30 GEA-NZ Application and Software Services Reference TaxonomyProvides a common language for describing applications and software services.https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/government-enterprise-architecture/gea-nz-framework/dimensions-of-the-gea-nz-framework/reference-taxonomies/Recommended2020-04 added as RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGEA-NZ Framework, GEA-NZ Technolgy CategoriesGEANZ Technology Services ModelGovernment (NZ)Common LanguageGCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2020-04-02 GEANZ Application Services ModelThe GEANZ Application Services Model (working name) is a referesh of the GEA-NZ Application and Software Services Reference Taxonomy focusing on the Application services used by the business to support the GEANZ Business Capability Model.Development2023-06 added as DevelopmentGCDO Digital functional leadership mandate.DIAGEA@dia.govt.nzGEA-NZ Application and Software Services Reference TaxonomyGovernment (NZ)Common LanguageGCDO (Government Chief Digital Officer)Under DevelopmentPUBLISHAdd2023-06-20 GEANZ Business Capability ModelA new GEANZ Business Capability Model (working name) that contains Government Common Business Capabilites. The intial draft was based on merging the GEA-NZ Business Reference Taxonomy and the GEA-NZ Government Busienss Capability Model. Part of this work is tightening the focus to all of and whole of government capabilites. Development2023-06 added as DevelopmentGCDO Digital functional leadership mandate.DIAGEA@dia.govt.nzGEA-NZ Business Reference Taxonomy GEA-NZ Government Business Capability ModelGovernment (NZ)Common LanguageGCDO (Government Chief Digital Officer)Under DevelopmentPUBLISHAdd2023-06-20 GEA-NZ Business Reference TaxonomyProvides a common language for describing the business functions of the New Zealand public service.https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/government-enterprise-architecture/gea-nz-framework/dimensions-of-the-gea-nz-framework/reference-taxonomies/Recommended2020-04 added as RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGEA-NZ FrameworkGovernment (NZ)Common LanguageGCDO (Government Chief Digital Officer)Published2021-03-01PUBLISHAdd2020-04-02 GEA-NZ Data and Information Reference TaxonomyProvides a common language for describing data and information used in the New Zealand Public Service.https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/government-enterprise-architecture/gea-nz-framework/dimensions-of-the-gea-nz-framework/reference-taxonomies/Recommended2020-04 added as RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGEA-NZ FrameworkGovernment (NZ)Common LanguageGCDO (Government Chief Digital Officer)Published2021-03-01PUBLISHAdd2020-04-02 GEA-NZ Framework 2021GEA-NZ [Government Enterprise Architecture of New Zealand] is a framework to support ICT enabled transformation across government. The framework is designed to be applied at an agency, sector, and all-of-government level. GEA-NZ was developed by the Government Enterprise Architecture team as part of supporting the GCIO and then the GCDO.https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/government-enterprise-architecture/gea-nz-framework/RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGEA-NZ Reference TaxonomiesGEA-NZ Government Business Capability Model, GEA-NZ Government Business Capability Model, GEA-NZ Application and Software Services Reference Taxonomy, GEA-NZ Business Reference Taxonomy, GEA-NZ Data and Information Reference Taxonomy, GEA-NZ Infrastructure Reference TaxonomyGEANZ Framework 2023Government (NZ)FrameworkGCDO (Government Chief Digital Officer)Published2021-03-01PUBLISH GEANZ Framework 2023A proposed update to the Government Enteprise Architecture of NZ (GEANZ - pronounced as Genes as a DNA for Government Architecture). This update will be incremental and deleiver the Government Digital Architecture noted as a foundation of the Strategy for a Digital Public Service. All work delivered as part of this update will use the acronym GEANZ without the hyphen used with the earlier versions. Future Consideration2023-06 added as Future ConsiderationGCDO Digital functional leadership mandate.DIAGEA@dia.govt.nzGEANZ Application Services Model, GEANZ Business Capability Model, GEANZ Technology Services ModelGEA-NZ Framewrok 2021Government (NZ)FrameworkGCDO (Government Chief Digital Officer)BacklogPUBLISHAdd2023-06-20 GEA-NZ Government Business Capability ModelThe GEA-NZ [Government Enterprise Architecture of New Zealand] Government Business Capability Model has been developed to give agencies a head start when developing their business capability models to enable capability based planning, capability based management, as well as capability maturity assessments. A business capability model provides a link between an agencies strategy and outcomes, encompassing; its people (competencies), processes, information, and technology. it is recognised as a key enterprise architectural tool and technique for working with business stakeholders to deliver system transformation. The advantage is that is abstracts the complexity and detail to something specific and easily understood by all. It was developed by the Government Enterprise Architecture team as part of supporting the GCIO and then the GCDO.https://www.digital.govt.nz/assets/Standards-guidance/Technology-and-architecture/GEA-NZ-Goverment-Business-Capabilities-2020-December.xlsxRecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGEA-NZ FrameworkGEANZ Business Capabilities ModelGovernment (NZ)Common LanguageGCDO (Government Chief Digital Officer)Published v2.02020-12PUBLISH GEA-NZ Infrastructure Reference TaxonomyProvides a common Language for describing infrastructure used in the New Zealand Public Service.https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/government-enterprise-architecture/gea-nz-framework/dimensions-of-the-gea-nz-framework/reference-taxonomies/Recommended2020-04 added as RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGEA-NZ Framework, GEA-NZ Technolgy CategoriesGEA-NZ Technolgy Services ModelGovernment (NZ)Common LanguageGCDO (Government Chief Digital Officer)Published2021-03-01PUBLISHAdd2020-04-02 GLN (Global Location Number)Global Location Number (GLN) can be used by companies to identify their locations, giving them complete flexibility to identify any type or level of location requiredhttps://www.gs1.org/standards/id-keys/glnRecommended2020-10 Changed to Recommended from Informational as this is the source of the NZBNThe NZBN is an implementation of the GLN (Global Location Number) from GS1.MBIE#NZBN (New Zealand Business Number), #HISO 10082:2020 COVID-19 Community Based Assessment Data StandardInternationalStandardGS1CurrentPUBLISHUpdate2020-10-06 Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0This specification defines terms used throughout the OASIS Security Assertion Markup Language (SAML) specifications and related documents.https://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdfAccepted2020-02 added as Accepted. Part of the basis for the NZSAMS [New Zealand Security Assertion Messaging Standard]DIANew Zealand Security Assertion Messaging Standard [NZSAMS]InternationalStandard - TechnicalOASISOASIS Standard2005-03-15PUBLISHAdd2020-02-03 GML (Geography Markup Language)19136The OpenGIS® Geography Markup Language Encoding Standard (GML) The Geography Markup Language (GML) is an XML grammar for expressing geographical features. GML serves as a modelling language for geographic systems as well as an open interchange format for geographic transactions on the Internet. As with most XML based grammars, there are two parts to the grammar – the schema that describes the document and the instance document that contains the actual data. A GML document is described using a GML Schema. This allows users and developers to describe generic geographic data sets that contain points, lines and polygons. However, the developers of GML envision communities working to define community-specific application schemas [en.wikipedia.org/wiki/GML_Application_Schemas] that are specialized extensions of GML. Using application schemas, users can refer to roads, highways, and bridges instead of points, lines and polygons. If everyone in a community agrees to use the same schemas they can exchange data easily and be sure that a road is still a road when they view it. Clients and servers with interfaces that implement the OpenGIS® Web Feature Service Interface Standardhttps://www.ogc.org/standards/gmlFuture Consideration2023-06 Changed to Future Consideration. Waka Kotahi is no longer supporting the Asset Management Data Standard (AMDS) Location Standard. 2020-10 Changed to Accepted from Informational. This standards is also an ISO standard ISO 19136 Was referenced as part of the AMDS Location Standard but Waka Kotahi is no longer supporting that aspect of AMDS. They defer to LINZ on Location. LINZ#Asset Management Data Standard (AMDS) Location StandardISO 19136-1:2020 Geographic information — Geography Markup Language (GML) — Part 1: FundamentalInternationalStandard - TechnicalOGC (Open Geospatial Consortium)PUBLISHUpdate2023-06-19 Good practice guidance for the recording and use of personal names August 2014Status: Current [Version 2B Final August 2014] Standards Body: DIA Description: The practice guidance for the recording and use of personal names should be used by organisations wishing to improve their understanding of personal names and the quality of their personal name date. Notes: Added 2018-02-19 as advised by the author of the guidance; Joanne Knight. https://www.dia.govt.nz/diawebsite.nsf/Files/EOI/$file/guide_recording_and_use_personal_names-a.docRecommended2020-11 changed from Informational to Recommended as this is still current advise. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGovernment (NZ)GuidanceGCDO (Government Chief Digital Officer)Final2014-08PUBLISHUpdate2020-11-26 Government domain namesThe Department of Internal Affairs (DIA) manages the allocation of .govt.nz and .parliament.nz domains. This service is for all New Zealand central and local government organisations.https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/domain-names/Mandated2022-03 Added as Mandated. GCDO Digital functional leadership mandate.DIAdomains@digital.govt.nzGovernment (NZ)ProcessNZ GovernmentPublishedPUBLISHAdd2020-03-31 Guiding Principles for the use of Biometric Technologies for Government Agencies - April 2009These Guiding Principles for the Use of Biometric Technologies were produced by the Cross Government Biometrics Group (CGBG), an inter-agency group chaired by the Department of Internal Affairs. They should be used by agencies to inform decision making when considering biometric technologies for identity-related business processes. They are best applied early in the scoping, analysis and design phases of a project. Source: GEA-NZ Standards Reference Appendix - 3. Identify Information and Authentication and Access management - 1. New Zealand Government Standards and Guidance. Mature and managed. https://www.dia.govt.nz/Web/diawebsite_historical.nsf/wpg_URL/Resource-material-Guiding-Principles-for-the-Use-of-Biometric-Technologies-Index?OpenDocumentRecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGovernment (NZ)Guidance GCDO (Government Chief Digital Officer)PublishedPUBLISH Health Information Privacy Code 2020This code sets specific rules for agencies in the health sector. It covers health information collected, used, held and disclosed by health agencies and takes the place of the information privacy principles for the health sector. The Health Information Privacy Code applies to the health information about identifiable individuals and applies to: - all agencies providing personal or public health or disability services such as primary health organisations, district health boards, rest homes, supported accommodation, doctors, nurses, dentists, pharmacists and optometrists; and - some agencies that do not provide health services to individuals but which are part of the health sector such as ACC, the Ministry of Health, the Health Research Council, health insurers and professional disciplinary bodies.https://www.privacy.org.nz/privacy-act-2020/codes-of-practice/hipc2020/Mandated2020-12 added as Mandated.Privacy CommissionerHealth Information Privacy Code 1994National (NZ)StandardThe Privacy CommissionerCurrentPUBLISHAdd2020-12-01 Health information standardsWebpage contaiing the Health information standards. Published standards set requirements for the safe, secure and purposeful use and sharing of health information.https://www.tewhatuora.govt.nz/our-health-system/digital-health/health-information-standards/Recommended2023-06 Added as RecommendedTe Whatu Ora Health NZNational (NZ)CatalogueNZ GovernmentPublishedPUBLISHAdd 2023-06-19 Holistic data governanceA holistic approach to data governance brings together the top-down focus, common to traditional governance models, and an operational and bottom-up perspective. The resulting joined-up view of data governance extends across the organisation, providing the value of each perspective independently, while enabling them to complement and enhance each other.https://www.data.govt.nz/toolkit/data-governance/holistic/Recommended2021-08 added as Recommended.GCDS Data functional leadership mandate.Statistics NZGovernment (NZ)Guidance Statistics NZPublished2021-07PUBLISHAdd2021-08-02 HTML Living StandardOn 28 May 2019, the W3C announced that WHATWG would be the sole publisher of the HTML and DOM standards. The W3C and WHATWG had been publishing competing standards since 2012. While the W3C standard was identical to the WHATWG in 2007 the standards have since progressively diverged due to different design decisions. The WHATWG "Living Standard" had been the de facto web standard for some time. This is replacement for HTML5 (HyperText Markup Language Version 5).https://html.spec.whatwg.org/multipage/Recommended2020-12 added as Recommended as the The HTML Living Standard has been the defacto web standard for some time. This is instead of HTML5 (HyperText Markup Language Version 5) which has been made Informational. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzHTML5 (HyperText Markup Language Version 5)InternationalStandardWHATWGLivingPUBLISHAdd2020-12-03 HTML5 (HyperText Markup Language Version 5)HTML5 is a markup language used for structuring and presenting content on the World Wide Web. It is the fifth and current version of the HTML standard. Source: GEA-NZ Standards Reference Appendix - 1. Internet and On-line Presence - 3. International Technical Foundation Standards. GEA-NZ Standards Reference Appendix - 2. Data Integration - 3. International Technical Foundation Standards.http://www.w3.org/TR/html5/Informational2020-12 changed to Informational from Recommended as we have added HTML Living Standard as Recommended.Core internet, but moving to HTML Living StandardGCDO Digital functional leadership mandate.DIAHTML Living StandardInternationalStandardW3C (World Wide Web Consortium)Published2014-10PUBLISHUpdate2020-12-03 HTTP v1.1 (HyperText Transfer Protocol Version 1.1)The Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol for distributed, collaborative, hypertext information systems. This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations. RFC 7230 covers Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing RFC 7231 covers Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content RFC 7232 covers Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests RFC 7233 covers Hypertext Transfer Protocol (HTTP/1.1): Range Requests RFC 7234 covers Hypertext Transfer Protocol (HTTP/1.1): Caching RFC 7235 covers Hypertext Transfer Protocol (HTTP/1.1): Authentication Source: GEA-NZ Standards Reference Appendix - 1. Internet and On-line Presence - 3. International Technical Foundation Standards. GEA-NZ Standards Reference Appendix - 2. Data Integration - 3. International Technical Foundation Standards. http://httpwg.org/specs/rfc7230.htmlRecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#API Guidelines Part C - API Development 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)PublishedPUBLISH ICSM ISO19115-1 Metadata Good Practice GuideICSM ISO19115-119115The purpose of this document is to capture the consensus good practice guidance for the use of recommended ISO 19115-1 metadata elements for organisation in the Australia / New Zealand region. Further this guidance will aid the migration from the retired ANZLIC Metadata Profile of ISO 19115:2003 to the currently endorsed ISO 191125-1:2014 (including Amd.1:2018).https://icsm-au.github.io/metadata-working-group/defs/GuidanceIntroAccepted2020-11 added as Accepted as this aids migration from the retired ANZLIC Metadata Profile.Regional (Australia and NZ)Guidance ICSM (Integovernmental Committee on Surveying & Mapping)PublishedPUBLISHAdd2020-11-19 Identification management guidanceAdvice and guidance to help those implementing the identification management standards. Assessing identification risk Understand how to conduct an identification risk assessment for your service or transaction. Use this to calculate the right strength of identification processes to protect against information fabrication and identity theft. Implementing the Information Assurance Standard This guidance provides additional information and examples to aid with the understanding of and compliance with the controls in the Information Assurance Standard. Implementing the Binding Assurance Standard This guidance provides additional information and examples to aid with the understanding of and compliance with the controls in the Binding Assurance Standard. Implementing the Authentication Assurance Standard This guidance provides additional information and examples to aid with the understanding of and compliance with the controls in the Authentication Assurance standard. Using documents as evidence Additional guidance for when physical documents are used in identification processes. Authenticator types This guide describes various authenticator types and provides examples and considerations for their use. It does not prescribe the use of any specific authenticator.https://www.digital.govt.nz/standards-and-guidance/identification-management/guidance/Recommended2022-01 updated name, description, and status to Recommended and set to PUBLISHGCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Authentication Assurance Standard, #Binding Assurance Standard, #Information Assurance Standard, #Federation Assurance Standard.Government (NZ)Guidance GCDO (Government Chief Digital Officer)PublishedPUBLISHUpdate2022-01-26 Identification Management StandardsThe New Zealand Identification Management Standards work together to provide assurance that an organisation has the right information about the right entities, helping minimise the risk of identity fraud. They are the: -Information Assurance Standard -Binding Assurance Standard -Authentication Assurance Standard -Federation Assurance Standardhttps://www.digital.govt.nz/standards-and-guidance/identification-management/identification-management-standards/Recommended2021-05 added as Recommended.GCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Authentication Assurance Standard, #Binding Assurance Standard, #Federation Assurance Standard, #Information Assurance StandardGovernment (NZ)StandardGCDO (Government Chief Digital Officer)Published2021-03-01PUBLISHAdd2021-05-06 Implementing the Authentication Assurance StandardThis guidance provides additional information and examples to aid with the understanding of and compliance with the controls in the Authentication Assurance standard.https://www.digital.govt.nz/standards-and-guidance/identification-management/guidance/implementing-the-authentication-assurance-standard/https://www.digital.govt.nz/standards-and-guidance/identification-management/guidance/Recommended2022-06 added as RecommendedGCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Information Assurance Standard, #Binding Assurance Standard, #Authentication Assurance Standard. #Authentication Assurance StandardGovernment (NZ)GuidanceGCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2022-06-30 Implementing the Binding Assurance StandardThis guidance provides additional information and examples to aid with the understanding of and compliance with the controls in the Binding Assurance Standard.https://www.digital.govt.nz/standards-and-guidance/identification-management/guidance/implementing-the-binding-assurance-standard/https://www.digital.govt.nz/standards-and-guidance/identification-management/guidance/Recommended2022-06 added as RecommendedGCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Information Assurance Standard, #Binding Assurance Standard, #Authentication Assurance Standard. #Binding Assurance StandardGovernment (NZ)GuidanceGCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2022-06-30 Implementing the Federation Assurance Standardemail request to identity@dia.govt.nz https://www.digital.govt.nz/standards-and-guidance/identification-management/guidance/Development2022-06 added as DevelopmentIn developmentGCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Federation Assurance Standard, #Information Assurance Standard, #Binding Assurance Standard, #Authentication Assurance Standard. #Federation Assurance Standard.Government (NZ)GuidanceGCDO (Government Chief Digital Officer)DevelopmentPUBLISHAdd2022-06-30 Implementing the Information Assurance StandardThis guidance provides additional information and examples to aid with the understanding of and compliance with the controls in the Information Assurance Standard.https://www.digital.govt.nz/standards-and-guidance/identification-management/guidance/implementing-the-information-assurance-standard/https://www.digital.govt.nz/standards-and-guidance/identification-management/guidance/Recommended2022-06 added as RecommendedGCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Information Assurance Standard, #Binding Assurance Standard, #Authentication Assurance Standard. #Information Assurance StandardGovernment (NZ)GuidanceGCDO (Government Chief Digital Officer)PublishedPUBLISHAdd2022-06-30 Information and records management standard (16/S1)Description: The Information and records management standard, released in July 2016, is designed to assist organisations to meet their obligations under the Public Records Act 2005 (the Act). It establishes principles for efficient and systematic information and records management, and the minimum compliance requirements. https://records.archives.govt.nz/resources-and-guides/information-and-records-management-standard/Mandated2020-01 Changed to Mandated from Recommended as this is a mandated standard by The Chief Archivist under the Public Records Act (PRA)This is guidance produced by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZGovernment (NZ)StandardArchives NZCurrentPUBLISHUpdate2020-01-08 Information and records management standard Implementation guide (16/G8)Description: The guide is updated every quarter and is designed to help organisation understand and apply the requirements of the standard by listing the minimum compliance requirements for each of the three principles of the standard, an explanation for each requirement, and key guidelines for implementing the requirements.https://records.archives.govt.nz/home/the-information-and-records-management-standard/RecommendedThis is guidance produced by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZGovernment (NZ)GuidanceArchives NZCurrentPUBLISH Information Asset Catalogue TemplateAn Excel template and a guideline document have been developed collaboratively with agencies. This template is intended as a starting point for agencies to create an Information Asset Catalogue, or Register. Development and maintenance of an information asset catalogue is a key milestone in: - managing information as an asset - demonstrating Data Information Governance and Maturity. - meeting the Information and Records Management Standard.https://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/guidance-and-resources/architecture/information-asset-catalogue-template/index.htmlInformational2022-03 changed to Informational. 2020-05 added as Recommended.GCDO do not lead for data so any guide or standard should comes from Stats GCDSGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGovernment (NZ)ToolGCDO (Government Chief Digital Officer)PUBLISHAdd2020-05-28 Information Assurance StandardThis standard provides specific information management controls to ensure information collected is suitable for accurate decisions to be made regarding the eligibility or capability of an Entity. Application of this standard Application of the controls in this standard will contribute to the reduction of identity theft, entitlement fraud, misrepresentation of abilities and the impacts that result.https://www.digital.govt.nz/standards-and-guidance/identification-management/identification-management-standards/information-assurance-standard/Recommended2021-05 Changed to Recommended 2020-09 added as DevelopmentGCDO Digital functional leadership mandate.DIAIdentity@dia.govt.nz#Identification Management Standards#Identification management guidanceThe requirements outlined in Table 8 of the Evidence of Identity Standard (EOI) Standard version 2.0 — Dec 2009 relating to Objective A — Identity exists.Government (NZ)StandardGCDO (Government Chief Digital Officer)Published2021-03-01PUBLISHUpdate2021-05-06 Information Privacy Principles (Privacy Act 2020)The Privacy Act 2020 has thirteen information privacy principles. Principle 1 - Purpose for collection Principle 2 - Source of information Principle 3 - What to tell an individual Principle 4 - Manner of collection Principle 5 - Storage and security Principle 6 - Access Principle 7 - Correction Principle 8 - Accuracy Principle 9 - Retention Principle 10 - Use Principle 11 - Disclosure Principle 12 - Disclosure outside New Zealand Principle 13 - Unique identifiershttps://privacy.org.nz/privacy-act-2020/privacy-principles/Mandated2020-12 added as Mandated as the new Privacy Act 2020 came into force on the 1st of December 2020Privacy CommissionerInformation Privacy Principles (Privacy Act 1993)National (NZ)PrinciplesParliamentPublishedPUBLISHAdd2020-12-01 International Open Data CharterThe six Charter principles were developed in 2015 by governments, civil society, and experts around the world to represent a globally-agreed set of aspirational norms for how to publish data.https://opendatacharter.net/principles/Recommended2020-05 added as Recommended.GCDS Data functional leadership mandate.Statistics NZInternationalPrinciplesThe Open Data CharterPUBLISHAdd2020-05-29 Internet Protocol version 6 (IPv6) for New Zealand Government New Zealand Government will need to transition to IPv6 so government websites, and All-of-Government (AoG) cloud computing Common Capabilities remain fully accessible and compliant with international standardshttps://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/guidance-and-resources/architecture/internet-protocol-version-6-for-new-zealand-government/index.htmlRecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#IPv6 (Internet Protocol version 6), #IPv4 (Internet Protocol version 4)Government (NZ)Guidance GCDO (Government Chief Digital Officer)PublishedPUBLISH Investment ManagementThe Treasury is the lead on investment management (and asset management) in the State sector. Link: http://www.treasury.govt.nz/statesector/investmentmanagementhttp://www.treasury.govt.nz/statesector/investmentmanagementRecommendedThe TreasuryGovernment (NZ)Guidance The TreasuryCabinet Circular CO(15)5, Investment Management and Asset Performance in the State Services, takes effect from 1 July 2015PUBLISH IPv4 (Internet Protocol version 4)Internet Protocol version 4 (IPv4 or IP v4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet, and was the first version deployed for production in the ARPANET in 1983. It still routes most Internet traffic today, despite the ongoing deployment of a successor protocol, IPv6. IPv4 is described in IETF publication RFC 791 (September 1981), replacing an earlier definition (RFC 760, January 1980). https://tools.ietf.org/html/draft-howard-sunset4-v4historic-00AcceptedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#Internet Protocol version 6 (IPv6) for New Zealand Government InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Historic but in current use.PUBLISH IPv6 (Internet Protocol version 6)Internet Protocol version 6 (IPv6 or IP v6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4. Source: GEA-NZ Standards Reference Appendix - 1. Internet and On-line Presence - 3. International Technical Foundation Standards. GEA-NZ Standards Reference Appendix - 2. Data Integration - 3. International Technical Foundation Standards. https://tools.ietf.org/html/rfc3513RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#Internet Protocol version 6 (IPv6) for New Zealand Government InternationalStandard - TechnicalIETF (Internet Engineering Task Force)CurrentPUBLISH ISO 15489-1:2016 Information and documentation -- Records management -- Part 1: Concepts and principlesISO 15489-1:201615489ISO 15489-1:2016 defines the concepts and principles from which approaches to the creation, capture and management of records are developed. This part of ISO 15489 describes concepts and principles relating to the following: a) records, metadata for records and records systems; b) policies, assigned responsibilities, monitoring and training supporting the effective management of records; c) recurrent analysis of business context and the identification of records requirements; d) records controls; e) processes for creating, capturing and managing records. ISO 15489-1:2016 applies to the creation, capture and management of records regardless of structure or form, in all types of business and technological environments, over time.https://www.iso.org/standard/62542.htmlRecommendedRecommended by Archives NZ This standard is referenced in the 16/G8 Implementation Guide to the 16/S1 Record Management Standard. This is a standard produced by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZ#16/G8 Implementation GuideISO 15489-1:2001 Information and documentation — Records management — Part 1: GeneralInternationalStandardISOPublishedPUBLISH ISO 19101-1:2014 Geographic information — Reference model — Part 1: FundamentalsISO 19101-1:2014 19101ISO 19101-1:2014 defines the reference model for standardization in the field of geographic information. This reference model describes the notion of interoperability and sets forth the fundamentals by which this standardization takes place. Although structured in the context of information technology and information technology standards, ISO 19101-1:2014 is independent of any application development method or technology implementation approach.https://www.iso.org/standard/59164.htmlFuture Consideration2023-06 Changed to Future Consideration. Waka Kotahi is no longer supporting the Asset Management Data Standard (AMDS) Location Standard. 2021-03 Changed to Accepted from Informational as referenced by the AMDS location standard. 2018-10 Added as InformationalWas referenced as part of the AMDS Location Standard but Waka Kotahi is no longer supporting that aspect of AMDS. They defer to LINZ on Location. LINZ#Asset Management Data Standard (AMDS) Location StandardAS/NZS ISO 19101.1:2015 Geographic information - Reference model - Part 1: FundamentalsInternationalStandardISOPublished2014-11PUBLISHUpdate2023-06-19 ISO 19104:2016 Geographic information - TerminologyISO 19104:2016 19104Description: This standard specifies requirements for the collection, management and publication of geographic information terminology. The scope includes - selection of concepts, harmonization of concepts and development of concept systems, - structure and content of terminological entries, - term selection, - definition preparation, - cultural and linguistic adaptation, - layout and formatting requirements in rendered documents, and - establishment and management of terminology registers. Resources A Multi-Lingual Glossary of Terms is maintained which is derived from all the standards within the ISO 19100 suite. Its purpose is to encourage consistency in the use and interpretation of geospatial terms. The latest version of the glossary is accessible here www.isotc211.org/Terminology.htm https://www.iso.org/standard/63541.htmlAcceptedStatus Accepted geographic standard as per information from LINZ in 2018. Note: Australia have their own national version AS ISO 19104:2018 Geographic information - Terminology. Missed opportunity to link with Standards Australia for a regional standard see AS ISO 19104:2018NZ IRG for Geospatial informationISO/TS 19104:2008 Geographic information — TerminologyAS ISO 19104:2018 Geographic information - TerminologyInternationalStandard - TechnicalISOPublished2016-10PUBLISH ISO 19130-1:2018 Geographic information — Imagery sensor models for geopositioning — Part 1: FundamentalsISO 19130-1:2018 19130This document identifies the information required to determine the relationship between the position of a remotely sensed pixel in image coordinates and its geoposition. It supports exploitation of remotely sensed images. It defines the metadata to be distributed with the image to enable user determination of geographic position from the observations. This document specifies several ways in which information in support of geopositioning can be provided. a) It may be provided as a sensor description with the associated physical and geometric information necessary to rigorously construct a PSM. For the case where precise geoposition information is needed, this document identifies the mathematical equations for rigorously constructing PSMs that relate 2D image space to 3D ground space and the calculation of the associated propagated errors. This document provides detailed information for three types of passive electro-optical/ IR sensors (frame, pushbroom and whiskbroom) and for an active microwave sensing system SAR. It provides a framework by which these sensor models can be extended to other sensor types. b) It can be provided as a TRM, using functions whose coefficients are based on a PSM so that they provide information for precise geopositioning, including the calculation of errors, as precisely as the PSM they replace. c) It can be provided as a CM that provides a functional fitting based on observed relationships between the geopositions of a set of GCPs and their image coordinates. d) It can be provided as a set of GCPs that can be used to develop a CM or to refine a PSM or TRM. This document does not specify either how users derive geoposition data or the format or content of the data the users generate.https://www.iso.org/standard/66847.htmlAccepted2020-11 changed to Accepted from Informational as this replaced ISO 19130:2010 which was part of the Geospatial standards model developed with LINZ. 2019-10 added as Informational. NZ IRG for Geospatial informationISO 19130:2010 Geographic information - Imagery sensor models for geopositioningInternationalStandard - TechnicalISOPublished2018-09PUBLISHUpdate2020-11-17 ISO 19148:2021 Geographic information — Linear referencingISO 19148:202119148This document specifies a conceptual schema for locations relative to a one-dimensional object as measurement along (and optionally offset from) that object. It defines a description of the data and operations required to use and support linear referencing. This document is applicable to transportation, utilities, environmental protection, location-based services and other applications which define locations relative to linear objects. For ease of reading, most examples discussed in this document come from the transportation domain.https://www.iso.org/standard/75150.htmlFuture Consideration2023-06 Changed to Future Consideration. Waka Kotahi is no longer supporting the Asset Management Data Standard (AMDS) Location Standard. 2021-11 changed status to Recommended. 2020-10 changed from Informational to Development Was referenced as part of the AMDS Location Standard but Waka Kotahi is no longer supporting that aspect of AMDS. They defer to LINZ on Location. LINZ#Asset Management Data Standard (AMDS) Location StandardISO 19148:2012 Geographic information -- Linear referencingInternationalStandard - TechnicalISOPublished2021-04PUBLISHUpdate2023-06-19 ISO 19150-4:2019 Geographic information — Ontology — Part 4: Service ontologyISO 19150-4:2019 19150This document sets a framework for geographic information service ontology and the description of geographic information Web services in Web Ontology Language (OWL). OWL is the language adopted for ontologies. This document makes use of service metadata (ISO 19115-1) and service definitions (ISO 19119) whenever appropriate. This document does not define semantics operators, rules for ontologies, and does not develop any application ontology. In relation to ISO 19101-1:2014, 6.2, this document defines and formalizes the following purpose of the ISO geographic information reference model: — geographic information service components and their behaviour for data processing purposes over the Web, and — OWL ontologies to cast ISO/TC 211 standards to benefit from and support the Semantic Web. In relation to ISO 19101-1:2014, 8.3, this document addresses the Meta:Service foundation of the ISO geographic information reference model.https://www.iso.org/standard/72177.htmlFuture Consideration2023-06 set PUBLISH to Yes 2021-11 set PUBLISH to No 2020-11 changed from Informational to Future Consideration as could be used in the AMDS Location standard.Was referenced as future consideration as part of the AMDS Location Standard but Waka Kotahi is no longer supporting that aspect of AMDS. They defer to LINZ on Location. LINZ#Asset Management Data Standard (AMDS) Location StandardInternationalStandard - TechnicalISOPublished2019-05PUBLISHUpdate2023-06-19 ISO 19155-2:2017 Geographic information — Place Identifier (PI) architecture — Part 2: Place Identifier (PI) linkingISO 19155-2:2017 19155ISO 19155-2:2017 defines the following three mechanisms for linking Place Identifiers (PIs) (see ISO 19155) to features or objects existing in other encodings: - Id attribute of a GML object (gml:id) as defined in ISO 19136; - Universally Unique Identifier (UUID) as defined in IETF RFC 4122; - Uniform Resource Locator (URL) as defined in IETF RFC 1738. These PI linking mechanisms are enabled using xlink:href as defined in W3C XML Linking Language (XLink). While the identifiers of these features or objects can sometimes identify a place, within the scope of this document, the identifiers of features or objects existing in other encoding domains are referred to conceptually as other identifiers. This document further defines that when PIs are encoded, as specified in ISO 19155, using the Geography Markup Language (GML) (ISO 19136), they are linked using gml:id to other GML encoded features. The details of encoding GML instances using gml:id are specified in a normative annex. Additional normative annexes define encodings for linking Place Identifiers to other identifiers using UUID and URL and present examples for their use. ISO 19155-2:2017 is applicable to location-based services, linked open data, robotic assisted services and other application domains that require a relationship between PIs and objects in either the real or virtual world. ISO 19155-2:2017 is not about creating a registry of Place Identifiers linked to specific features or objects, and support of linking mechanisms other than gml:id, UUID, and URL is out of the scope of this document.https://www.iso.org/standard/63593.htmlAccepted2020-11 changed from Informational to Accepted as this is part of the Geospatial standards model created with LINZ This is a standard where there is an Australian national standard AS ISO 19155.2:2018 not linked to NZ. NZ IRG for Geospatial informationAS ISO 19155.2:2018 Geographic information - Place Identifier (PI) architecture, Part 2: Place Identifier (PI) linkingInternationalStandard - TechnicalISOPublished2017-08PUBLISHUpdate2020-11-17 ISO 19160-1:2015 Addressing -- Part 1: Conceptual modelISO 19160-1:2015 19160ISO 19160-1:2015 defines a conceptual model for address information (address model), together with the terms and definitions that describe the concepts in the model. Lifecycle, metadata, and address aliases are included in the conceptual model. The model is presented in the Unified Modelling Language (UML). The model provides a common representation of address information, independent of actual addressing implementations. It is not intended to replace conceptual models proposed in other specifications, but provides a means to cross-map between different conceptual models for address information and enables the conversion of address information between specifications. The model provides a basis for developing address specifications by individual countries or communities.https://www.iso.org/standard/61710.htmlhttps://www.iso.org/obp/ui/#iso:std:iso:19160:-1:ed-1:v1:enMandated2020-11 need to review and update the Street Address Data Content Requirement which mandates this standard as there is a regional adoption AS/NZS ISO 19160.1:2018, and there is the Address: Conceptual Model for New Zealand - The New Zealand Profile of ISO 19160-1:2015, Addressing – Part 1: Conceptual Model which is the NZ profile of this standardLINZ#Street address data content requirement, #New Zealand’s draft Profile of ISO 19160-1:2015 Addressing – Part 1: Conceptual ModelAS/NZS ISO 19160.1:2018 Addressing - Part 1: Conceptual model New Zealand’s draft Profile of ISO 19160-1:2015 Addressing – Part 1: Conceptual Model InternationalStandard - TechnicalISOPublished2015-122021PUBLISHUpdate2020-07-10 ISO 22301:2019 Security and resilience — Business continuity management systems — RequirementsISO 22301:2019 22301This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity. This document is applicable to all types and sizes of organizations that: a) implement, maintain and improve a BCMS; b) seek to ensure conformity with stated business continuity policy; c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption; d) seek to enhance their resilience through the effective application of the BCMS. This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.https://www.iso.org/standard/75106.htmlAccepted2020-09 Changed to Accepted from Recommended. Note NZISM references a standard when it is the source of a control, and does not indicate an endorsement. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceISO 22301:2012 Societal security — Business continuity management systems — RequirementsInternationalStandard - TechnicalISOPublished2019-10PUBLISHUpdate2020-09-15 ISO 23081-2:2009 Information and documentation -- Managing metadata for records - Part 2: Conceptual and implementation issuesISO 23081-2:200923081Description: ISO/TS 23081-2:2009 establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1:2006. The purpose of this framework is to: - to enable standardized description of records and critical contextual entities for records, - to provide common understanding of fixed points of aggregation to enable interoperability of records, and information relevant to records, between organizational systems, - to enable re-use and standardization of metadata for managing records over time, space and across applications. It further identifies some of the critical decision points that need to be addressed and documented to enable implementation of metadata for managing records. It aims: - to identify the issues that need to be addressed in implementing metadata for managing records, - to identify and explain the various options for addressing the issues, and - to identify various paths for making decisions and choosing options in implementing metadata for managing records.https://www.iso.org/standard/50863.htmlRecommended2021-01 confirmed with Archives that this should be recommended. Curretly their guidance references the 2007 version. Changed to Recommended from Informational. This standard is recommended by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZISO/TS 23081-2:2007 Information and documentation — Records management processes — Metadata for records — Part 2: Conceptual and implementation issuesInternationalStandard - TechnicalISOPublished2009-072014PUBLISHAdd2019-10-21 ISO 31000:2018 Risk management – GuidelinesISO 31000:201831000Provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance. Supersedes: ISO 31000:2009 Risk management -- Principles and guidelines Related: AS ISO 31000:2018 Risk management – Guidelines, DR AS/NZS ISO 31000:2018 Risk management—Guidelineshttps://www.iso.org/standard/65694.htmlhttps://www.iso.org/obp/ui#iso:std:iso:31000:ed-2:v1:enRecommended2020-10 Changed to Accepted as this is the latest international standard on risk, whereas the still current AS/NZS ISO 31000:2009 is based on the older standard. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#NZISM 1.1.63. Additional GuidanceISO 31000:2009 Risk management -- Principles and guidelinesAS ISO 31000:2018 Risk management—GuidelinesInternationalStandard - TechnicalISOPublished2018-02PUBLISHUpdate2020-10-05 ISO 8000-61:2016 Data quality — Part 61: Data quality management: Process reference modelISO 8000-61:20168000ISO 8000-61:2016 specifies the processes required for data quality management. The processes are used as a reference to enhance data quality and assess process capability or organizational maturity for data quality management.ISO - ISO 8000-61:2016 - Data quality — Part 61: Data quality management: Process reference modelAccepted2021-10 added as Accepted.GCDS Data functional leadership mandate.Statistics NZ#Data Quality Assessment Framework - Guide to related standardsInternationalStandard - TechnicalISOPublished2016-11PUBLISHAdd2021-10-29 ISO 8000-62:2018 Data quality — Part 62: Data quality management: Organizational process maturity assessment: Application of standards relating to process assessmentISO 8000-62:20188000This document specifies particular elements of a maturity model. These elements conform to ISO/IEC 33004. Organizations can use these elements in combination with their own assessment indicators to determine the maturity level of processes for data quality management as specified by ISO 8000‑61. The following are within the scope of this document: - some of the elements of a model for assessing organizational process maturity; - identifying those elements that exist in other standards (process capability levels, process attributes, ordinal scale for measuring process attributes and the scheme for derivation of process capability levels from process attribute rating); - specifying six maturity levels and process profiles to indicate when organizations have achieved each of the maturity levels; - providing guidance on how to assess the maturity level of an organization. Methods or procedures to improve organizational maturity are outside the scope of this document. This document can be used by the organization itself or by another party (including certification bodies) to perform assessment of the maturity. This document can be used in conjunction with, or independently of, quality management systems standards.ISO - ISO 8000-62:2018 - Data quality — Part 62: Data quality management: Organizational process maturity assessment: Application of standards relating to process assessmentAccepted2021-10 added as Accepted.GCDS Data functional leadership mandate.Statistics NZ#Data Quality Assessment Framework - Guide to related standardsInternationalStandard - TechnicalISOPublished2018-09PUBLISHAdd2021-10-29 ISO 8601-1:2019 Date and time — Representations for information interchange — Part 1: Basic rulesISO 8601-1:20198601This document specifies representations of dates of the Gregorian calendar and times based on the 24-hour clock, as well as composite elements of them, as character strings for use in information interchange. It is also applicable for representing times and time shifts based on Coordinated Universal Time (UTC). This document excludes the representation of date elements from non-Gregorian calendars or times not from the 24-hour clock. This document does not address character encoding of representations specified in this document.https://www.iso.org/standard/70907.htmlMandated2020-09 changed from Future Consideration to Accepted. As a general principle current International ISO standards are Accepted for use by the NZ government.This has been a NZ interoperability data and time format standard for over 10 years.GCDS Data functional leadership mandate.Statistics NZ#Date of birth data mandated standardISO 8601:2004 Data elements and interchange formats — Information interchange — Representation of dates and timesInternationalStandard - TechnicalISOPublished2019-02PUBLISHUpdate2020-09-07 ISO Guide 73:2009 Risk Management -- Vocabulary ISO Guide 73:200973ISO Guide 73:2009 provides the definitions of generic terms related to risk management. It aims to encourage a mutual and consistent understanding of, and a coherent approach to, the description of activities relating to the management of risk, and the use of uniform risk management terminology in processes and frameworks dealing with the management of risk. ISO Guide 73:2009 is intended to be used by: those engaged in managing risks, those who are involved in activities of ISO and IEC, and developers of national or sector-specific standards, guides, procedures and codes of practice relating to the management of risk. For principles and guidelines on risk management, reference is made to ISO 31000:2009. https://www.iso.org/standard/44651.htmlAccepted2020-11 changed to Accepted from Informational as referenced in the NZISM 1.1.63. Additional GuidanceGCDO Digital functional leadership mandate.DIA#NZISM 1.1.63. Additional GuidanceInternationalStandard - TechnicalISOPublished2009-112016PUBLISHUpdate2020-11-19 ISO/IEC 11770-1:2010 Information technology -- Security techniques -- Key management -- Part 1: FrameworkISO/IEC 11770-1:201011770ISO/IEC 11770-1:2010 defines a general model of key management that is independent of the use of any particular cryptographic algorithm. However, certain key distribution mechanisms can depend on particular algorithm properties, for example, properties of asymmetric algorithms. ISO/IEC 11770-1:2010 contains the material required for a basic understanding of subsequent parts. Examples of the use of key management mechanisms are included in ISO 11568. If non-repudiation is required for key management, ISO/IEC 13888 is applicable. ISO/IEC 11770-1:2010 addresses both the automated and manual aspects of key management, including outlines of data elements and sequences of operations that are used to obtain key management services. However it does not specify details of protocol exchanges that might be needed. As with other security services, key management can only be provided within the context of a defined security policy. The definition of security policies is outside the scope of ISO/IEC 11770. The fundamental problem is to establish keying material whose origin, integrity, timeliness and (in the case of secret keys) confidentiality can be guaranteed to both direct and indirect users. Key management includes functions such as the generation, storage, distribution, deletion and archiving of keying material in accordance with a security policy (ISO 7498-2). ISO/IEC 11770-1:2010 has a special relationship to the security frameworks for open systems (ISO/IEC 10181). All the frameworks, including this one, identify the basic concepts and characteristics of mechanisms covering different aspects of security.https://www.iso.org/standard/53456.html?browse=tcAccepted2020-09 changed to Accepted from Informational. Referenced by GCSB in the NZISMGCISO information security functional leadership mandate.GCSBInternationalStandard - TechnicalISOPublished2010-122016PUBLISHUpdate2020-09-16 ISO/IEC 11770-2:2018 IT Security techniques -- Key management -- Part 2: Mechanisms using symmetric techniquesISO/IEC 11770-2:2018 11770This document defines key establishment mechanisms using symmetric cryptographic techniques. This document addresses three environments for the establishment of keys: Point-to-Point, Key Distribution Centre (KDC), and Key Translation Centre (KTC). It describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established. This document does not indicate other information which can be contained in the messages or specify other messages such as error messages. The explicit format of messages is not within the scope of this document. This document does not specify the means to be used to establish initial secret keys; that is, all the mechanisms specified in this document require an entity to share a secret key with at least one other entity (e.g. a TTP). For general guidance on the key lifecycle, see ISO/IEC 11770-1. This document does not explicitly address the issue of inter-domain key management. This document also does not define the implementation of key management mechanisms; products complying with this document are not necessarily compatible.https://www.iso.org/standard/73207.html?browse=tcAccepted2020-09 changed to Accepted from Informational. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceISO/IEC 11770-2:2008 Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniquesInternationalStandard - TechnicalISOPublished2018-01PUBLISHUpdate2020-09-16 ISO/IEC 11770-3:2015 Information technology -- Security techniques -- Key management -- Part 3: Mechanisms using asymmetric techniquesISO/IEC 11770-3:201511770Corrigenda/Amendments: ISO/IEC 11770-3:2015/Amd 1:2017, and ISO/IEC 11770-3:2015/Cor 1:2016 Description: ISO/IEC 11770-3:2015 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals: a) establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is computed as the result of a data exchange between the two entities A and B. Neither of them should be able to predetermine the value of the shared secret key; b) establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques; and c) make an entity's public key available to other entities via key transport. In a public key transport mechanism, the public key of entity A shall be transferred to other entities in an authenticated way, but not requiring secrecy. Some of the mechanisms of ISO/IEC 11770-3:2015 are based on the corresponding authentication mechanisms in ISO/IEC 9798‑3. ISO/IEC 11770-3:2015 does not cover certain aspects of key management, such as key lifecycle management, mechanisms to generate or validate asymmetric key pairs, and mechanisms to store, archive, delete, destroy, etc. keys. While ISO/IEC 11770-3:2015 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means such as smart cards, etc. ISO/IEC 11770-3:2015 does not specify the transformations used in the key management mechanisms.https://www.iso.org/standard/60237.html?browse=tcAccepted2020-09 changed to Accepted from Informational. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceInternationalStandard - TechnicalISOPublished2015-08PUBLISHUpdate2020-09-16 ISO/IEC 11770-4:2017 Information technology -- Security techniques -- Key management -- Part 4: Mechanisms based on weak secretsISO/IEC 11770-4:201711770Corrigenda/Amendments: ISO/IEC 11770-4:2017/DAmd 1, and ISO/IEC 11770-4:2017/PDAM 2 Description: ISO/IEC 11770-4:2017 defines key establishment mechanisms based on weak secrets, i.e. secrets that can be readily memorized by a human, and hence, secrets that will be chosen from a relatively small set of possibilities. It specifies cryptographic techniques specifically designed to establish one or more secret keys based on a weak secret derived from a memorized password, while preventing offline brute-force attacks associated with the weak secret. ISO/IEC 11770-4:2017 is not applicable to the following aspects of key management: - life-cycle management of weak secrets, strong secrets, and established secret keys - mechanisms to store, archive, delete, destroy, etc. weak secrets, strong secrets, and established secret keys.https://www.iso.org/standard/67933.html?browse=tcAccepted2020-09 changed to Accepted from Informational. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceInternationalStandard - TechnicalISOPublished2017-11PUBLISHUpdate2020-09-16 ISO/IEC 11770-5:2011 Information technology -- Security techniques -- Key management -- Part 5: Group key managementISO/IEC 11770-5:201111770ISO/IEC 11770-5:2011 specifies key establishment mechanisms for multiple entities to provide procedures for handling cryptographic keying material used in symmetric or asymmetric cryptographic algorithms according to the security policy in force. It defines the symmetric key based key establishment mechanisms for multiple entities with a key distribution centre (KDC), and defines symmetric key establishment mechanisms based on general tree based structure with both individual rekeying and batched rekeying. It also defines key establishment mechanisms based on key chain with both unlimited forward key chain and limited forward key chain. Both key establishment mechanisms can be combined by applications. ISO/IEC 11770-5:2011 also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.https://www.iso.org/standard/54527.html?browse=tcAccepted2020-09 changed to Accepted from Informational. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceInternationalStandard - TechnicalISOPublished2011-122017PUBLISHUpdate2020-09-16 ISO/IEC 11770-6:2016 Information technology -- Security techniques -- Key management -- Part 6: Key derivationISO/IEC 11770-6:201611770ISO/IEC 11770-6:2016 specifies key derivation functions, i.e. functions which take secret information and other (public) parameters as input and output one or more "derived" secret keys. Key derivation functions based on MAC algorithms and on hash-functions are specified.https://www.iso.org/standard/65275.html?browse=tcAccepted2020-09 changed to Accepted from Informational. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceInternationalStandard - TechnicalISOPublished 2016-10PUBLISHUpdate2020-09-16 ISO/IEC 13249-3:2016 Information technology — Database languages — SQL multimedia and application packages — Part 3: SpatialISO/IEC 13249-3:201613249ISO/IEC 13249-3:2016 ISO/IEC 13249-3:2011 defines spatial user-defined types, routines and schemas for generic spatial data handling. It addresses the need to store, manage and retrieve information based on aspects of spatial data such as geometry, location and topology. a) defines concepts specific to this part of ISO/IEC 13249, b) defines spatial user-defined types and their associated routines.https://www.iso.org/standard/60343.htmlFuture Consideration2023-06 Changed to Future Consideration. Waka Kotahi is no longer supporting the Asset Management Data Standard (AMDS) Location Standard. 2020-10 added as Accepted as this is used in the AMDS location standard.Was referenced as part of the AMDS Location Standard but Waka Kotahi is no longer supporting that aspect of AMDS. They defer to LINZ on Location. LINZ#Asset Management Data Standard (AMDS) Location StandardInternationalStandard - TechnicalISOPublished2016-01PUBLISHAdd2020-10-19 ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general modelISO/IEC 15408-1:200915408ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.https://www.iso.org/standard/50341.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c050341_ISO_IEC_15408-1_2009.zipAcceptedNeed to confirm status with GCSB as NZISM references a standard when it is the source of a control, and does not indicate an endorsement. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceISO/IEC CD 15408-1.3 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general modelInternationalStandard - TechnicalISOPublished 2009-122015PUBLISHUpdate2020-09-15 ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional componentsISO/IEC 15408-2:200815408ISO/IEC 15408-2:2008 defines the content and presentation of the security functional requirements to be assessed in a security evaluation using ISO/IEC 15408. It contains a comprehensive catalogue of predefined security functional components that will meet most common security needs of the marketplace. These are organized using a hierarchical structure of classes, families and components, and supported by comprehensive user notes.https://www.iso.org/standard/46414.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c046414_ISO_IEC_15408-2_2008.zipAcceptedNeed to confirm status with GCSB as NZISM references a standard when it is the source of a control, and does not indicate an endorsement. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceISO/IEC 15408-2 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional componentsInternationalStandard - TechnicalISOPublished 2008-082014PUBLISHUpdate2020-09-15 ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance componentsISO/IEC 15408-3:200815408ISO/IEC 15408-3:2008 defines the assurance requirements of the evaluation criteria. It includes the evaluation assurance levels that define a scale for measuring assurance for component targets of evaluation (TOEs), the composed assurance packages that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of protection profiles and security targets.https://www.iso.org/standard/46413.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c046413_ISO_IEC_15408-3_2008.zipAcceptedNeed to confirm status with GCSB as NZISM references a standard when it is the source of a control, and does not indicate an endorsement. GCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional GuidanceISO/IEC 15408-3 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance componentsInternationalStandard - TechnicalISOPublished 2008-082014PUBLISHUpdate2020-09-15 ISO/IEC 17788:2014 Information technology — Cloud computing — Overview and vocabularyISO/IEC 17788:201417788ISO/IEC 17788:2014 provides an overview of cloud computing along with a set of terms and definitions. It is a terminology foundation for cloud computing standards. ISO/IEC 17788:2014 is applicable to all types of organizations (e.g., commercial enterprises, government agencies, not-for-profit organizations).https://www.iso.org/standard/60544.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c060544_ISO_IEC_17788_2014.zipAccepted2022-03 set to Accepted as listed in NZISM 22.1.17. 2021-11 set PUBLISH to No 2020-11 changed from Informational to Future Consideration as these could be useful as the Cloud guidance and advice is refreshed.GCISO information security functional leadership mandate.GCSB#NZISM 22.1.17. further information on Cloud InternationalStandard - TechnicalISOPublished2014-102021PUBLISHUpdate2022-03-21 ISO/IEC 17789:2014 Information technology — Cloud computing — Reference architectureISO/IEC 17789:2014 17789ISO/IEC 17789:2014 specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships.https://www.iso.org/standard/60545.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c060545_ISO_IEC_17789_2014.zipAccepted2022-03 set to Accepted as listed in NZISM 22.1.17. 2021-11 set PUBLISH to No 2020-11 changed from Informational to Future Consideration as these could be useful as the Cloud guidance and advice is refreshed.GCISO information security functional leadership mandate.GCSB#NZISM 22.1.17. further information on Cloud InternationalStandard - TechnicalISOPublished2014-102021PUBLISHUpdate2022-03-21 ISO/IEC 17826:2012 Information technology — Cloud Data Management Interface (CDMI)ISO/IEC 17826:201217826ISO/IEC 17826:2012 specifies the interface to access cloud storage and to manage the data stored therein. It is applicable to developers who are implementing or using cloud storage.https://www.iso.org/standard/60617.htmlAccepted2022-03 Added as Infornational as while it is listed in NIST 22.1.18. References - this standard has been superseded. Richard Bain advised.GCISO information security functional leadership mandate.GCSBhttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/help/cloud-capabilities-network/#:~:text=If%20you%E2%80%99re%20part%20of%20a%20government%20organisation%2C%20join,cloud%20maturity%2C%20the%20CCN%20helps%20by%20making%20available%3A#NIST 22.1.18. References - StandardsISO/IEC 17826:2016 Information technology — Cloud Data Management Interface (CDMI)InternationalStandard - TechnicalISOWithdrawn2012-11PUBLISHAdd2022-03-21 ISO/IEC 18004:2015 Information technology — Automatic identification and data capture techniques — QR Code bar code symbology specificationISO/IEC 18004:201518004ISO/IEC 18004:2015 defines the requirements for the symbology known as QR Code. It specifies the QR Code symbology characteristics, data character encoding methods, symbol formats, dimensional characteristics, error correction rules, reference decoding algorithm, production quality requirements, and user-selectable application parameters.https://www.iso.org/standard/62021.htmlAccepted2020-10 added as Accepted.MBIE?InternationalStandard - TechnicalISOPublished2015-02PUBLISHAdd2020-10-06 ISO/IEC 19086-1:2016 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and conceptsISO/IEC 19086-1:201619086ISO/IEC 19086-1:2016 seeks to establish a set of common cloud SLA building blocks (concepts, terms, definitions, contexts) that can be used to create cloud Service Level Agreements (SLAs). This document specifies a) an overview of cloud SLAs, b) identification of the relationship between the cloud service agreement and the cloud SLA, c) concepts that can be used to build cloud SLAs, and d) terms commonly used in cloud SLAs. ISO/IEC 19086-1:2016 is for the benefit and use of both cloud service providers and cloud service customers. The aim is to avoid confusion and facilitate a common understanding between cloud service providers and cloud service customers. Cloud service agreements and their associated cloud SLAs vary between cloud service providers, and in some cases different cloud service customers can negotiate different contract terms with the same cloud service provider for the same cloud service. This document aims to assist cloud service customers when they compare cloud services from different cloud service providers. ISO/IEC 19086-1:2016 does not provide a standard structure that can be used for a cloud SLA or a standard set of cloud service level objectives (SLOs) and cloud service qualitative objectives (SQOs) that will apply to all cloud services or all cloud service providers. This approach provides flexibility for cloud service providers in tailoring their cloud SLAs to the particular characteristics of the offered cloud services. ISO/IEC 19086-1:2016 does not supersede any legal requirement.https://www.iso.org/standard/67545.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c067545_ISO_IEC_19086-1_2016.zipAccepted2022-03 Set to Accepted as listed in NZISM 22.1.18. Review with the Cloud Programme. 2020-11 added as Recommended as agreed with GEAG as this this standard is publicly available - use Alternative_link.DIA#NZISM 22.1.18. InternationalStandard - TechnicalISOPublished2016-09PUBLISHUpdate 2022-03-17 ISO/IEC 19086-2:2018 Cloud computing — Service level agreement (SLA) framework — Part 2: Metric modelISO/IEC 19086-2:201819086This document establishes common terminology, defines a model for specifying metrics for cloud SLAs, and includes applications of the model with examples. This document establishes a common terminology and approach for specifying metrics. This document is for the benefit of and use for both cloud service providers (CSPs) and cloud service customers (CSCs). This document is intended to complement ISO/IEC 19086-1, ISO/IEC 19086-3 and ISO/IEC 19086-4. This document does not mandate the use of a specific set of metrics for cloud SLAs.https://www.iso.org/standard/67546.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c067546_ISO_IEC_19086-2_2018.zipAccepted2022-03 Set to Accepted as listed in NZISM 22.1.18. Review with the Cloud Programme. 2020-11 added as Recommended as agreed with GEAGGCISO information security functional leadership mandate.GCSBhttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/help/cloud-capabilities-network/#:~:text=If%20you%E2%80%99re%20part%20of%20a%20government%20organisation%2C%20join,cloud%20maturity%2C%20the%20CCN%20helps%20by%20making%20available%3A#NIST 22.1.18. References - StandardsInternationalStandard - TechnicalISOPublished2018-12PUBLISHUpdate 2022-03-17 ISO/IEC 19086-3:2017 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 3: Core conformance requirementsISO/IEC 19086-3:2017 19086ISO/IEC 19086-3:2017 specifies the core conformance requirements for service level agreements (SLAs) for cloud services based on ISO/IEC 19086‑1 and guidance on the core conformance requirements. This document is for the benefit of and use by both cloud service providers and cloud service customers. ISO/IEC 19086-3:2017 does not provide a standard structure that would be used for cloud SLAs.https://www.iso.org/standard/67547.htmlAccepted2022-03 Set to Accepted as listed in NZISM 22.1.18. Review with the Cloud Programme.GCISO information security functional leadership mandate.GCSBhttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/help/cloud-capabilities-network/#:~:text=If%20you%E2%80%99re%20part%20of%20a%20government%20organisation%2C%20join,cloud%20maturity%2C%20the%20CCN%20helps%20by%20making%20available%3A#NZISM 22.1.18. InternationalStandard - TechnicalISOPublishedPUBLISHAdd2022-03-18 ISO/IEC 19941:2017 Information technology — Cloud computing — Interoperability and portabilityISO/IEC 19941:201719941ISO/IEC 19941:2017 specifies cloud computing interoperability and portability types, the relationship and interactions between these two cross-cutting aspects of cloud computing and common terminology and concepts used to discuss interoperability and portability, particularly relating to cloud services. ISO/IEC 19941:2017 is related to other standards, namely, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086‑1, ISO/IEC 19944, and in particular, references the cross-cutting aspects and components identified in ISO/IEC 17788 and ISO/IEC 17789 respectively. The goal of this document is to ensure that all parties involved in cloud computing, particularly CSCs, CSPs and cloud service partners (CSNs) acting as cloud service developers, have a common understanding of interoperability and portability for their specific needs. This common understanding helps to achieve interoperability and portability in cloud computing by establishing common terminology and concepts.https://www.iso.org/standard/66639.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c066639_ISO_IEC_19941_2017.zipAccepted2022-03 Added as Accepted as listed in NIST 22.1.18. References - StandardsGCISO information security functional leadership mandate.GCSBhttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/help/cloud-capabilities-network/#:~:text=If%20you%E2%80%99re%20part%20of%20a%20government%20organisation%2C%20join,cloud%20maturity%2C%20the%20CCN%20helps%20by%20making%20available%3A#NIST 22.1.18. References - StandardsInternationalStandard - TechnicalISOPublished 2017-12PUBLISHAdd2022-03-21 ISO/IEC 19944-1:2020 Cloud computing and distributed platforms ─ Data flow, data categories and data use — Part 1: FundamentalsISO/IEC 19944-1:202019944This document — extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services, — describes the various types of data flowing within the devices and cloud computing ecosystem, — describes the impact of connected devices on the data that flow within the cloud computing ecosystem, — describes flows of data between cloud services, cloud service customers and cloud service users, — provides foundational concepts, including a data taxonomy, and — identifies the categories of data that flow across the cloud service customer devices and cloud services. This document is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organisation involved in legal, policy, technical or other implications of data flows between devices and cloud services.https://www.iso.org/standard/79573.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c079573_ISO_IEC_19944-1_2020(E).zipAccepted2022-03 Added as Accepted as listed in NIST 22.1.18. References - StandardsGCISO information security functional leadership mandate.GCSBhttps://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/cloud-services/help/cloud-capabilities-network/#:~:text=If%20you%E2%80%99re%20part%20of%20a%20government%20organisation%2C%20join,cloud%20maturity%2C%20the%20CCN%20helps%20by%20making%20available%3A#ISO/IEC 17788, #ISO/IEC 17789 #NIST 22.1.18. References - StandardsInternationalStandard - TechnicalISOPublished 2020-10PUBLISHAdd2022-03-21 ISO/IEC 21320-1:2015 Information technology — Document Container File — Part 1: CoreISO/IEC 21320-1:201521320ISO/IEC 21320-1:2015 specifies the core requirements for - document container files, and - implementations that produce and/or consume document container files. ISO/IEC 21320-1:2015 normatively references the Zip File Format Specification version 6.3.3 of PKWARE® Inc. Document container files are conforming Zip files as specified by that document.https://www.iso.org/standard/60101.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c060101_ISO_IEC_21320-1_2015.zipAccepted2020-09 added as Accepted.DIAInternationalStandard - TechnicalISOPublished2015-10PUBLISHAdd2020-09-18 ISO/IEC 21778:2017 Information technology — The JSON data interchange syntaxISO/IEC 21778:2017 21778JSON is a lightweight, text-based, language-independent syntax for defining data interchange formats. It was derived from the ECMAScript programming language, but is programming language independent. JSON defines a small set of structuring rules for the portable representation of structured data. The goal of ISO/IEC 21778:2017 is only to define the syntax of valid JSON texts. Its intent is not to provide any semantics or interpretation of text conforming to that syntax. It also intentionally does not define how a valid JSON text might be internalized into the data structures of a programming language. There are many possible semantics that could be applied to the JSON syntax and many ways that a JSON text can be processed or mapped by a programming language. Meaningful interchange of information using JSON requires agreement among the involved parties on the specific semantics to be applied. Defining specific semantic interpretations of JSON is potentially a topic for other specifications. Similarly, language mappings of JSON can also be independently specified. For example, ECMA-262 defines mappings between valid JSON texts and ECMAScript's runtime data structures.https://www.iso.org/standard/71616.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c071616_ISO_IEC_21778_2017.zipRecommended2020-11 added as Recommended confirmed with GEAG members. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalISOPublished2017-11PUBLISHAdd2020-11-11 ISO/IEC 2382:2015 Information technology — VocabularyISO/IEC 2382:20152382This is a standard listing informational technology termshttps://www.iso.org/standard/63598.htmlhttps://www.iso.org/obp/ui/#iso:std:iso-iec:2382:ed-1:v1:enRecommended2020-11 added as Recommended confirmed with GEAG members. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalISOPublished2015-05PUBLISHAdd2020-11-13 ISO/IEC 2382-37:2017 Information technology — Vocabulary — Part 37: BiometricsISO/IEC 2382-37:20172382ISO/IEC 2382-37:2017 establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings and reconciles variant terms in use in pre-existing biometric standards against the preferred terms, thereby clarifying the use of terms in this field. Excluded from the scope of this document are concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis. In principle, mode specific terms are outside of scope of this document. Words that are bolded are defined in this document. Words that are not bolded are understood in their natural language sense. The authority for natural language use of terms in this document is the Concise Oxford English Dictionary, Thumb Index Edition (tenth edition, revised, 2002). Words used in their natural language sense are considered out-of-scope for further definition in this document.https://www.iso.org/standard/66693.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c066693_ISO_IEC_2382-37_2017.zipRecommended2020-11 added as Recommended confirmed with GEAG members. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalISOPublished2017-02PUBLISHAdd2020-11-13 ISO/IEC 24760-1:2019 IT Security and Privacy — A framework for identity management — Part 1: Terminology and conceptsISO/IEC 24760-1:201924760Description: This document defines terms for identity management, and specifies core concepts of identity and identity management and their relationships. It is applicable to any information system that processes identity information.https://www.iso.org/standard/77582.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c077582_ISO_IEC_24760-1_2019(E).zipInformationalDIAISO/IEC 24760-1:2011 Information technology -- Security techniques -- A framework for identity management -- Part 1: Terminology and conceptsInternationalStandard - TechnicalISOPublished2019-05PUBLISHUpdate2020-09-11 ISO/IEC 25010:2011 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality modelsISO/IEC 25010:2011 25010ISO/IEC 25010:2011 defines: (1) A quality in use model composed of five characteristics (some of which are further subdivided into subcharacteristics) that relate to the outcome of interaction when a product is used in a particular context of use. This system model is applicable to the complete human-computer system, including both computer systems in use and software products in use. (2) A product quality model composed of eight characteristics (which are further subdivided into subcharacteristics) that relate to static properties of software and dynamic properties of the computer system. The model is applicable to both computer systems and software products.https://www.iso.org/standard/35733.htmlAccepted2020-11 changed to Accepted as agreed with GEAG 2020-10 added as Future Consideration. Catalogue review workshop October 2020 nominated this standard as relevant but missing from the catalogue.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalISOPublished2011-032017PUBLISHUpdate 2020-11-26 ISO/IEC 25012:2008 Software engineering — Software product Quality Requirements and Evaluation (SQuaRE) — Data quality modelISO/IEC 25012:2008 25012ISO/IEC 25012:2008 defines a general data quality model for data retained in a structured format within a computer system. ISO/IEC 25012:2008 can be used to establish data quality requirements, define data quality measures, or plan and perform data quality evaluations. It could be used, for example, - to define and evaluate data quality requirements in data production, acquisition and integration processes, - to identify data quality assurance criteria, also useful for re-engineering, assessment and improvement of data, - to evaluate the compliance of data with legislation and/or requirements. ISO/IEC 25012:2008 categorizes quality attributes into fifteen characteristics considered by two points of view: inherent and system dependent. Data quality characteristics will be of varying importance and priority to different stakeholders.https://www.iso.org/standard/35736.htmlAccepted2020-11 changed to Accepted as agreed with GEAG 2020-10 added as Future Consideration. Catalogue review workshop October 2020 nominated this standard as relevant but missing from the catalogue.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalISOPublished2008-122019PUBLISHAdd2020-11-26 ISO/IEC 25040:2011 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Evaluation processISO/IEC 25040:201125040ISO/IEC 25040:2011 contains requirements and recommendations for the evaluation of software product quality and clarifies the general concepts. It provides a process description for evaluating software product quality and states the requirements for the application of this process. The evaluation process can be used for different purposes and approaches. The process can be used for the evaluation of the quality of pre-developed software, commercial-off-the-shelf software or custom software and can be used during or after the development process. ISO/IEC 25040:2011 establishes the relationship of the evaluation reference model to the SQuaRE documents as well as shows how each SQuaRE document should be used during the activities of the evaluation process.https://www.iso.org/standard/35765.htmlAccepted2020-11 changed to Accepted as agreed with GEAG 2020-10 added as Future Consideration. Catalogue review workshop October 2020 nominated this standard as relevant but missing from the catalogue.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalISOPublished2011-032019PUBLISHAdd2020-11-26 ISO/IEC 27000:2018 Information technology -- Security techniques -- Information security management systems -- Overview and vocabularyISO/IEC 27000:201827000ISO/IEC 27000:2018 provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is applicable to all types and sizes of organization (e.g. commercial enterprises, government agencies, not-for-profit organizations). The terms and definitions provided in this document - cover commonly used terms and definitions in the ISMS family of standards; - do not cover all terms and definitions applied within the ISMS family of standards; and - do not limit the ISMS family of standards in defining new terms for use.https://www.iso.org/standard/73906.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_E.zipRecommended2022-03 Set to Recommended as NZISM list this in '1.1.62 Key Standards'GCISO information security functional leadership mandate.GCSB#NZISM 01. About information security, #NZISM 04. System Certification and AccreditationISO/IEC 27000:2016 Information technology — Security techniques — Information security management systems — Overview and vocabularyInternationalStandard - TechnicalISOPublished2018-02PUBLISHUpdate2022-03-21 ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- RequirementsISO/IEC 27001:2013 27001Corrigenda/Amendments: ISO/IEC 27001:2013/Cor 1:2014, and ISO/IEC 27001:2013/Cor 2:2015 Description: ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.https://www.iso.org/standard/54534.html AcceptedReview with NCSC needed to consider if this could be Recommended. Australia has its own version of this standard AS ISO/IEC 27001:2015 Information technology - Security techniques - Information security management systems - RequirementsGCISO information security functional leadership mandate.GCSB#NZISM 1.1.63. Additional Guidance, #NZISM 04. System Certification and AccreditationISO/IEC 27001:2005 Information technology -- Security techniques -- Information security management systems -- RequirementsAS ISO/IEC 27001:2015 Information technology - Security techniques - Information security management systems - RequirementsInternationalStandard - TechnicalISOPublished2013-102019PUBLISHUpdate2020-09-15 ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controlsISO/IEC 27002 27002https://www.iso.org/standard/75652.htmlAccepted2022-03 Set to Accepted as NZISM list this in '1.1.63. Additional Guidance'GCISO information security functional leadership mandate. GCSB#NZISM 1.1.63. Additional GuidanceISO/IEC 27002:2022 Information security controlsISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for information security controlsInternationalStandard - TechnicalISOPublished2022-02PUBLISHUpdate2022-03-21 ISO/IEC 27005:2018 Information technology -- Security techniques -- Information security risk managementISO/IEC 27005:201827005This document provides guidelines for information security risk management. This document supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of this document. This document is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that can compromise the organization's information security.https://www.iso.org/standard/75281.htmlAccepted2020-11 changed from Informational to Accepted. NZISM referenced this standard. 2019-03 added as Informational GCISO information security functional leadership mandate. GCSB#NZISM 1.1.63. Additional GuidanceISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk managementInternationalStandard - TechnicalISOPublished2016-12PUBLISHUpdate2020-11-18 ISO/IEC 27006:2015 Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systemsISO/IEC 27006:201527006Description: ISO/IEC 27006:2015 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021‑1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification. The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification. NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.https://www.iso.org/standard/62313.htmlAcceptedNeed to confirm status with GCSB as NZISM references a standard when it is the source of a control, and does not indicate an endorsement. GCISO information security functional leadership mandate. GCSB#NZISM 06. Information security monitoringISO/IEC 27006:2011 Information Technology – Security Techniques - Requirements for bodies providing audit and certification of information security management systems.InternationalStandard - TechnicalISOPublished2015-10PUBLISHUpdate2020-09-15 ISO/IEC 27007:2020 Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditingISO/IEC 27007:202027007This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011. This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.https://www.iso.org/standard/77802.htmlAcceptedNeed to confirm status with GCSB as NZISM references a standard when it is the source of a control, and does not indicate an endorsement. GCISO information security functional leadership mandate. GCSB#NZISM 06. Information security monitoringISO/IEC 27007:2017 Information technology -- Security techniques -- Guidelines for information security management systems auditingInternationalStandard - TechnicalISOPublished2020-01PUBLISHUpdate2020-09-15 ISO/IEC 27017:2015 Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud servicesISO/IEC 27017:201527017ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing: - additional implementation guidance for relevant controls specified in ISO/IEC 27002; - additional controls with implementation guidance that specifically relate to cloud services. This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.https://www.iso.org/standard/43757.htmlAccepted2022-03 Set to Accepted as listed in NZISM 22.1.18. 2022-01 set PUBLISH to No till we can establish a mandate for this standard.GCISO information security functional leadership mandate. GCSB#ISO/IEC 27002#NZISM 22.1.18. InternationalStandard - TechnicalISOPublished2015-122021PUBLISHUpdate2022-03-21 ISO/IEC 27018:2019 Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processorsISO/IEC 27018:201927018This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in this document can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations.https://www.iso.org/standard/76559.htmlAccepted2022-03 Set to Accepted as listed in NZISM 22.1.18. 2021-11-05 Privacy consultant Miki Seifert confirms the GCPO does not reference any ISO standards so set PUBLISH to 'No'GCISO information security functional leadership mandate. GCSB#NZISM 22.1.18. ISO/IEC 27018:2014 Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processorsInternationalStandard - TechnicalISOPublished2019-01PUBLISHUpdate2022-03-21 ISO/IEC 27037:2012 — Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidenceISO/IEC 27037:2012 27037ISO/IEC 27037:2012 provides guidelines for specific activities in the handling of digital evidence, which are identification, collection, acquisition and preservation of potential digital evidence that can be of evidential value. It provides guidance to individuals with respect to common situations encountered throughout the digital evidence handling process and assists organizations in their disciplinary procedures and in facilitating the exchange of potential digital evidence between jurisdictions. ISO/IEC 27037:2012 gives guidance for the following devices and circumstances: Digital storage media used in standard computers like hard drives, floppy disks, optical and magneto optical disks, data devices with similar functions, Mobile phones, Personal Digital Assistants (PDAs), Personal Electronic Devices (PEDs), memory cards, Mobile navigation systems, Digital still and video cameras (including CCTV), Standard computer with network connections, Networks based on TCP/IP and other digital protocols, and Devices with similar functions as above. The above list of devices is an indicative list and not exhaustive.https://www.iso.org/standard/44381.htmlAccepted2020-09 Changed to Accepted as listed in NZISM 1.1.63. Additional Guidance.GCISO information security functional leadership mandate. GCSB#NZISM 1.1.63. Additional GuidanceInternationalStandard - TechnicalISOPublished2012-102018PUBLISHUpdate2020-09-15 ISO/IEC 38500:2015 Information technology -- Governance of IT for the organizationISO/IEC 38500:201538500ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations. https://www.iso.org/standard/62816.htmlAcceptedThis should be reviewed in 2020 and we may want to be across it. When Standards Australia update AS ISO/IEC 38500:2016 in may be an opportunity to re-link to create a Regional StandardGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzISO/IEC 38500:2008 - Corporate Governance of Information Technology. AS ISO/IEC 38500:2016 Information technology -- Governance of IT for the organizationInternationalStandard - TechnicalISOPublished 2015-02PUBLISH ISO/IEC 9798-2:2019 IT Security techniques — Entity authentication — Part 2: Mechanisms using authenticated encryptionISO/IEC 9798-2:20199798This document specifies entity authentication mechanisms using authenticated encryption algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require an on-line trusted third party for the establishment of a common secret key. They also realize mutual or unilateral entity authentication. Annex A defines Object Identifiers for the mechanisms specified in this document.https://www.iso.org/standard/67114.html?browse=tcAccepted2020-09 Changed from Informational to Accepted. As a general principle current International ISO standards are Accepted for use by the NZ government.GCISO information security functional leadership mandate. GCSBISO/IEC 9798-2:2008/Cor 3:2013 Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms — Technical Corrigendum 3 ISO/IEC 9798-2:2008 Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithmsInternationalStandard - TechnicalISOPublished2019-06PUBLISHUpdate2020-09-07 ISO/IEC 9798-3:2019 IT Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniquesISO/IEC 9798-3:2019 IT9798Description: This document specifies entity authentication mechanisms using digital signatures based on asymmetric techniques. A digital signature is used to verify the identity of an entity. Ten mechanisms are specified in this document. The first five mechanisms do not involve an on-line trusted third party and the last five make use of on-line trusted third parties. In both of these two categories, two mechanisms achieve unilateral authentication and the remaining three achieve mutual authentication. Annex A defines the object identifiers assigned to the entity authentication mechanisms specified in this document.https://www.iso.org/standard/67115.html?browse=tcAccepted2020-09 Changed from Informational to Accepted. As a general principle current International ISO standards are Accepted for use by the NZ government.GCISO information security functional leadership mandate. GCSBISO/IEC 9798-3:1998 Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques ISO/IEC 9798-3:1998/Cor 2:2012 Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques — Technical Corrigendum 2InternationalStandard - TechnicalISOPublished2019-01PUBLISHUpdate2020-09-07 ISO/IEC TS 27008:2019 Information technology -- Security techniques -- Guidelines for the assessment of information security controlsISO/IEC TS 27008:2019 27008Description: This document provides guidance on reviewing and assessing the implementation and operation of information security controls, including the technical assessment of information system controls, in compliance with an organization's established information security requirements including technical compliance against assessment criteria based on the information security requirements established by the organization. This document offers guidance on how to review and assess information security controls being managed through an Information Security Management System specified by ISO/IEC 27001. It is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks.https://www.iso.org/standard/67397.html?browse=tcAccepted2020-11 changed from Informational to Accepted as referenced in the NZISM. 2019-03 added as InformationalGCISO information security functional leadership mandate. GCSB#NZISM 06. Information security monitoringISO/IEC TR 27008:2011 Information technology — Security techniques — Guidelines for auditors on information security controlsInternationalStandard - Technical SpecificationISOPublished2019-01PUBLISHUpdate2020-11-19 ISO/IEC/IEEE 24765:2017 Systems and software engineering — VocabularyISO/IEC/IEEE 24765:201724765ISO/IEC/IEEE 24765:2017 provides a common vocabulary applicable to all systems and software engineering work. It was prepared to collect and standardize terminology. ISO/IEC/IEEE 24765:2017 is intended to serve as a useful reference for those in the information technology field, and to encourage the use of systems and software engineering standards prepared by ISO and liaison organizations IEEE Computer Society and Project Management Institute. ISO/IEC/IEEE 24765:2017 includes references to the active source standards for definitions so that systems and software engineering concepts and requirements can be further explored.https://www.iso.org/standard/71952.html https://standards.iso.org/ittf/PubliclyAvailableStandards/c071952_ISO_IEC_IEEE_24765_2017.zipRecommended2020-11 added as RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalISOPublished2017-09PUBLISHAdd2020-11-11 ISO/TC211 Normative UML models of geographic technology standardsISO/TC21119100ISO/TC211 Geographic information/Geomatics develops the 19100 stack of geographical information standards. Every normative UML Model in the TC211 stack is freely accessible; these models are the kernel of these standards. The models are developed in SparxEA and made available via ISO sparxcloud. Note a SparxEA project with all the harmonised models is available from the Alternative_link https://github.com/ISO-TC211/HMMGhttp://iso.sparxcloud.com/index.phphttps://github.com/ISO-TC211/HMMGRecommended2020-11-19 added as Recommended as this is a publicly available model set that supports the entire ISO/TC211 19100 series of standards. This is a publicly available resource that supports the ISO/TC211 standards with UML models of the normative parts of the geographic information standards.This is a publicly available resource that supports the ISO/TC211 standards with UML models of the normative parts of the geographic information standards.NZ IRG for Geospatial informationInternationalModelISOPublicly AvailablePUBLISHAdd2020-11-19 ISO/TC211 Ontology representations of geographic technology standardsISO/TC211 19100ISO/TC211 Geographic information/Geomatics develops the 19100 stack of geographical information standards. Every ontology for the standards in the TC211 stack is freely accessible. https://def.isotc211.org/Recommended2020-11-19 added as Recommended as this is a publicly available ontology set that supports the entire ISO/TC211 19100 series of standards. This is a publicly available resource that supports the ISO/TC211 standards with the ontologies of the geographic information standards.This is a publicly available resource that supports the ISO/TC211 standards with the ontologies of the geographic information standards.NZ IRG for Geospatial informationInternationalStandardISOPublicly AvailablePUBLISHAdd2020-11-19 ISO/TC211 XML schema representations of geographic technology standardsISO/TC211 19100ISO/TC211 Geographic information/Geomatics develops the 19100 stack of geographical information standards. Every XML schema for the standards in the TC211 stack is freely accessible. https://schemas.isotc211.org/Recommended2020-11-19 added as Recommended as this is a publicly available schema set that supports the entire ISO/TC211 19100 series of standards. This is a publicly available resource that supports the ISO/TC211 standards with XML schemas of the geographic information standards.This is a publicly available resource that supports the ISO/TC211 standards with XML schemas of the geographic information standards.NZ IRG for Geospatial informationInternationalStandard - TechnicalISOPublicly AvailablePUBLISHAdd2020-11-19 ISO/TR 21965:2019 Information and documentation — Records management in enterprise architectureISO/TR 21965:201921965The document creates a common language that embeds records management concerns and requirements into enterprise architecture with the twin goals of building consensus — among records managers, enterprise architects and solution architects, and — across the domains of records management, enterprise architecture and solution architecture. NOTE This common understanding of Records Management enables Enterprise Architects to understand the motivations, concerns and goals of Records Managers, recognize them as influential key business stakeholders during organizational transformation, and use this understanding to influence systems planning and design. As a result, Records Management becomes an organizational capability at governance, strategic and operational levels. This document provides a records management viewpoint, with architecture principles and corresponding architectural views of records. It explains records management for enterprise architects and other related professionals, so that they can achieve the competency needed to support collaborative initiatives.https://www.iso.org/standard/72312.htmlhttps://standards.iso.org/ittf/PubliclyAvailableStandards/c071616_ISO_IEC_21778_2017.zipRecommended2021-01 confirmed with Archives that this should be recommended, and they wiill update their guidance to reflect this. Changed from Informational to Recommended.This standard is recommended by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZInternationalTechnical ReportISOPublished2019-03PUBLISHAdd2019-12-09 ISO/TS 19166:2021 Geographic information — BIM to GIS conceptual mapping (B2GM)ISO/TS 19166:202119166This document defines the conceptual framework and mechanisms for mapping information elements from Building Information Modelling (BIM) to Geographic Information Systems (GIS) to access the required information based on specific user requirements. The conceptual framework for mapping BIM information to GIS is defined with the following three mapping mechanisms: — BIM to GIS Perspective Definition (B2G PD); — BIM to GIS Element Mapping (B2G EM); — BIM to GIS LOD Mapping (B2G LM). This document does not describe physical schema integration or mapping between BIM and GIS models because the physical schema integration or mapping between two heterogeneous models is very complex and can cause a variety of ambiguity problems. Developing a unified information model between BIM and GIS is a desirable goal, but it is out of the scope of this document. The scope of this document includes the following: — definition for BIM to GIS conceptual mapping requirement description; — definition of BIM to GIS conceptual mapping framework and component; — definition of mapping for export from one schema into another. The following concepts are outside the scope: — definition of any particular mapping application requirement and mechanism; — bi-directional mapping method between BIM and GIS; — definition of physical schema mapping between BIM and GIS; — definition of coordinate system mapping between BIM and GIS. NOTE: For cases involving requirements related to Geo-referencing for providing the position and orientation of the BIM model based on GIS, there exist other standards such as ISO 19111 and the Information Delivery Manual (IDM) from buildingSMART on Geo-referencing BIM. — definition of relationship mapping between BIM and GIS; — implementation of the application schema.https://www.iso.org/standard/78899.htmlFuture Consideration2023-06 Changed to Future Consideration. Waka Kotahi is no longer supporting the Asset Management Data Standard (AMDS) Location Standard. 2021-11 changed status to Recommended. 2020-10 added as Development as this may need NZ input. Was referenced as part of the AMDS Location Standard but Waka Kotahi is no longer supporting that aspect of AMDS. They defer to LINZ on Location.LINZ#Asset Management Data Standard (AMDS) Location StandardInternationalStandard - TechnicalISOPublished2021-05PUBLISHAdd2020-10-19 ISO/TS 8000-65:2020 Data quality — Part 65: Data quality management: Process measurement questionnaireISO/TS 8000-65:2020 8000This document specifies a questionnaire to audit the performance of the processes specified by the process reference model in ISO 8000‑61. NOTE 1 This questionnaire is applicable to all types of business process, technology, information system, data and data processing. This questionnaire can be used as part of a continuous improvement process. The following are within the scope of this document: — guiding principles for generating questions from the process outcomes specified by ISO 8000‑61; — one or more questions for each outcome of every process in ISO 8000‑61; — a measurement method based on a simple indicator and measurement scale for each question; — guidance on how to present the results generated by the questionnaire. NOTE 2 The questions and corresponding indicators in this document conform to the requirements of ISO 8000‑63. The following is outside the scope of this document: — defining how the questions relate to models of organizational process maturity. NOTE 3 Such models define an overall scale by which to understand the degree to which an organization is performing effectively and efficiently. EXAMPLE ISO 8000‑62 and ISO 8000‑64 [1]specify how to use maturity models with ISO 8000‑61. [1] Under preparation.https://www.iso.org/standard/73835.htmlAccepted2021-10 added as Accepted.GCDS Data functional leadership mandate.Statistics NZ#Data Quality Assessment Framework - Guide to related standardsInternationalStandard - TechnicalISOPublished2020-06PUBLISHAdd2021-10-29 JSON (JavaScript Object Notation)JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. Source: GEA-NZ Standards Reference Appendix - 1. Internet and On-line Presence - 3. International Technical Foundation Standards. GEA-NZ Standards Reference Appendix - 2. Data Integration - 3. International Technical Foundation Standards.https://www.json.org/json-en.htmlRecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#API Guidelines Part C - API Development 2021InternationalStandard - Technicaljson.orgCurrentPUBLISH Justice Sector Unique Identifier Code 2020This code provides certain agencies involved in the justice sector with a partial exemption from information privacy principle 13, when those agencies reassign a unique identifier to people proceeding through the justice system.https://www.privacy.org.nz/privacy-act-2020/codes-of-practice/jsuic2020/Mandated2020-12 added as Mandated as the new Privacy Act 2020 came into force on the 1st of December 2020Privacy CommissionerJustice Sector Unique Identifier Code 1998National (NZ)StandardThe Privacy CommissionerPublishedPUBLISHAdd2020-12-01 Key words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. https://www.ietf.org/rfc/rfc2119.txtRecommendedNote ISO Directives part 2 which defines similar language.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandardIETF (Internet Engineering Task Force)Best Current Practice1997-03PUBLISH LDAP v3 (Lightweight Directory Access Protocol Version 3)The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.https://ldap.com/RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard [Widely adopted]PUBLISH Legacy system guidanceGuidance on replacing or retiring legacy systems and technology and how to manage risk during the process.https://www.digital.govt.nz/standards-and-guidance/technology-and-architecture/legacy-system-guidance/Recommended2022-03 Added as RecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGovernment (NZ)GuidanceNZ GovernmentPublishedPUBLISHAdd2020-03-31 List of protected records for local authoritiesThis notice is specifying classes of local authority records that may not be destroyed unless prior approval is given by the Chief Archivist. The Public Records Act defines a local authority as: - A council-controlled organisation - A council-controlled trading organisation - A local government organisation Was: 16/Sp4 List of protected records for local authoritieshttps://archives.govt.nz/manage-information/resources-and-guides/statutory/protected-records-for-local-authoritiesMandatedAdded as mandated.2021-04 confirmed with Archives that this is mandatory for local authoritiesThis is guidance produced by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZGovernment (NZ)StandardArchives NZPublished2017-12PUBLISHAdd2021-04-07 Maintenance of public archives - Instruction to approved repositories (16/Sp2)This instruction specifies requirements for the maintenance of all physical (non-digital) public archives that have been transferred to the control of all approved repositories authorised under the Archives Act 1957 or the Public Records Act 2005. https://records.archives.govt.nz/resources-and-guides/maintenance-of-public-archives-instruction-to-approved-repositories/Mandated2021-11 confirmed with Archives that this is Mandatory for approved repositories. Changed from Recommneded to Mandatory.Approved RepositoriesThis is guidance produced by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZGovernment (NZ)StandardArchives NZPublished2018-08PUBLISHUpdate2021-01-11 Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0SAML profiles require agreements between system entities regarding identifiers, binding support and endpoints, certificates and keys, and so forth. A metadata specification is useful for describing this information in a standardized way. This document defines an extensible metadata format for SAML system entities, organized by roles that reflect SAML profiles. Such roles include that of Identity Provider, Service Provider, Affiliation, Attribute Authority, Attribute Consumer, and Policy Decision Point.https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdfAccepted2020-02 added as Accepted. Part of the basis for the NZSAMS [New Zealand Security Assertion Messaging Standard]DIA# NZSAMS [New Zealand Security Assertion Messaging Standard]New Zealand Security Assertion Messaging Standard [NZSAMS]InternationalStandard - TechnicalOASISOASIS Standard2005-03-15PUBLISHAdd2020-02-03 New Zealand Data and Information Management Principles (2011)On 8 August 2011 government approved new principles for managing the data and information it holds. These replace the 1997 Policy Framework for Government held Information. See Cabinet Minute CAB Min (11) 29/12. They have been developed to ensure high quality management of the information the government holds on behalf of the public. While new language is used, the enduring concepts of the 1997 framework, in particular, quality, ownership, stewardship and custodianship, are retained. In summary, government data and information should be open, readily available, well managed, reasonably priced and re-usable unless there are necessary reasons for its protection. Personal and classified information will remain protected. Government data and information should also be trusted and authoritative. https://www.data.govt.nz/manage-data/policies/new-zealand-data-and-information-management-principles/RecommendedGCDS Data functional leadership mandate.Statistics NZGovernment (NZ)PrinciplesGCDS (Government Chief Data Steward)2011-08PUBLISH New Zealand Government IdentityThe New Zealand Government (NZ Govt) Identity replaces the 2007 All-of-Government (AoG) Brand Identity. That AoG Brand Identity was reviewed alongside the implementation of the Public Service Act 2020, and broader Public Service reform programme. As well as ensuring it was fit for purpose in the ever-expanding digital landscape we work in, it was important that the Identity reflected in a visual way the principles and values of a more unified and joined up Public Service, reflective of the communities we serve and who we are as New Zealanders. The use of the New Zealand Government Identity applies to all Public Service departments, departmental agencies, interdepartmental ventures, interdepartmental executive boards and Crown agents. Other categories of Crown entity and agencies in the wider public sector can use the responsive logo mark (excluding the Coat of Arms) if they wish, or as invited by Responsible Ministers.https://www.publicservice.govt.nz/our-work/nzgovt-identity/Mandated2022-03 Added as Mandated. Public Service Commissioncommission@publicservice.govt.nz#NZ Government Web StandardsNational (NZ)StandardNZ GovernmentPublishedPUBLISHAdd2020-03-31 New Zealand Government OASIS CIQ Address Profile October 2012The New Zealand Government OASIS CIQ Profiles provide guidance and rules for the use the standard OASIS CIQ schemas for the exchange of; - Personal (individual and joint names) and Non-Personal Names (organisations, objects) - Addresses - Party Roles and Relationships Note: Guidance on the relationship with the New Zealand Profile of ISO 19160 is required. Note 2020-12 (1) The standard mandates a XML implementation. JSON would be more appropriate in most cases. A note is needed on the landing page to cover this. (2) There needs to be a reconciliation between the Data Content Requirement for Street Address and the LINZ advice, and the eInvoicing address. https://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/guidance-and-resources/standards-compliance/nz-government-ciq-profiles/index.htmlRecommendedNote 1: The Street address data content standard is ISO 19160-1:2015 Addressing Part 1: Conceptual Model to be used to format street address information for sharing purposes. Note 2: UBL is gaining traction, especially with PEPPOL being adopted by Aus/NZ, but its specifications for structured Address types (including PostalAddress, DeliveryLocation.Address, RegistrationAddress etc) that do *not* conform to NZCIQ / CIQ / xNAL GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OASIS Customer Information Quality (CIQ) V3#Useful information for people working with Addresses, #New Zealand Government OASIS CIQ Profile Implementation Guidance NotesInternationalStandard - ProfileNZ GovernmentPublishedPUBLISH New Zealand Government OASIS CIQ Name Profile October 2012The New Zealand Government OASIS CIQ Profiles provide guidance and rules for the use the standard OASIS CIQ schemas for the exchange of; - Personal (individual and joint names) and Non-Personal Names (organisations, objects) - Addresses - Party Roles and Relationships Note 2020-12 The standard mandates a XML implementation. JSON would be more appropriate in most cases. A note is needed on the landing page to cover this.https://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/guidance-and-resources/standards-compliance/nz-government-ciq-profiles/index.htmlMandatedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OASIS Customer Information Quality (CIQ) V3#New Zealand Government OASIS CIQ Profile Implementation Guidance Notes, #xNAL (nz) schema (Extensible Name and Address Language (New Zealand), #Person name data mandated standardInternationalStandard - ProfileNZ GovernmentPublishedPUBLISH New Zealand Government OASIS CIQ Profile Implementation Guidance NotesGuidance intended to help those implementing the New Zealand OASIS CIQ Profile. The guidance does not state a standard. The guidance notes include: - Description of the OASIS CIQ standard and its intended use. - A description of the typical OASIS CIQ implementation scenarios. - Description of the New Zealand OASIS CIQ Profile set. - A high level description of the New Zealand OASIS CIQ Profile schemas usage capabilities and features. - Schematic of the NZ OASIS CIQ Profile Schema set. - New Zealand OASIS CIQ Name Profile key features - New Zealand OASIS CIQ Address Profile key features - New Zealand OASIS CIQ Role and Relationship key features - Schematics of the OASIS CIQ data model. Note 2020-12 The standard mandates a XML implementation. JSON would be more appropriate in most cases. A note is needed on the landing page to cover this.https://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/guidance-and-resources/standards-compliance/nz-government-ciq-profiles/index.htmlRecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#New Zealand Government OASIS CIQ Address Profile October 2012, #New Zealand Government OASIS CIQ Name Profile October 2012, #New Zealand Government OASIS CIQ Roles Relationships Profile October 2012, #xNAL (nz) schema (Extensible Name and Address Language (New Zealand)Government (NZ)GuidanceGCDO (Government Chief Digital Officer)PublishedPUBLISH New Zealand Government OASIS CIQ Roles Relationships Profile October 2012The New Zealand Government OASIS CIQ Profiles provide guidance and rules for the use the standard OASIS CIQ schemas for the exchange of; - Personal (individual and joint names) and Non-Personal Names (organisations, objects) - Addresses - Party Roles and Relationships Note 2020-12 The standard mandates a XML implementation. JSON would be more appropriate in most cases. A note is needed on the landing page to cover this.https://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/guidance-and-resources/standards-compliance/nz-government-ciq-profiles/index.htmlRecommendedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OASIS Customer Information Quality (CIQ) V3#New Zealand Government OASIS CIQ Profile Implementation Guidance NotesGovernment (NZ)Standard - ProfileGCDO (Government Chief Digital Officer)PublishedPUBLISH New Zealand Government Web Accessibility Standard 1.1Web accessibility is about inclusion — making sure everyone, including people with disabilities and those using assistive technologies, can access online information and services. All public service and non-public service agencies must meet the NZ Government Web Accessibility Standard from 1 July 2019. Every Public service department and non-public service department in the State Services (‘Agency’) is directed by Cabinet [CAB Min (03) 41/2B] to apply this Standard. Mandatory for Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office, and the New Zealand Security Intelligence Service.https://www.digital.govt.nz/web-accessibility-standard/MandatedSet as Mandated as All public service and non-public service agencies must meet the NZ Government Web Accessibility Standard from 1 July 2019. Mandated in [CAB Min (03)41/2B] Cabinet Minute — New Zealand Government Web Guidelines: Mandatory Requirements The Web Guidelines are now called the Web Standards, and ownership has moved from the e-gov unit of SSC to the GCDO.GCDO Digital functional leadership mandate.DIAweb.standards@dia.govt.nz#NZ Government Web StandardsWeb Accessibility Standard 1.0Government (NZ)StandardGCDO (Government Chief Digital Officer)PublishedPUBLISHUpdate2020-03-02 New Zealand Government Web Usability Standard 1.3All public service and non-public service agencies must meet the NZ Government Web Usability Standard 1.3 from 1 July 2019. Every Public service department or non-public service department in the State Services ('Agency') is directed by Cabinet [CAB Min (03) 41/2B] to apply this Standard. Mandatory for Public Service departments, the New Zealand Police, the New Zealand Defence Force, the Parliamentary Counsel Office, and the New Zealand Security Intelligence Service.https://www.digital.govt.nz/web-usability-standard/MandatedSet as mandated as all public service and non-public service agencies must meet the NZ Government Web Usability Standard 1.3 from 1 July 2019. Mandated in [CAB Min (03)41/2B] Cabinet Minute — New Zealand Government Web Guidelines: Mandatory Requirements The Web Guidelines are now called the Web Standards, and ownership has moved from the e-gov unit of SSC to the GCDO.GCDO Digital functional leadership mandate.DIAweb.standards@dia.govt.nz#NZ Government Web StandardsWeb Usability Standard 1.2Government (NZ)StandardGCDO (Government Chief Digital Officer)Published2019-07-01PUBLISHUpdate2020-03-02 New Zealand Predator Free 2050 Predator Control Data StandardWhen New Zealand achieves Predator Free 2050, it will be due in no small part to thousands of dedicated volunteers and conservation staff who have logged endless hours trekking through unforgiving landscapes to check traps, creating and assessing predator management plans, and managing and analysing data to feed back into planning. Achieving Predator Free 2050 will also rely on making the best use of existing tools, and coming up with new tools and approaches. Underpinning both of these will be the effective management, sharing and analysis the vast and invaluable amount of predator control data that is already collected daily across New Zealand and is set to only increase. However, integrating such heterogeneous data, collected by multiple people from multiple devices in multiple locations, remains a challenge due to the significant variations that can occur in observational scales, collection protocols, and terminologies (König C., et al., 2019). To overcome data integration challenges around predator control data, a call for standards has emerged from those working at all levels, from communities up to agencies and government. Creating and implementing a ‘data standard’ has its challenges, but previous successes have shown that they can be overcome by recognising the issues around data management and having the motivation to address them in a collective manner.https://github.com/pf2050nz/data-standard#readmeRecommended2020-08 added as Recommended. GEAG agreed to add the Predator Free NZ 2050 Data Standard to the August Catalogue as Recommended.DOCNational (NZ)StandardPredator Free 2050 LimitedPublished2020-07PUBLISHAdd2020-08-27 New Zealand Privacy Codes of Practice (Privacy Act 2020)The Privacy Act 2020 gives the Privacy Commissioner the power to issue codes of practice that become part of the law. These codes modify the operation of the Privacy Act and set rules for specific industries, organisations, or types of personal information. There are currently six codes of practice: - Civil Defence National Emergencies (Information Sharing) Code 2020 - Credit Reporting Privacy Code 2020 - Health Information Privacy Code 2020 - Justice Sector Unique Identifier Code 2020 - Superannuation Schemes Unique Identifier Code 2020 - Telecommunications Information Privacy Code 2020https://www.privacy.org.nz/privacy-act-2020/codes-of-practice/Mandated2020-12 added as Mandated as the new Privacy Act 2020 came into force on the 1st of December 2020Privacy CommissionerNew Zealand Privacy Codes of Practice (Privacy Act 1993)National (NZ)StandardThe Privacy CommissionerPublishedPUBLISHAdd2020-12-01 New Zealand Secure Web Services StandardSpecifies the standards for secure Web Services for the New Zealand Government. The standard guides the reader through a series of steps that leads to the selection of a secure Web service solution that incorporates appropriate standards. It provides a standard to enhance interoperability and provide a common validated approach to the security and privacy of secure Web services across government. Note: it is called the Government Enterprise Architecture for New Zealand (GEA-NZ) - Standards; Secure Web Services Standard Source: GEA-NZ Standards Reference Appendix - 3. Identity Information and Authentication and Access management - 1. New Zealand Government Standards and Guidance. Final. https://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/guidance-and-resources/standards-compliance/new-zealand-secure-web-services-standard/index.htmlAccepted2020-12 changed to Accepted from Recommended. Still relevant where agencies are using SOAP for integration (Legacy)GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGovernment (NZ)StandardGCDO (Government Chief Digital Officer)Published2013-04PUBLISHUpdate2020-12-02 New Zealand Security Assertion Messaging Standard (NZSAMS)This New Zealand Security Assertion Messaging Standard prescribes messaging standards for communicating a range of security assertions (authentication, identity attributes and authorisation) in New Zealand government online services. The Standard is abbreviated to NZ SAMS. Source: GEA-NZ Standards Reference Appendix - 2. Data Integration - 1. New Zealand Government Standards and Guidance. https://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/assets/Uploads/Documents/egif-authentication-NZSAMS-v1.0.pdfAcceptedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzAssertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0 Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0 Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0 Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0 Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0 InternationalStandard - ProfileNZ GovernmentPublished 2008-05PUBLISH New Zealand’s draft Profile of ISO 19160-1:2015 Addressing – Part 1: Conceptual Model19160The New Zealand Profile of ISO 19160-1:2015 Addressing - Part 1: Conceptual Model. Note it may only be refered to as New Zealand's draft Profile of ISO 19160-1:2015. This standard concerns the abstract concept of address as a way of expressing a location in New Zealand. The concept of a geographical address has evolved over time, but not always consistently between different locations, nor defined consistently by different information communities, or within different information systems. There is increasing need to openly share and interoperate address data more systematically. This demands attention to how these data are structured, and removing ambiguity about exactly what address data are being shared. One way to help achieve this is to standardise the underpinning address concept model. This document represents a consensus on New Zealand’s address concepts. It provides a reference information model to define all the forms of physical addresses (addresses classes) used in New Zealand. Was: Address: Conceptual Model for New Zealand - The New Zealand Profile of ISO 19160-1:2015, Addressing – Part 1: Conceptual Modelhttps://standards.iso.org/iso/19160/-1/NZ%20Profile%20Specification%2020151203.pdfRecommendedEven though it is still in draft it is Recommended. 2021-07-29 name changed to 'New Zealand’s draft Profile of ISO 19160-1:2015 Addressing – Part 1: Conceptual Model' from 'Address: Conceptual Model for New Zealand - The New Zealand Profile of ISO 19160-1:2015, Addressing – Part 1: Conceptual Model'LINZ#Street address data content requirement, #AS/NZS ISO 19160.1:2018 Addressing - Part 1: Conceptual model, #ISO 19160-1:2015 Addressing -- Part 1: Conceptual model#ISO 19160-1:2015 Addressing -- Part 1: Conceptual modelNational (NZ)Standard - ProfileStandards NZDraftPUBLISHName2021-07-29 Ngā Tikanga Paihere FrameworkNgā Tikanga Paihere is a framework and tool that: - guides safe, responsible, and culturally appropriate use of data - ensures data use is carefully considered - ensures data practices occur in good faith. The framework draws on 10 tikanga (Te Ao Māori/Māori world concepts) and aligns with the current model of the 5 Safes Framework which is used to manage safe access to integrated data at Stats NZ.https://www.data.govt.nz/use-data/data-ethics/nga-tikanga-paihere/Recommended2020-05 added as Recommended.GCDS Data functional leadership mandate.Statistics NZ#Cloud servicesGovernment (NZ)FrameworkGCDS (Government Chief Data Steward)PublishedPUBLISHName2020-11-23 NIST Special Publication 500-291, version 2, July 2013 Cloud Computing Standards Roadmap NIST Special Publication 500-291, version 2, July 2013This is the second edition of the NIST Cloud Computing Standards Roadmap, which has been developed by the members of the public NIST Cloud Computing Standards Roadmap Working Group. This edition includes updates to the information on portability, interoperability, and security standards in the first edition and adds new information on accessibility and performance standards. Also new in this edition is information on the role of conformity assessment in support of voluntary consensus standards. Analyzing typical government use cases (see Section 8), U.S. Government priorities and gaps in cloud computing voluntary consensus standards are identified in this edition and the previous edition. This information is intended for use by federal agencies and other stakeholders to help plan their participation in voluntary consensus standards development and related conformity assessment activities, which can help to accelerate the agencies’ secure adoption of cloud computing.https://www.nist.gov/system/files/documents/itl/cloud/NIST_SP-500-291_Version-2_2013_June18_FINAL.pdfInformational2022-03 Added as Informationla as listed in NZISM 22.1.18. Additional Guidance.GCISO information security functional leadership mandate. GCSB#NZISM 22.1.18. References - StandardsGovernment (US)Guidance NIST (National Institute of Standards and Technology)Published2013-07PUBLISHAdd2022-03-21 NIST Special Publication 500-292, September 2011 Cloud Computing Reference Architecture NIST Special Publication 500-292, September 2011A fundamental reference point, based on the NIST definition of Cloud Computing, is needed to describe an overall framework that can be used governmentwide. This document presents the NIST Cloud Computing Reference Architecture (RA) and Taxonomy (Tax) that will accurately communicate the components and offerings of cloud computing. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=909505Accepted2022-03 Added as Accepted as listed in NZISM 22.1.18. Additional Guidance.GCISO information security functional leadership mandate. GCSB#NZISM 22.1.18. References - StandardsGovernment (US)Guidance NIST (National Institute of Standards and Technology)Published2011-09PUBLISHAdd2022-03-21 NIST Special Publication 800-145, September 2011 The NIST Definition of Cloud ComputingNIST Special Publication 800-145, September 2011Cloud computing is an evolving paradigm. The NIST definition characterizes important aspects of cloud computing and is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing. The service and deployment models defined form a simple taxonomy that is not intended to prescribe or constrain any particular method of deployment, service delivery, or business operation.https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdfAccepted2022-03 Added as Accepted as listed in NZISM 22.1.18. Additional Guidance.GCISO information security functional leadership mandate. GCSB#NZISM 22.1.18. References - StandardsGovernment (US)Guidance NIST (National Institute of Standards and Technology)Published2011-09PUBLISHAdd2022-03-21 NIST Special Publication 800-146, May 2012 Cloud Computing Synopsis and Recommendations NIST Special Publication 800-146, May 2012This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and risks of cloud computing. Cloud computing has been the subject of a great deal of commentary. Attempts to describe cloud computing in general terms, however, have been problematic because cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies, configuration possibilities, service models, and deployment models. This document describes cloud systems and discusses their strengths and weaknesses.https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-146.pdfAccepted2022-03 Added as Accepted as listed in NZISM 22.1.18. Additional Guidance.GCISO information security functional leadership mandate. GCSB#NZISM 22.1.18. References - StandardsGovernment (US)Guidance NIST (National Institute of Standards and Technology)Published2012-05PUBLISHAdd2022-03-21 NISTIR 7298 Revision 3 Glossary of Key Information Security Terms. July 2019This publication describes an online glossary of terms used in National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) publications. This glossary utilizes a database of terms extracted from NIST Federal Information Processing Standard Publications (FIPS), the NIST Special Publication (SP) 800 series, select NIST Interagency or Internal Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009).https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.7298r3.pdfRecommended2022-03 Set to Recommended as NZISM list this in '1.1.62 Key Standards'GCISO information security functional leadership mandate. GCSB#NZISM 1.1.62. Key StandardsNISTIR 7298 Revision 2 – Glossary of Key Information Security Terms, May 2013Government (US)Common LanguageNIST (National Institute of Standards and Technology)PUBLISHUpdate2020-09-15 NZ Government Web StandardsEffective 01 July 2019, there are 2 web standards that Government organisations need to meet, the Web Accessibility Standard and the Web Usability Standard. This content includes links to the standards as well as other useful guidance and resources: - Web Standards clinics - Web Standards effective from July 2019 - Web Standards Self-Assessments - Web Standards risk assessment - Web Standards Cabinet Minute and Paperhttps://www.digital.govt.nz/standards-and-guidance/nz-government-web-standards/Mandated2022-03 Added as Mandated. GCDO Digital functional leadership mandate.DIAweb.standards@dia.govt.nz#New Zealand Government Web Accessibility Standard 1.1, #New Zealand Web Usability Standard 1.3, #Web Content Accessibility Guidelines (WCAG) 2.1National (NZ)GuidanceNZ GovernmentPublishedPUBLISHAdd2020-03-31 NZBN (New Zealand Business Number)The New Zealand Business Number (NZBN) is a globally unique identifier, available to every Kiwi business. The NZBN makes doing business faster and easier because it links core business information (known as Primary Business Data). This includes things such as trading name, phone number or email. The New Zealand Business Number (NZBN) Act came into effect in 2016, enabling all businesses to be allocated or register for an NZBN. That includes government agencies, who are working to implement the NZBN into their systems and processes. The flow-on effect will be that agencies can get core business information from the NZBN Register, eliminating the need for businesses to provide and update it. Each NZBN is a Global Location Number (GLN), supplied by GS1 New Zealand, that uses the GS1 global numbering standards (the same standards used to create bar codes). GLNs are an ISO (International Organization for Standardization) standard and part of a credible international system used widely in international trade, supply chain logistics and electronic messaging systems.https://www.nzbn.govt.nz/whats-an-nzbn/about/Mandated2020-10 added as Mandated as the NZBN is mandatory for NZ Business entities. The NZBN is an implementation of the GLN (Global Location Number) from GS1.MBIEGLN (Global Location Number)National (NZ)StandardParliamentCurrentPUBLISHAdd2020-10-19 NZCSP 301: New Zealand Communications Security Policy No 301 (Document classified RESTRICTED)NZCSP 301RESTRICTED document available on application to authorised personnelnzism@gcsb.govt.nz Recommended2022-03 Added as Recommended as listed in NZISM 1.1.63. Additional Guidance.GCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz #NZISM 1.1.63. Additional GuidanceNZCSS 300: New Zealand Communications Security Standard No 300 (Document classified RESTRICTED)Government (NZ)PolicyGCSBPUBLISHAdd2022-03-21 NZCSS 400: New Zealand Communications Security Standard No 400 (Document classified CONFIDENTIAL)CONFIDENTIAL document available on application to authorised personnelnzism@gcsb.govt.nz Recommended2020-01 added as Recommended. Referenced by the GCSB's NZISM GCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz #NZISM 1.1.63. Additional GuidanceGovernment (NZ)StandardGCSBPUBLISHAdd2020-01-16 NZGOAL (New Zealand Government Open Access and Licensing) frameworkThe New Zealand Government Open Access and Licensing framework (NZGOAL) is government guidance for agencies to follow when releasing copyright works and non-copyright material for re-use by others. It seeks to standardise the licensing of government copyright works for re-use using Creative Commons New Zealand law licences and recommends the use of ‘no-known rights’ statements for non-copyright material. Creative Commons licences are freely available copyright licences that enable the sharing of copyright works for re-use in a standardised way and in forms that are human, machine and lawyer readable.https://www.data.govt.nz/manage-data/policies/declaration-on-open-and-transparent-government/Recommended2020-05 added as Recommended.GCDS Data functional leadership mandate.Statistics NZGovernment (NZ)FrameworkGCDS (Government Chief Data Steward)CURRENT2015-01PUBLISHAdd2020-05-29 NZISM 01. About information securityNZISM 01. About information security 1.1 Understanding and using this Manual 1.2. Applicability, Authority and Compliance https://www.nzism.gcsb.govt.nz/ism-document/#23Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz #ISO/IEC 27000:2018, #CNSS Instruction No. 4009 6 April 2015, #NISTIR 7298 Revision 3, July 2019, #PSR, #ISO/IEC 15408-1:2009, #ISO/IEC 15408-2:2008, #ISO/IEC 15408-3:2008, #ISO 22301:2019, #NZCSS 400, #NZCSP 301, #IsSO/IEC 27001: 2013, #ISO/IEC 27002: 2022, #ISO/IEC11770, #ISO/IEC 27037:2012, #ISO 31000:2018, #HB 436:2013, #ISO Guide 73:2019, #HB 167:2006.Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 02. Information Security within GovernmentNZISM 02. Information Security within Government includes: 2.1. Government Engagement. Objective; Security personnel are aware of and use information security services offered within the New Zealand Government. 2.2. Industry Engagement and Outsourcing. Objective; Industry handling classified information implements the same security measures as government agencies. 2.3. Approach to Cloud Services. Objective; agencies understand and manage their approach to cloud services securely, effectively and efficiently. https://www.nzism.gcsb.govt.nz/ism-document/#24Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz #Managing The Government’s Adoption of Cloud Computing, #Improving Government Information and Communications Technology Assurance, #Cloud Computing – Information Security and Privacy Considerations April 2014, #Accelerating the Adoption of Public Cloud Services, #Cloud Risk Assessment Tool, #Risk Assessment ProcessGovernment (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 03. Information security governance - roles and responsibilitiesNZISM 03. Information security governance - roles and responsibilities includes: 3.1. The Agency Head. Objective; The agency head endorses and is accountable for information security within their agency. 3.2. The Chief Information Security Officer. Objective; The Chief Information Security Officer (CISO) sets the strategic direction for information security within their agency. 3.3. Information Technology Security Managers. Objective; Information Technology Security Managers (ITSM) provide information security leadership and management within their agency. 3.4. System Owners. Objectives; System owners obtain and maintain accreditation of their systems, including any directly related services such as cloud. 3.5. System Users. Objectives; System users comply with information security policies and procedures within their agency.https://www.nzism.gcsb.govt.nz/ism-document/#264Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 04. System Certification and AccreditationNZISM 04. System Certification and Accreditation includes: 4.1. The Certification and Accreditation Process. Objective; Executives and Security Practitioners understand and enforce the use of the Certification and Accreditation (C&A) process and its role in information security governance and assurance. 4.2. Conducting Certifications. Objective; The security posture of the organisation has been incorporated into its system security design, controls are correctly implemented, are performing as intended and that changes and modifications are reviewed for any security impact or implications. 4.3. Conducting Audits. Objective; The effectiveness of information security measures for systems is periodically reviewed and validated. 4.4. Accreditation Framework. Objective; Accreditation is the formal authority for a system to operate, and an important element in fundamental information system governance. Accreditation requires risk identification and assessment, selection and implementation of baseline and other appropriate controls and the recognition and acceptance of residual risks relating to the operation of a system including any outsourced services such as Telecommunications or Cloud. Accreditation relies on the completion of system certification procedures. 4.5. Conducting Accreditations. Objective; As a governance good practice, systems are accredited before they are used operationally.https://www.nzism.gcsb.govt.nz/ism-document/#470Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz #ISO/IEC 19011:2018, #ISO/IEC 27000:2018, #ISO/IEC 27001:2013, #ISO/IEC 27002:2013, #ISO/IEC 27006:2015, #ISO/IEC 27007:2020, #NIST SP 800-37 Rev. 1, Feb 2010, #NIST SP 800-171, Feb 2020, Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 05. Information security documentationNZISM 05. Information security documentation includes: 5.1. Documentation Fundamentals. Objective; Information security documentation is produced for systems, to support and demonstrate good governance. 5.2. Information Security Policies. Objective; Information security policies (SecPol) set the strategic direction for information security. 5.3. Security Risk Management Plans. Objective; Security Risk Management Plans (SRMP) identify security risks and appropriate treatment measures for systems. 5.4. System Security Plans. Objective; System Security Plans (SecPlan) specify the information security measures for systems. 5.5. Standard Operating Procedures. Objective; Standard Operating Procedures (SOPs) ensure security procedures are followed in an appropriate and repeatable manner. 5.6. Incident Response Plans. Objective; Incident Response Plans (IRP) outline actions to take in response to an information security incident. 5.7. Emergency Procedures. Objective; Classified information and systems are secured before personnel evacuate a facility in the event of an emergency. 5.8. Independent Assurance Reports. Objective; To provide assurance to System Owners, Certifiers, Practitioners and Accreditors and to assist system designers, enterprise and security architects where assurance reviews cannot be directly undertaken on service providers.https://www.nzism.gcsb.govt.nz/ism-document/#676Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 06. Information security monitoringNZISM 6. Information security monitoring includes: 6.1. Information Security Reviews. Objective; Information security reviews maintain the security of agency systems and detect gaps and deficiencies. 6.2. Vulnerability Analysis. Objective; Exploitable information system weaknesses can be identified by vulnerability analyses and inform assessments and controls selection. 6.3. Change Management. Objective; To ensure information security is an integral part of the change management process, it should be incorporated into the agency’s IT maintenance governance and management activities. 6.4. Business Continuity and Disaster Recovery. Objective; To ensure business continuity and disaster recovery processes are established to assist in meeting the agency’s business requirements, minimise any disruption to the availability of information and systems, and assist recoverability. Was: NZISM 06. INFORMATION SECURITY MONITORINGhttps://www.nzism.gcsb.govt.nz/ism-document/#738Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 07. Information Security IncidentsNZISM 7. Information Security Incidents includes: 7.1. Detecting Information Security Incidents. Objective; To ensure that appropriate tools, processes and procedures are implemented to detect information security incidents, to minimise impact and as part of the suite of good IT governance activities. 7.2. Reporting Information Security Incidents. Objective; Reporting information security incidents, assists in maintaining an accurate threat environment picture for government systems, particularly All-of-Government or multi-agency systems. 7.3. Managing Information Security Incidents. Objective; To identify and implement processes for incident analysis and selection of appropriate remedies which will assist in preventing future information security incidents. Was: NZISM 07. INFORMATION SECURITY INCIDENTS https://www.nzism.gcsb.govt.nz/ism-document/#754Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 08. Physical SecurityNZISM 8. Physical Security includes: 8.1. Facilities. Objective; Physical security measures are applied to facilities protect systems and their infrastructure. 8.2. Servers and Network Devices. Objective; Secured server and communications rooms provide appropriate physical security for servers and network devices. 8.3. Network Infrastructure. Objective; Network infrastructure is protected by secure facilities and the use of encryption technologies. 8.4. IT Equipment. Objective; IT equipment is secured outside of normal working hours, is non-operational or when work areas are unoccupied. 8.5. Tamper Evident Seals. Objective; Tamper evident seals and associated auditing processes identify attempts to bypass the physical security of systems and their infrastructure. Was: NZISM 08. PHYSICAL SECURITYhttps://www.nzism.gcsb.govt.nz/ism-document/#755Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 09. Personnel SecurityNZISM 9. Personnel Security includes: 9.1. Information Security Awareness and Training. Objective; A security culture is fostered through induction training and ongoing security education tailored to roles, responsibilities, changing threat environment and sensitivity of information, systems and operations. 9.2. Authorisations, Security Clearances And Briefings. Objective; Only appropriately authorised, cleared and briefed personnel are allowed access to systems. 9.3. Using The Internet. Objective; Personnel use Internet services in a responsible and security conscious manner, consistent with agency policies. 9.4. Escorting Uncleared Personnel. Objective; Uncleared personnel are escorted within secure areas. Was: NZISM 09. PERSONNEL SECURITYhttps://www.nzism.gcsb.govt.nz/ism-document/#756Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 10. InfrastructureNZISM 10. Infrastructure includes: 10.1. Cable Management Fundamentals. Objective; Cable management systems are implemented to allow easy integration of systems across government and minimise the opportunity for tampering or unauthorised change. 10.2. Cable Management for Non-Shared Government Facilities. Objective; Cable management systems in non-shared government facilities are implemented in a secure and easily inspectable and maintainable way. 10.3. Cable Management for Shared Government Facilities. Objective; Cable management systems in shared government facilities are implemented in a secure and easily inspectable and maintainable way. 10.4. Cable Management for Shared Non-Government Facilities. Objective; Cable management systems are implemented in shared non-government facilities to minimise risks to data and information. 10.5. Cable Labelling and Registration. Objective; To facilitate cable management, and identify unauthorised additions or tampering. 10.6. Patch Panels, Patch Cables and Racks. Objective; Cable termination, patch panels, patch cables and racks are designed to prevent emanations, cross-connecting or cross-patching systems of differing classifications as well as following good engineering practice. 10.7. Emanation Security Threat Assessments. Objective; In order to minimise compromising emanations or the opportunity for a technical attack, a threat assessment is used to determine appropriate countermeasures. 10.8 Network Design, Architecture and IP Address. Objective; IP Address architecture, allocation and addressing schemes enable and support system security and data protection. Was: NZISM 10. INFRASTRUCTUREhttps://www.nzism.gcsb.govt.nz/ism-document/#757Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 11. Communications Systems and DevicesNZISM 11. Communications Systems and Devices includes: 11.1. Radio Frequency and Infrared Devices. Objective; To maintain the integrity of secure areas, only approved radio frequency (RF) and infrared devices (IR) are brought into secure areas. 11.2. Fax Machines, Multifunction Devices and Network Printers. Objective; Fax machines, multifunction devices (MFD’s) and network printers are used in a secure manner. 11.3. Telephones and Telephone Systems. Objective; Telephone systems are prevented from communicating unauthorised classified information. 11.4. Mobile Telephony. Objective; Mobile telephone systems and devices are prevented from communicating unauthorised classified information. 11.5. Personal Wearable Devices. Objective; Wearable devices are prevented from unauthorised communication or from compromising secure areas. 11.6. Radio Frequency Identification Devices. Objective; To ensure Radio Frequency Identification (RFID) devices are used safely and securely in order to protect privacy, prevent unauthorised access and to prevent the compromise of secure spaces. 11.7. Access Control Systems. Objective; To ensure Access Control Systems incorporating contactless RFID or smart cards are used safely and securely in order to protect privacy, prevent unauthorised access and to prevent the compromise of secure spaces. Was: NZISM 11. COMMUNICATIONS SYSTEMS AND DEVICEShttps://www.nzism.gcsb.govt.nz/ism-document/#758Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 12. Product SecurityNZISM 12. Product Security includes: 12.1. Product Selection and Acquisition. Objective; Products providing security functions for the protection of classified information are formally evaluated in order to provide a degree of assurance over the integrity and performance of the product. 12.2. Product Installation and Configuration. Objective; Evaluated products use evaluated configurations. 12.3. Product Classifying and Labelling. Objective; IT equipment is classified and appropriately labelled. 12.4. Product Patching and Updating. Objective; To ensure security patches are applied in a timely fashion to manage software and firmware corrections, vulnerabilities and performance risks. 12.5. Product Maintenance and Repairs. Objective; Products are repaired by cleared or appropriately escorted personnel. 12.6. Product Sanitisation and Disposal. Objective; IT equipment is sanitised and disposed of in an approved manner. 12.7. Supply Chain. Objective; Technology supply chains are established and managed to ensure continuity of supply and protection of sensitive related information. Was: NZISM 12. PRODUCT SECURITYhttps://www.nzism.gcsb.govt.nz/ism-document/#759Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 13. Media Management, Decommissioning and DisposalNZISM 13. Decommissioning and Disposal includes: 13.1. System Decommissioning. Objective; To ensure systems are safely decommissioned and that software, system logic and data are properly transitioned to new systems or archived in accordance with agency, legal and statutory requirements. 13.2. Media Handling. Objective; Media is properly classified, labelled and registered in order to clearly indicate the required handling instructions and degree of protection to be applied. 13.3. Media Usage. Objective; Media is used with systems in a controlled and accountable manner. 13.4. Media and IT Equipment Sanitisation. Objective; Media and IT Equipment that is to be redeployed or is no longer required is sanitised. 13.5. Media and IT Equipment Destruction. Objective; Media and IT Equipment that cannot be sanitised is destroyed before disposal. 13.6. Media and IT Equipment Disposal. Objective; Media and IT equipment is declassified and approved by the CISO, or delegate, for release before disposal into the public domain. Was: NZISM 13. DECOMMISSIONING AND DISPOSALhttps://www.nzism.gcsb.govt.nz/ism-document/#760Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 14. Software securityNZISM 14. Software Security includes: 14.1. Standard Operating Environments. Objective; Standard Operating Environments (SOE) are hardened in order to minimise attacks and compromise through known vulnerabilities and attack vectors. 14.2. Application Whitelisting. Objective; Only approved applications are used on agency controlled systems. 14.3. Web Applications. Objective; Access to Web content is implemented in a secure and accountable manner. 14.4. Software Application Development. Objective; Secure programming methods and testing are used for application development in order to minimise the number of coding errors and introduction of security vulnerabilities. 14.5. Web Application Development. Objective; Security mechanisms are incorporated into all Web applications by design and implementation. Was: NZISM 14. SOFTWARE SECURITYhttps://www.nzism.gcsb.govt.nz/ism-document/#737Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 15. Email securityNZISM 15. Email Security includes: 15.1. Email Applications. Objective; Email messages have appropriate protective markings to facilitate the application of handling instructions. 15.2. Email Infrastructure. Objective; Email infrastructure is hardened, email is secured and protective marking of email messages is enforced. Was: NZISM 15. EMAIL SECURITYhttps://www.nzism.gcsb.govt.nz/ism-document/#1668Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 16. Access ControlNZISM 16. Access Control includes: 16.1. Identification and Authentication. Objective; Identification and authentication requirements are implemented in order to provide a secure means of access to information and systems. 16.2. System Access. Objective; Access to information on systems is controlled in accordance with agency policy and this manual. 16.3. Privileged Access. Objective; Only trusted personnel are granted privileged access to systems. 16.4. Remote Access. Objective; Remote access to systems is minimised, secure, controlled, authorised and authenticated. 16.5. Event Logging and Auditing. Objective; Information security related events are logged and audited for accountability, incident management, forensic and system monitoring purposes. Was: NZISM 16. ACCESS CONTROLhttps://www.nzism.gcsb.govt.nz/ism-document/#1801Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 17. Cryptography17. Cryptography includes: 17.1. Cryptographic Fundamentals. Objective; Cryptographic products, algorithms and protocols are approved by the GCSB for suitability before being used and that cryptographic implementations by agencies are adequate for the protection of data and communications. 17.2. Approved Cryptographic Algorithms. Objective; Information is protected by a properly implemented, Approved Cryptographic Algorithm. 17.3. Approved Cryptographic Protocols. Objective; Classified information in transit is protected by an Approved Cryptographic Protocol implementing an Approved Cryptographic Algorithm. 17.4. Secure Sockets Layer and Transport Layer Security. Objective; Secure Sockets Layer and Transport Layer Security are implemented correctly as approved protocols. 17.5. Secure Shell. Objective; Secure Shell (SSH) is implemented correctly as an Approved Cryptographic Protocol. 17.6. Secure Multipurpose Internet Mail Extension. Objective; Secure Multipurpose Internal Mail Extension (S/MIME) is implemented correctly as an approved cryptographic protocol. 17.7. OpenPGP Message Format. Objective; OpenPGP Message Format is implemented correctly as an Approved Cryptographic Protocol. 17.8. Internet Protocol Security. Objective; Internet Protocol Security (IPSec) is correctly implemented. 17.9. Key Management. Objective; Cryptographic keying material is protected by key management procedures. 17.10. Hardware Security Modules. Objective; Hardware Security Modules are used where additional security of cryptographic functions is desirable. https://www.nzism.gcsb.govt.nz/ism-document/#2035Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 18. Network securityNZISM 18. Network Security includes: 18.1. Network Management. Objective; Any change to the configuration of networks is authorised and controlled through appropriate change management processes to ensure security, functionality and capability is maintained. 18.2. Wireless Local Area Networks. Objective; Wireless local area networks are deployed in a secure manner that does not compromise the security of information and systems. 18.3. Video & Telephony Conferencing and Internet Protocol Telephony. Objective; Video & Telephony Conferencing (VTC), Internet Protocol Telephony (IPT) and Voice over Internet Protocol (VoIP) systems are implemented in a secure manner that does not compromise security, information or systems and that they operate securely. 18.4. Intrusion Detection and Prevention. Objective; An intrusion detection and prevention strategy is implemented for systems in order to respond promptly to incidents and preserve availability, confidentiality and integrity of systems. 18.5. Internet Protocol Version 6. Objective; IPv6 is disabled until it is ready to be deployed. 18.6. Peripheral (KVM) Switches. Objective; An evaluated peripheral switch is used when sharing keyboards, monitors and mice or other user interface devices, between different systems. Was: NZISM 18. NETWORK SECURITYhttps://www.gcsb.govt.nz/assets/GCSB-NZISM/NZISM-Part-Two-v2.6-July-2017.pdfMandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 19. Gateway securityNZISM 19. Gateway Security includes: 19.1. Gateways. Objective; To ensure that gateways are properly configured to protect agency systems and information transferred between systems from different security domains. 19.2. Cross Domain Solutions (CDS). Objective; Cross-Domain Solutions secure transfers between systems of differing classifications or trust levels with high assurance over the security of systems and information. 19.3 Firewalls. Objective; Agencies operating bi-directional gateways implement firewalls and traffic flow filters to provide a protective layer to their networks in both discrete and virtual environments. 19.4. Diodes. Objective; Networks connected to one-way (uni-directional) gateways implement diodes in order to protect the higher classified system. 19.5. Session Border Controllers. Objective; To ensure the use of Session Border Controllers (SBCs) is integrated with the agency’s security architecture and that use is consistent with other requirements for gateway security in this chapter. Was: NZISM 19. GATEWAY SECURITYhttps://www.nzism.gcsb.govt.nz/ism-document/#2614Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 20. Data managementDescription: 20. Data Management includes: 20.1. Data Transfers. Objective; Data transfers between systems are controlled and accountable. 20.2. Data Import and Export. Objective; Data is transferred through gateways in a controlled and accountable manner. 20.3. Content Filtering. Objective; The flow of data within gateways is examined and controls applied in accordance with the agency’s security policy. To prevent unauthorised or malicious content crossing security domain boundaries. 20.4. Databases. Objective; Database content is protected from personnel without a need-to-know. Was: NZISM 20. DATA MANAGEMENThttps://www.nzism.gcsb.govt.nz/ism-document/#4104Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 21. Working Off-Site21. Work Off-Site includes: 21.1. Agency-owned Mobile Devices. Objective; Information on agency-owned mobile devices is protected from unauthorised disclosure. 21.2. Working Outside the Office. Objective; Information on mobile devices is not accessed from public or insecure locations. 21.3. Working From Home. Objective; Personnel working from home protect classified information in the same manner as in the office environment. 21.4. Non-Agency Owned Devices and Bring Your Own Device (BYOD). Objective; Where an Agency permits personnel to supply their own mobile devices (such as smartphones, tablets and laptops), Official Information and agency information systems are protected to a level equivalent to an agency provided and managed office environment. Was: NZISM 21. WORKING OFF SITEhttps://www.nzism.gcsb.govt.nz/ism-document/#4450Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 22. Enterprise systems securityNZISM 22. Enterprise System Security includes: 22.1. Cloud Computing. Objective; Cloud systems risks are identified and managed and that Official Information and agency information systems are protected in accordance with Cabinet Directives, the NZISM, the New Zealand Classification System and with other government security requirements and guidance. 22.2. Virtualisation. Objective; To identify virtualisation specific risks and apply mitigations to minimise risk and secure the virtual environment. 22.3. Virtual Local Area Networks. Objective; Virtual local area networks (VLANs) are deployed in a secure manner that does not compromise the security of information and systems. Was: NZISM 22. ENTERPRISE SYSTEM SECURITYhttps://www.nzism.gcsb.govt.nz/ism-document/#4759Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz #NIST Special Publication 800-145, September 2011, #NIST Special Publication 800-146, May 2012, #NIST Special Publication 500-291, version 2, July 2013, #NIST Special Publication 500-292, September 2011, #ISO/IEC 17788:2014, #ISO/IEC 17789:2014, #ISO/IEC 17826:2012, #ISO/IEC 19086-1:2016, #ISO/IEC 19086-2:2018, #ISO/IEC 19086-3:2017, #ISO/IEC 19941:2017, #ISO/IEC 27017:2015, #ISO/IEC 27018:2019. Government (NZ)StandardGCISO (Government Chief Information Security Officer)CurrentUse current versionPUBLISHUpdate2022-02-21 NZISM 23. Supporting InformationNZISM 23. Supporting Information 23.1. Glossary of Abbreviations 23.2. Glossary of Termshttps://www.nzism.gcsb.govt.nz/ism-document/#4786Mandated2022-02 restored to showing the sections of the NZISMGCISO information security functional leadership mandate. GCSBnzism@gcsb.govt.nz Government (NZ)StandardGCISO (Government Chief Information Security Officer)PUBLISHAdd2021-03-18 OASIS Customer Information Quality (CIQ) V3The CIQ TC specifications has been widely adopted in commercial and governmental applications and has been incorporated into other standards as well. See below for more details. Archives of its work remain publicly accessible and are linked from this page. OASIS appreciates the efforts of all those who participated in this TC. The Name "Customer Information Quality" is just the operating name of the Technical Committee. The scope of the TC is much broader than "Customer Information". This Committee concentrates on developing global and generic industry standards for managing "Party Centric Information". "Customer" is a type of "Party". The word "Customer" is used as a generic term and it can be replaced by line of business specific or industry terms (specific to the context) such as: Beneficiary, Business Entity, Citizen, Client, Contact, Guest, Legal Entity, Organisation, Partner, Party, Patient, Prospect, Subscriber, Supplier, Service Provider, Trust, Trustee, etc. All these types of "customer(s)" are a type of "Party". The objective of the OASIS CIQ TC (formed in 2000) is to deliver a set of XML Specifications for defining, representing, interoperating and managing "PARTY (Person or Organisation) CENTRIC INFORMATION" that are truly open, vendor neutral, industry and application independent, and importantly "Global" (ability to represent international data formats such as different types of party names and addresses used in 241+ countries).http://docs.oasis-open.org/ciq/v3.0/specs/ciq-specs-v3.htmlAcceptedGCDO Digital functional leadership mandateDIAInternationalStandardOASISCompletedPUBLISH OAuth 2.0 CoreAn open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. OAuth 2.0 Core: - OAuth 2.0 Framework - RFC 6749 - OAuth 2.0 Grant Types - OAuth 2.0 Bearer Tokens - RFC 6750 - Threat Model and Security Considerations - RFC 6819 - OAuth 2.0 Security Best Current Practice Note: OpenID Connect is an authentication layer built on top of OAuth 2.0.https://oauth.net/2/https://oauth.net/2/RecommendedMainstreamGCDO Digital functional leadership mandateDIA#RFC 6749 OAuth 2.0 Authorization Framework, #RFC 6750 OAuth 2.0 Authorization Framework: Bearer Token Usage, #RFC 6819 OAuth 2.0 Threat Model and Security Considerations#API Guidelines Part C - API Development 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)PUBLISHUpdate2019-02-11 ODF v1.2 [Open Document Format v1.2]26300The Open Document Format for Office Applications (ODF), also known as OpenDocument, is an XML-based file format for spreadsheets, charts, presentations and word processing documents. It was developed with the aim of providing an open, XML-based file format specification for office applications. The standard was developed by a technical committee in the Organization for the Advancement of Structured Information Standards (OASIS) consortium. It was based on the Sun Microsystems specification for OpenOffice.org XML, the default format for OpenOffice.org, which had been specifically intended "to provide an open standard for office documents." In addition to being an OASIS standard, it was published as an ISO/IEC international standard ISO/IEC 26300 – Open Document Format for Office Applications (OpenDocument). Source: Wikipedia http://docs.oasis-open.org/office/v1.2/OpenDocument-v1.2.htmlAcceptedDIAODF v1.3 [Open Document Format v1.3]InternationalStandard - TechnicalOASISOASIS Standard 2011-09-29PUBLISH OGC Abstract Specification Topic 2: Referencing by coordinates19111This document is consistent with the third edition (2018) of ISO 19111, Geographic Information - Referencing by coordinates. ISO/DIS 19111:2018 was prepared by Technical Committee ISO/TC 211, Geographic information/Geomatics, in close collaboration with the Open Geospatial Consortium (OGC). It replaces the second edition, ISO 19111:2007 and and ISO 19111-2:2009, OGC documents 08-015r2 and 10-020. Geographic information is inherently four-dimensional and includes time. The spatial component relates the features represented in geographic data to positions in the real world. Spatial references fall into two categories: - those using coordinates; - those based on geographic identifiers.https://docs.opengeospatial.org/as/18-005r4/18-005r4.htmlAcceptedAdded as accepted as this is the free source for ISO 19111:2019 which is the source for AS/NZS ISO 19111:2019ISO 19111:2018InternationalStandard - TechnicalOGC (Open Geospatial Consortium)Published2019-02-08PUBLISHAdd2022-02-16 OIDs Schema Object IdentifiersIn computing, an object identifier or OID is an identifier used to name an object (compare URN). Structurally, an OID consists of a node in a hierarchically-assigned namespace, formally defined using the ITU-T's ASN.1 standard, X.690. Successive numbers of the nodes, starting at the root of the tree, identify each node in the tree. Designers set up new nodes by registering them under the node's registration authority. Source: GEA-NZ Standards Reference Appendix - 2. Data Integration - 2. International Technical Standards. Mature and Managed. Widespread adoption.https://ldap.com/object-identifiers/AcceptedGCDO Digital functional leadership mandate.InternationalStandardITU-TCurrentPUBLISH OOXML (Office Open XML)29500The specification has been adopted by ISO and IEC as ISO/IEC 29500. Office Open XML, also known as OpenXML or OOXML, is an XML-based format for office documents, including word processing documents, spreadsheets, presentations, as well as charts, diagrams, shapes, and other graphical material. The specification was developed by Microsoft and adopted by ECMA International as ECMA-376 in 2006. A second version was released in December, 2008, and a third version of the standard released in June, 2011. It is important to keep in mind that OOXML is not the same as Open Office XML or the Open Document Format (ODF) that underlies the OpenOffice.org and other open source office software. Office Open XML and Open Office XML or ODF are in some sense competing XML standards for office documents. Although the older binary formats (.doc, xls, and .ppt) continue to be supported by Microsoft, OOXML is now the default format of all Microsoft Office documents (.docx, .xlsx, and .pptx). Was: Office Open XML – ISO/IEC http://officeopenxml.com/AcceptedDIAInternationalStandard - TechnicalEcmaPUBLISH OpenAPI SpecificationThe OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via OpenAPI, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. Similar to what interface descriptions have done for lower-level programming, the OpenAPI Specification removes guesswork in calling a service.https://spec.openapis.org/oas/latest.htmlhttps://github.com/OAI/OpenAPI-Specification/Recommended2021-08 added as Recommended referenced by the API Guidelines Part CGCDO Digital functional leadership mandateDIA#API Guidelines Part C - API Development 2021InternationalStandard - TechnicalOAIPUBLISHAdd2021-08-06 OpenID Connect 1.0OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers, and session management, when it makes sense for themhttp://openid.net/connect/RecommendedReview with DITP 2019-03 Added as Recommended.MainstreamGCDO Digital functional leadership mandate. DIAGCDO@dia.govt.nz#OAuth 2.0 Core#API Guidelines Part C - API Development 2021InternationalStandard - TechnicalOIDF (OpenID Foundation)PublishedPUBLISHAdd2019-03-08 OpenID Connect Basic Client Implementer's Guide 1.0 - draft 38OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. This OpenID Connect Basic Client Implementer's Guide 1.0 contains a subset of the OpenID Connect Core 1.0 specification that is designed to be easy to read and implement for basic Web-based Relying Parties using the OAuth Authorization Code Flow. This document intentionally duplicates content from the Core specification to provide a self-contained implementer's guide for basic Web-based Relying Parties using the OAuth Authorization Code Flow. OpenID Providers and non-Web-based applications should instead consult the Core specification.https://openid.net/specs/openid-connect-basic-1_0.htmlAccepted2021-03 Changed from Informational to Accepted as referenced in the API Standard. 2019-03 Added as InformationalGCDO Digital functional leadership mandateDIAInternationalStandard - TechnicalOIDF (OpenID Foundation)Published2017-04-07PUBLISHUpdate2021-03-18 OpenID Connect Core 1.0 incorporating errata set 1OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. This specification defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User. It also describes the security and privacy considerations for using OpenID Connect.https://openid.net/specs/openid-connect-core-1_0.htmlAccepted2021-03 Changed from Informational to Accepted as referenced in the API Standard. 2019-03 Added as InformationalGCDO Digital functional leadership mandateDIAInternationalStandard - TechnicalOIDF (OpenID Foundation)Published2014-11-08PUBLISHUpdate2021-03-18 OpenID Connect Federation 1.0 - draft 07The OpenID Connect standard specifies how an Relying Party (RP) can discover metadata about an OpenID Provider (OP), and then register to obtain RP credentials. The discovery and registration process does not involve any mechanisms of dynamically establishing trust in the exchanged information, but instead rely on out-of-band trust establishment. In an identity federation context, this is not sufficient. The participants of the federation must be able to trust information provided about other participants in the federation. OpenID Connect Federations specifies how trust can be dynamically obtained by resolving trust from a common trusted third party. While this specification is primarily targeting OpenID Connect, it is designed to allow for re-use by other protocols and in other use cases.https://openid.net/specs/openid-connect-federation-1_0.htmlAccepted2021-03 Changed from Informational to Accepted as referenced in the API Standard. 2019-03 Added as InformationalGCDO Digital functional leadership mandateDIAInternationalStandard - TechnicalOIDF (OpenID Foundation)Published2019-02-15PUBLISHUpdate2021-03-18 OpenID Connect Implicit Client Implementer's Guide 1.0OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. This OpenID Connect Implicit Client Implementer's Guide 1.0 contains a subset of the OpenID Connect Core 1.0 specification that is designed to be easy to read and implement for basic Web-based Relying Parties using the OAuth 2.0 Implicit Flow. This document intentionally duplicates content from the Core specification to provide a self-contained implementer's guide for basic Web-based Relying Parties using the OAuth Implicit Flow. OpenID Providers and non-Web-based applications should instead consult the Core specification.https://openid.net/specs/openid-connect-implicit-1_0.htmlAccepted2021-03 Changed from Informational to Accepted as referenced in the API Standard. 2019-03 Added as InformationalGCDO Digital functional leadership mandateDIAInternationalGuidanceOIDF (OpenID Foundation)Published2020-07-24PUBLISHUpdate2021-03-18 OpenID Connect Profile for SCIM ServicesDescription: SCIM (RFC7644) is an IETF protocol that enables HTTP clients to retrieve and manage cross-domain identities. OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol which offers access to profile information through a UserInfo endpoint. This specification defines how OpenID Connect relying parties may discover availability of and register for, and access, SCIM services as part of an OpenID Provider (OP) services.https://openid.net/specs/openid-connect-scim-profile-1_0.htmlAccepted2021-03 Changed from Informational to Accepted as referenced in the API Standard. 2019-03 Added as InformationalGCDO Digital functional leadership mandateDIA#RFC7644, #OpenID Connect 1.0, #OAuth 2.0InternationalStandard - TechnicalOIDF (OpenID Foundation)Published2016-06-15PUBLISHUpdate2021-03-18 Operational data governanceOperational data governance is closely associated with data activities and needs at the operational levels of an organisation. In the continuum of governance for data, an operational approach complements traditional political data governance. Includes the oDFG (operational Data Governance Framework)https://www.data.govt.nz/toolkit/data-governance/odgf/Recommended2021-08 added as Recommended.GCDS Data functional leadership mandate.Statistics NZGovernment (NZ)Guidance Statistics NZPublished2021-07PUBLISHAdd2021-08-02 Overview of New Zealand data and information principlesThis draft guide explains what data and information management principles are, and outlines the principles used in the New Zealand government context.https://www.data.govt.nz/assets/Uploads/Overview-of-NZ-data-and-information-principles.pdfDevelopment2020-09 changed from Future Consideration to DevelopmentGCDS Data functional leadership mandate.Statistics NZGovernment (NZ)PrinciplesGCDS (Government Chief Data Steward)DraftPUBLISHUpdate2020-09-16 PEPPOL (Pan European Public Procurement Online)Pan European Public Procurement Online or PEPPOL is a set of artefacts and specifications enabling cross-border eProcurement. The use of PEPPOL is governed by a multi-lateral agreement structure which is owned and maintained by OpenPEPPOL. This is the e-Invoicing format being adopterd by NZ and Australia and this work is led by MBIE. There is a PEPPOL New Zealand Country Profile and PEPPOL New Zealand accreditation documents as well as PEPPOL 'BIS' (PEPPOL Business Interoperability Specifications).https://peppol.eu/what-is-peppol/peppol-profiles-specifications/Recommended2021-09 added as RecommendedMBIE e-InvoicingThe New Zealand and Australian governments have committed to a joint approach to e-Invoicing and, in February 2019, announced their intention to adopt the Pan European Public Procurement Online (Peppol) interoperability framework. Peppol is currently used by 32 countries, with more countries planning to adopt it in the near future. In October 2019, the Ministry of Business, Innovation and Employment (MBIE) became a Peppol Authority, with the responsibility of overseeing New Zealand’s e-Invoicing framework. MBIE#PEPPOL 'BIS' (PEPPOL Business Interoperability Specifications)#API Guidelines Part C - API Development 2021, #PEPPOL New Zealand accreditation documents, #PEPPOL New Zealand Country ProfileInternationalStandardOpenPEPPOLPUBLISHAdd2021-09-07 PEPPOL 'BIS' (PEPPOL Business Interoperability Specifications)Pan European Public Procurement Online or PEPPOL is a set of artefacts and specifications enabling cross-border eProcurement. The use of PEPPOL is governed by a multi-lateral agreement structure which is owned and maintained by OpenPEPPOL. PEPPOL 'BIS' is a set of eProcurement Business Interoperability Specifications (BIS) utilizing the Universal Business Language (UBL - ISO/IEC 19845)https://peppol.eu/what-is-peppol/peppol-profiles-specifications/Informational2020-01 added as Recommended. NZ Govenrment eInvoicng has a profile of this. Not for use in NZ. The New Zealand and Australian governments have committed to a joint approach to e-Invoicing and, in February 2019, announced their intention to adopt the Pan European Public Procurement Online (Peppol) interoperability framework. Peppol is currently used by 32 countries, with more countries planning to adopt it in the near future. In October 2019, the Ministry of Business, Innovation and Employment (MBIE) became a Peppol Authority, with the responsibility of overseeing New Zealand’s e-Invoicing framework. MBIE#PEPPOL (Pan European Public Procurement Online) PEPPOL New Zealand Country ProfileInternationalStandardOpenPEPPOLPUBLISHAdd2020-01-27 PEPPOL New Zealand accreditation documentsDocuments to support the accreditation of Service Providers to the A-NZ PEPPOL Authorities https://github.com/A-NZ-PEPPOL/A-NZ-accreditation-documentsRecommended2020-01 added as Recommended. In October 2019, the Ministry of Business, Innovation and Employment (MBIE) became a Peppol Authority, with the responsibility of overseeing New Zealand’s e-Invoicing framework. MBIE e-InvoicingThe New Zealand and Australian governments have committed to a joint approach to e-Invoicing and, in February 2019, announced their intention to adopt the Pan European Public Procurement Online (Peppol) interoperability framework. Peppol is currently used by 32 countries, with more countries planning to adopt it in the near future. In October 2019, the Ministry of Business, Innovation and Employment (MBIE) became a Peppol Authority, with the responsibility of overseeing New Zealand’s e-Invoicing framework. MBIE#PEPPOL (Pan European Public Procurement Online) National (NZ)StandardOpenPEPPOLPUBLISHAdd2020-01-27 PEPPOL New Zealand Country ProfileA profile covering New Zealand Vision, Main drivers, Strategy, Main concerns, and Key contacts.https://peppol.eu/what-is-peppol/peppol-country-profiles/new-zealand-country-profile/MandatedNew Zealand Government e-Invoicing ANZ extension for use by all NZ Businesses and Government. The New Zealand and Australian governments have committed to a joint approach to e-Invoicing and, in February 2019, announced their intention to adopt the Pan European Public Procurement Online (Peppol) interoperability framework. Peppol is currently used by 32 countries, with more countries planning to adopt it in the near future. In October 2019, the Ministry of Business, Innovation and Employment (MBIE) became a Peppol Authority, with the responsibility of overseeing New Zealand’s e-Invoicing framework. MBIE#PEPPOL (Pan European Public Procurement Online) PEPPOL 'BIS' (PEPPOL Business Interoperability Specifications)National (NZ)Standard - ProfileOpenPEPPOLPUBLISH Person name data mandated standardThe purpose of this requirement is to mandate the NZ Government OASIS CIQ Name Profile to be used to format and exchange person name. This data content requirement applies to data being shared between organisations. This data content requirement does not mandate the collection or storage of person name. These may vary depending on the needs of the organisation. Was: Person name data content requirement, Person name data content standardhttps://www.data.govt.nz/toolkit/data-standards/mandated-standards-register/person-name-standard/MandatedGCDS Data functional leadership mandate.Statistics NZMandatedStandards@stats.govt.nz.#New Zealand Government OASIS CIQ Name Profile October 2012Government (NZ)StandardGCDS (Government Chief Data Steward)Approved2019-12-18PUBLISHUpdate 2019-11-04 Principles and Protocols for Producers of Tier 1 StatisticsThe principles and protocols embody the key aspects of the Statistics Act 1975 and the United Nations Fundamental Principles of Official Statistics, as well as the Privacy Act 1993, the Official Information Act 1982 and the Public Records Act 2005. They apply to all Tier 1 statistics. The application of the principles to all official statistics is encouraged. Was: Statistics New Zealand Information Standards - Statistics New Zealand Principles and Protocols for Producers of Tier 1 Statistics. Also known as: Statistics New Zealand Principles and Protocols for Producers of Tier 1 Statisticshttps://www.stats.govt.nz/assets/Uploads/Principles-and-protocols-for-producers-of-tier-1-stats/principles-and-protocols-for-producers-of-tier-1-stats.pdfRecommendedGovernment Chief Statistican mandateStatistics NZGovernment (NZ)PrinciplesStatistics NZ2012-09-28PUBLISH Principles for the Safe and Effective Use of Data and AnalyticsThe Privacy Commissioner and the Government Chief Data Steward have jointly developed six key principles to support safe and effective data analytics. These six principles are intended to help agencies, and guide our thinking to data analytics activities, including algorithmic decision-making. Using these principles in systems and thinking means stronger, more secure, and safer data use. https://www.privacy.org.nz/publications/guidance-resources/principles-for-the-safe-and-effective-use-of-data-and-analytics-guidance/Recommended2021-08 added as recommended.GCDS Data functional leadership mandate.Statistics NZGovernment (NZ)PrinciplesGCDS (Government Chief Data Steward)Published2018-05-16PUBLISHAdd2021-08-02 Privacy - Assess privacy riskGovernment Chief Privacy officer (GCPO) guidance on assess privacy risk covers the following topics: Assess agency privacy risk: An agency privacy risk assessment provides a snapshot of its current privacy risks and how it will manage them as an organisation. Common agency privacy risks: Read about common agency privacy risks, who to involve and potential mitigations. Assess project privacy risk: A project privacy risk assessment (PIA) considers the risks associated with a specific process, product or service. https://www.digital.govt.nz/standards-and-guidance/privacy-security-and-risk/privacy/assess-privacy-risk/Recommended2020-07 added as Recommended.GCPO Privacy functional leadership mandate.DIAGovernment (NZ)Guidance GCPO (Government Chief Privacy Officer)Published2020-06-30PUBLISHAdd2020-07-09 Privacy - Core expectations and self-assessmentsGovernment Chief Privacy officer (GCPO) guidance on core expectations and self-assessments covers the following topics: Core expectations: The Government Chief Digital Officer (GCPO) has issued core expectations of government agencies that represent good practice for privacy management and governance. Privacy Maturity Assessment Framework (PMAF): The Privacy Maturity Assessment Framework has been developed to help agencies meet the core expectations in privacy management and governance. Privacy Maturity Assessment Tool: Use this tool to record and summarise the ratings of the self-assessment your organisation has undertaken using the Privacy Maturity Assessment Framework. https://www.digital.govt.nz/standards-and-guidance/privacy-security-and-risk/privacy/core-expectations-and-self-assessments/Recommended2020-07 added as Recommended.GCPO Privacy functional leadership mandate.DIAGovernment (NZ)Guidance GCPO (Government Chief Privacy Officer)Published2020-06-30PUBLISHAdd2020-07-09 Privacy - Manage a privacy programmeGovernment Chief Privacy officer (GCPO) guidance on manage a privacy programme covers the following topics: Governance: Privacy programme governance enables an agency to set its programme direction and manage its operations to achieve its intended outcomes. Programme activities and resources: An agency’s privacy programme activities bring its privacy strategy to life and embeds privacy into the everyday work of the agency and its staff. Gaining buy-in for a privacy programme: A successful privacy programme needs to have buy-in from decision-makers and stakeholders. Sharing personal information: Requesting or disclosing personal information and Information sharing instruments Privacy by Design (PbD): The 7 foundational principles of Privacy by Design work to embed privacy in any product, service, system or process. https://www.digital.govt.nz/standards-and-guidance/privacy-security-and-risk/privacy/manage-a-privacy-programme/Recommended2020-07 added as Recommended.GCPO Privacy functional leadership mandate.DIAGovernment (NZ)Guidance GCPO (Government Chief Privacy Officer)Published2020-06-30PUBLISHAdd2020-07-09 Privacy - Privacy incidents and breachesGovernment Chief Privacy officer (GCPO) guidance on privacy incidents and breaches covers the following topics: Privacy incident register: Identifying, categorising and reporting privacy incidents (near misses) and breaches allows an agency to identify trends in privacy incidents and enhance its processes and systems. Privacy incident response plan: The best way to manage a privacy incident or breach is to have a tested privacy incident response plan. Incident response roles and responsibilities: An incident response plan clearly sets out the roles and responsibilities of those involved in the incident response. Learning from privacy incidents: Developing a structured approach allows an agency to conduct its analysis of its privacy incident response in an objective and focused manner. https://www.digital.govt.nz/standards-and-guidance/privacy-security-and-risk/privacy/privacy-incidents-and-breaches/Recommended2020-07 added as Recommended.GCPO Privacy functional leadership mandate.DIAGovernment (NZ)Guidance GCPO (Government Chief Privacy Officer)Published2020-06-30PUBLISHAdd2020-07-09 Privacy - Privacy organisationsGovernment Chief Privacy officer (GCPO) guidance on privacy organisations covers the Government, advocacy and professional organisations that provide information about privacy and other areas relevant to privacy and the management of personal information.https://www.digital.govt.nz/standards-and-guidance/privacy-security-and-risk/privacy/privacy-organisations/Recommended2020-07 added as Recommended.GCPO Privacy functional leadership mandate.DIAGovernment (NZ)Guidance GCPO (Government Chief Privacy Officer)Published2020-06-30PUBLISHAdd2020-07-09 Privacy - Public sector responsibilityGovernment Chief Privacy officer (GCPO) guidance on public sector responsibility covers the following topics: Agency responsibility: New Zealanders need to have trust and confidence in the way government manages their personal information. Domestic legislation: The handling of personal information in New Zealand is governed by the Privacy Act, privacy codes and other legislation. Māori-Crown relationship and Treaty obligations: The inclusion of Māori perspectives and cultural values can improve Māori trust and confidence in the handling of their personal and collective information. General Data Protection Regulation (GDPR): GDPR governs the processing of the personal information of EU residents. The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in May 2018. The GDPR’s main purpose is to harmonise data protection laws across the EU. The law imposes a comprehensive set of principles and obligations on agencies who fall within its scope. https://www.digital.govt.nz/standards-and-guidance/privacy-security-and-risk/privacy/public-sector-responsibility/Recommended2020-07 added as Recommended.GCPO Privacy functional leadership mandate.DIAGovernment (NZ)Guidance GCPO (Government Chief Privacy Officer)Published2020-06-30PUBLISHAdd2020-07-09 Privacy and CCTV: A guide to the Privacy Act for businesses, agencies and organisationsDescription: These guidelines cover: 1. Deciding whether CCTV is right for you 2. Have a clear plan 3. Selecting and positioning cameras 4. Make people aware of the CCTV 5. Collecting only necessary images 6. Using the CCTV images 7. Storage and retention of images 8. Controlling who can see the images 9. Audit and evaluation Was: New Zealand Privacy Guidelines - Closed Circuit Television (CCTV) Privacy Guidehttps://privacy.org.nz/news-and-publications/guidance-resources/privacy-and-cctv-a-guide-to-the-privacy-act-for-businesses-agencies-and-organisations/RecommendedPrivacy CommissionerGovernment (NZ)Guidance The Privacy CommissionerPublishedPUBLISH Privacy Impact Assessment ToolkitA privacy impact assessment (PIA) is an essential part of many projects and proposals, and can be used to help agencies identify the potential risks arising from their collection, use or handling of personal information, to find out if they are meeting their legal obligations. To make it easier to decide whether to do a PIA, we have produced guidance which will assist in this task. It consists of two parts: Part 1 - Whether to do a Privacy Impact Assessment - helps you assess whether you need to do a PIA at all and, if you do, whether it will be simple and quick or a more complex exercise. Part 2 - How to do a Privacy Impact Assessment - a step-by-step guide to completing your PIA successfully.https://www.privacy.org.nz/news-and-publications/guidance-resources/privacy-impact-assessment/RecommendedPrivacy Commissioner#API Guidelines Part A - API Concepts and Management 2021Government (NZ)Guidance The Privacy CommissionerPublished2015-07PUBLISH Privacy Maturity Assessment Framework (PMAF)PMAFGuidance on the Government Chief Privacy Officer’s Privacy Maturity Assessment Framework and self-assessments. Learn about PMAF The Government Chief Privacy Officer (GCPO) has developed the Privacy Maturity Assessment Framework (PMAF) for agencies to assess their privacy capability and maturity. Complete a self-assessment The Privacy Maturity Assessment Framework (PMAF) can be used by an agency to complete a PMAF self-assessment. https://www.digital.govt.nz/standards-and-guidance/privacy-security-and-risk/privacy/privacy-maturity-assessment-framework-pmaf-and-self-assessments/Recommended2020-05 added as Recommended.GCPO Privacy functional leadership mandate.DIAGovernment (NZ)FrameworkGCPO (Government Chief Privacy Officer)PublishedPUBLISHAdd2020-05-29 Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0This specification defines profiles for the use of SAML assertions and request-response messages in communications protocols and frameworks, as well as profiles for SAML attribute value syntax and naming conventions.https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdfAccepted2020-02 added as Accepted.Part of the basis for the New Zealand Security Assertion Messaging Standard (NZSAMS) which is a standard under the GCDO Digital functional leadership mandate.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzNew Zealand Security Assertion Messaging Standard (NZSAMS)New Zealand Security Assertion Messaging Standard (NZSAMS)InternationalStandard - TechnicalOASISOASIS Standard2005-03-15PUBLISHAdd2020-02-03 Protection and preservation of protected records - Instruction to local authorities (16/Sp3)16/Sp3Description: Local authority archives are local authority records that are no longer in current use by the controlling local authority or have been in existence for 25 years or more. They include protected records and other local authority records the local authority has determined are worth permanent preservation. https://archives.govt.nz/manage-information/resources-and-guides/operational/protection-and-preservation-of-protected-recordsMandated2020-11 confirmed with Archives that this is mandatory for local authorities. Changed to Mandated from RecommendedLocal AuthoritiesThis is guidance produced by the Chief Archivist in accordance with their authority given in the Public Records Act 2005.DIA-Archives NZGovernment (NZ)StandardArchives NZPublished2014-07PUBLISHUpdate2021-01-11 Protective Security Requirements (PSR)The Protective Security Requirements (PSR) outlines the Government’s expectations for managing personnel, physical and information security. The PSR will better help you manage business risks and assure continuity of service delivery. The PSR clearly sets out what agencies must and should consider to ensure they are managing security effectively.https://protectivesecurity.govt.nz/MandatedCorrected from Recommended to MandatedNZSISProtective Security Manual (PSM)Government (NZ)StandardNZSISPUBLISHUpdate2020-05-06 RDF (Resource Description Framework)RDF is a standard model for data interchange on the Web. RDF has features that facilitate data merging even if the underlying schemas differ, and it specifically supports the evolution of schemas over time without requiring all the data consumers to be changed. RDF extends the linking structure of the Web to use URIs to name the relationship between things as well as the two ends of the link. Using this simple model, it allows structured and semi-structured data to be mixed, exposed, and shared across different applications. https://www.w3.org/RDF/AcceptedGCDO Digital functional leadership mandateDIAInternationalStandardW3C (World Wide Web Consortium)PUBLISH REST (Representational state transfer)Representational State Transfer (REST) is a style of architecture based on a set of principles that describe how networked resources are defined and addressed. It is important to note that REST is a style of software architecture as opposed to a set of standards. As a result, such applications or architectures are sometimes referred to as RESTful or REST-style applications or architectures. REST has proved to be a popular choice for implementing Web Services.[From https://www.service-architecture.com/articles/web-services/representational_state_transfer_rest.html] From an implementation standpoint, a common problem with REST is the fact that developers disagree with exactly what it means to be REST-based. Some software developers incorrectly consider anything that isn't SOAP-based to be RESTful. Driving this common misconception about REST is the fact that it is an architectural style, so there is no reference implementation or definitive standard that will confirm whether a given design is RESTful. As a result, there is discourse as to whether a given API conforms to REST-based principles. [From https://searchapparchitecture.techtarget.com/definition/REST-REpresentational-State-Transfer] Source: GEA-NZ Standards Reference Appendix - 1. Internet and On-line Presence - 3. International Technical Foundation Standards. GEA-NZ Standards Reference Appendix - 2. Data Integration - 3. International Technical Foundation Standards.https://www.codecademy.com/articles/what-is-restRecommendedRecommended by GEAG (Government Enterprise Architecture Group) to DIA-DPS.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzActually an architectural style rather than a formal technical standard.InternationalReference ArchitectureWidespread UsePUBLISH RFC 3711 Secure Real-time Transport Protocol (SRTP)RFC 3711 This document describes the Secure Real-time Transport Protocol (SRTP), a profile of the Real-time Transport Protocol (RTP), which can provide confidentiality, message authentication, and replay protection to the RTP traffic and to the control traffic for RTP, the Real-time Transport Control Protocol (RTCP). Updated by: RFC 5506 Support for Reduced-Size Real-Time Transport Control Protocol (RTCP): Opportunities and Consequences [April 2009] RFC 6904 Encryption of Header Extensions in the Secure Real-time Transport Protocol (SRTP) [April 2013]https://tools.ietf.org/html/rfc3711RecommendedRecommended by GEAG (Government Enterprise Architecture Group).GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2004-03PUBLISH RFC 4287 Atom Syndication FormatRFC 4287 RFC 4287; Atom is an XML-based document format that describes lists of related information known as "feeds". Feeds are composed of a number of items, known as "entries", each with an extensible set of attached metadata. For example, each entry has a title. The primary use case that Atom addresses is the syndication of Web content such as weblogs and news headlines to Web sites as well as directly to user agents.https://tools.ietf.org/html/rfc4287Recommended2020-09 Changed to Recommended from Accepted.ATOM is the standard that was referenced in the New Zealand Government Feed Standard. DIAGCDO@dia.govt.nzInternationalStandard - TechnicalIETF (Internet Engineering Task Force)2005-12PUBLISHUpdate2020-09-07 RFC 5023 Atom Publishing ProtocolRFC 5023 The Atom Publishing Protocol (AtomPub) is an application-level protocol for publishing and editing Web resources. The protocol is based on HTTP transfer of Atom-formatted representations. The Atom format is documented in the Atom Syndication Format.https://tools.ietf.org/html/rfc5023Accepted2020-03 added as Accepted.DIAInternationalStandard - TechnicalIETF (Internet Engineering Task Force)2007-10PUBLISHAdd2020-03-20 RFC 6749 OAuth 2.0 Authorization FrameworkRFC 6749The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849.https://tools.ietf.org/html/rfc6749https://oauth.net/2/RecommendedReview with DITP 2020-03 added as RecommendedMainstream and organisations using profiles of OAuth.GCDO Digital functional leadership mandate. DIAGCDO@dia.govt.nz#OAuth 2.0 Core#API Guidelines Part B - API Security 2021RFC 5849 OAuth 1.0 ProtocolInternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2012-10PUBLISHAdd2020-03-20 RFC 6750 OAuth 2.0 Authorization Framework: Bearer Token UsageRFC 6750This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport.https://tools.ietf.org/html/rfc6750Recommended2020-03 added as Recommended Recommended by GEAG (Government Enterprise Architecture Group).GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OAuth 2.0 Core#API Guidelines Part B - API Security 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2012-10PUBLISHAdd2020-03-20 RFC 6755 An IETF URN Sub-Namespace for OAuthRFC 6755This document establishes an IETF URN Sub-namespace for use with OAuth-related specifications.https://datatracker.ietf.org/doc/html/rfc6755Recommended2021-08 added as Recommended as Recommended by GEAG (Government Enterprise Architecture Group).GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OAuth 2.0 Core#API Guidelines Part B - API Security 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2012-10PUBLISHAdd2021-08-06 RFC 6819 OAuth 2.0 Threat Model and Security ConsiderationsRFC 6819This document gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification, based on a comprehensive threat model for the OAuth 2.0 protocol.https://tools.ietf.org/html/rfc6819RecommendedRecommended by GEAG (Government Enterprise Architecture Group). GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OAuth 2.0 Core#API Guidelines Part B - API Security 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Informational2013-01PUBLISHUpdate2020-03-20 RFC 7159 JSON Web Key (JWK)RFC 7159RFC 7159; A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification.https://tools.ietf.org/html/rfc7517Recommended2020-11 changed to Recommended. Recommended by GEAG (Government Enterprise Architecture Group) to as Underpins OpenID and OpenID Connect 2019-03 added as InformationalGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz #OpenID Connect#API Guidelines Part B - API Security 2021 , #API Guidelines Part C - API Development 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2015-05PUBLISHUpdate 2020-11-26 RFC 7515 JSON Web Signature (JWS)RFC 7515RFC 7515; JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.https://tools.ietf.org/html/rfc7515Recommended2020-11 changed to Recommended. Recommended by GEAG (Government Enterprise Architecture Group) to as Underpins OpenID and OpenID Connect 2019-03 added as InformationalGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OpenID Connect#API Guidelines Part B - API Security 2021 , #API Guidelines Part C - API Development 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2015-05PUBLISHUpdate 2020-11-26 RFC 7516 JSON Web Encryption (JWE)RFC 7516 RFC 7516; JSON Web Encryption (JWE) represents encrypted content using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries defined by that specification. Related digital signature and Message Authentication Code (MAC) capabilities are described in the separate JSON Web Signature (JWS) specification.https://tools.ietf.org/html/rfc7516Recommended2020-11 changed to Recommended. Recommended by GEAG (Government Enterprise Architecture Group) to as Underpins OpenID and OpenID Connect 2019-03 added as InformationalGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OpenID Connect#API Guidelines Part B - API Security 2021 , #API Guidelines Part C - API Development 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2015-05PUBLISHUpdate 2020-11-26 RFC 7518 JSON Web Algorithms (JWA)RFC 7518 RFC 7518; This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines several IANA registries for these identifiers.https://tools.ietf.org/html/rfc7518Recommended2020-11 changed from Informational to Recommended as recommended by GEAG (Government Enterprise Architecture Group). Underpins OpenID and OpenID Connect 2019-03 added as InformationalGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#OpenID Connect#API Guidelines Part B - API Security 2021 , #API Guidelines Part C - API Development 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2015-05PUBLISHUpdate 2020-11-26 RFC 7519 JSON Web Token (JWT) RFC 7519RFC 7519; JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.https://tools.ietf.org/html/rfc7519Recommended2020-11 changed to Recommended. Recommended by GEAG (Government Enterprise Architecture Group) to as Underpins OpenID and OpenID Connect 2019-03 added as InformationalGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#API Guidelines Part B - API Security 2021, #API Guidelines Part C - API Development 2021, #OpenID Connect, InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2015-05PUBLISHUpdate 2020-11-26 RFC 7946 The GeoJSON FormatRFC 7946GeoJSON is a geospatial data interchange format based on JavaScript Object Notation (JSON). It defines several types of JSON objects and the manner in which they are combined to represent data about geographic features, their properties, and their spatial extents. GeoJSON uses a geographic coordinate reference system, World Geodetic System 1984, and units of decimal degrees.https://tools.ietf.org/html/rfc7946Accepted2020-10 added as Accepted as this is used in the AMDS location standard.LINZ data APILINZInternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2016-08PUBLISHAdd2020-10-19 RFC 8141 Uniform Resource Names (URNs)RFC 8141 A Uniform Resource Name (URN) is a Uniform Resource Identifier (URI) that is assigned under the "urn" URI scheme and a particular URN namespace, with the intent that the URN will be a persistent, location-independent resource identifier. With regard to URN syntax, this document defines the canonical syntax for URNs (in a way that is consistent with URI syntax), specifies methods for determining URN-equivalence, and discusses URI conformance. With regard to URN namespaces, this document specifies a method for defining a URN namespace and associating it with a namespace identifier, and it describes procedures for registering namespace identifiers with the Internet Assigned Numbers Authority (IANA). This document obsoletes both RFCs 2141 and 3406. Defined in 1997 in RFC 2141, URNs were intended to serve as persistent, location-independent identifiers, allowing the simple mapping of namespaces into a single URN namespace.[1] The existence of such a URI does not imply availability of the identified resource, but such URIs are required to remain globally unique and persistent, even when the resource ceases to exist or becomes unavailable.[2] Since RFC 3986[2] in 2005, the use of the term has been deprecated in favour of the less-restrictive "URI", a view proposed by a joint working group between the World Wide Web Consortium (W3C) and Internet Engineering Task Force (IETF).[3] Both URNs and Uniform Resource Locators (URLs) are URIs, and a particular URI may be a name as well as a locator at the same time. URNs were originally intended in the 1990s to be part of a three-part information architecture for the Internet, along with URLs and Uniform Resource Characteristics (URCs), a metadata framework. However, URCs never progressed past the conceptual stage,[3] and other technologies such as the Resource Description Framework later took their place. https://tools.ietf.org/html/rfc8141Accepted2020-09 Changed to Accepted from Future Consideration as agreed workshop 2020-09-07DIARFC 2141 URN Syntax RFC 3406InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2017-04PUBLISHUpdate2020-09-07 RFC 8446 Transport Layer Security (TLS) Protocol Version 1.3RFC 8446This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.https://tools.ietf.org/html/rfc8446Mandated2021-03 Changed to Mandated from Accepted as GCSB's NZISM states use the latest version of TLS. NZISM is Mandated.GCISO information security functional leadership mandate.GCSB#RFC 8447 IANA Registry Updates for TLS and DTLS#NZISMRFC 5007 Transport Layer Security (TLS) Session Resumption without Server-Side State RFC 5246 Transport Layer Security (TLS) Protocol Version 1.2 RFC 6961 Transport Layer Security (TLS) Multiple Certificate Status Request ExtensionInternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2018-08PUBLISHUpdate2020-09-15 RFC 8447 IANA Registry Updates for TLS and DTLSRFC 8447 This document describes a number of changes to TLS and DTLS IANA registries that range from adding notes to the registry all the way to changing the registration policy. These changes were mostly motivated by WG review of the TLS- and DTLS-related registries undertaken as part of the TLS 1.3 development process. This document updates the following RFCs: 3749, 5077, 4680, 5246, 5705, 5878, 6520, and 7301.https://tools.ietf.org/html/rfc8447Accepted2021-03 changed to Accepted as related to TLS 1.3 which is mandated. 2020-03 added as Future Consideration.Use in conjunction with Errata DIA#RFC 8446 Transport Layer Security (TLS) Protocol Version 1.3InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2018-08PUBLISHUpdate2021-03-18 RFC 8725 JSON Web Token Best Current Practices RFC 8725 JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs.https://datatracker.ietf.org/doc/html/rfc8572Recommended2021-08 added as Recommended as Referenced by the API Guidelines Part B - API Security 2021GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#RFC 7519 JSON Web Token (JWT),#API Guidelines Part B - API Security 2021InternationalStandard - TechnicalIETF (Internet Engineering Task Force)Proposed Standard2020-02PUBLISHAdd2021-08-06 Risk Assessment Process — Information SecurityThis document presents a risk assessment process this is designed to enable agencies to systematically identify, analyse and evaluate the information security risks associated with an information system or service together with the controls required to manage them. This process is aligned with and based on the AS/NZS ISO 31000:2009 and ISO/IEC 27005:2011 risk management standards.https://www.digital.govt.nz/dmsdocument/3-risk-assessment-process-information-security/htmlRecommended2020-11 added as Recommended as this remains current advice on snapshot.ICT.govt.nz and is referenced by GCSB Aligned with and based on the AS/NZS ISO 31000:2009 and the ISO/IEC 27005:2011 risk management standard which is withdrawn so a review is needed. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nz#NZISM 22.1.17. further information on CloudGovernment (NZ)ProcessGCDO (Government Chief Digital Officer)2014-02PUBLISHAdd2020-11-11 SA/SNZ HB 436:2013 Risk management guidelines - Companion to AS/NZS ISO 31000:2009SA/SNZ HB 436:201331000This Handbook provides guidance on the implementation of AS/NZS ISO 31000:2009, Risk management - Principles and guidelines (the Standard). The Standard defines the concept of risk, explains how it comes about, and describes the principles, framework and process that allow risk to be managed effectively. The Handbook expands on and explains these elements and provides advice about applying the Standard, including using it to evaluate and improve existing risk management practice.https://www.standards.govt.nz/shop/sasnz-hb-4362013/Recommended2021-04 changed to Recommended from Informational as confirmed by Mike Chapman from Archives. 2020-10 changed from Accepted to Informational. Referenced by GCSB in the NZISM. Changed from Recommended to Accepted as it is a SA/SNZ handbook that is still current, but the source standard on which it is a guide has been replaced by ISO31000:2018.Current regional standard (Australia and NZ)Standards Australia and Standards NZ#NZISM 1.1.63. Additional GuidanceISO/IEC 31000:2018AS/NZS ISO 31000:2009 Risk Management – Principles and guidelinesRegional (Australia and NZ)Guidance Standards Australia and Standards NZCURRENT2013-12PUBLISHUpdate2021-04-06 SA/SNZ ISO/IEC TR 38505.2:2019 Information technology - Governance of IT - Governance of data, Part 2: Implications of ISO/IEC 38505-1 for data managementSA/SNZ ISO/IEC TR 38505.2:201938500This Technical Report provides guidance to the members of governing bodies of organizations and their executive managers on the implications of ISO/IEC 38505.1 for data management. It assumes understanding of the principles of ISO/IEC 38500 and familiarization with the data accountability map and associated matrix of considerations. This document enables an informed dialogue between the governing body and the senior/executive management team of an organization to ensure that the data use throughout the organization aligns with the strategic direction set by the governing body. This document covers the following: (a) Identifying the information that a governing body requires in order to evaluate and direct the strategies and policies relating to a data-driven business. (b) Identifying the capabilities and potential of measurement systems that can be used to monitor the performance of data and its uses. Identical with, and reproduced from, ISO/IEC TR 38505-2:2018.https://www.standards.govt.nz/shop/sasnz-isoiec-tr-38505-22019/Accepted2021-10 Added as Accepted.GCDS Data functional leadership mandate.Statistics NZ#Data Quality Assessment Framework - Guide to related standardsISO/IEC TR 38505-2:2019 Information technology - Governance of IT - Governance of data, Part 2: Implications of ISO/IEC 38505-1 for data managementRegional (Australia and NZ)Technical ReportStandards Australia and Standards NZCURRENT2019-10-04PUBLISHAdd2021-10-21 SA/SNZ TR 18128:2015 Information and documentation – Risk assessment for records processes and systemsSA/SNZ TR 18128:201518128Adopts ISO/TR 18128:2014 to provide guidance in assessing risks to records processes and systems so organisations can ensure records continue to meet identified business needs as long as required. https://www.standards.govt.nz/shop/sasnz-tr-181282015/RecommendedThis technical report is referenced in the the 16/S1 Record Management Standard. DIA-Archives NZ#16/G8 Impelemenation GuideISO/TR 18128:2014 Information and documentation — Risk assessment for records processes and systemsRegional (Australia and NZ)Technical ReportStandards Australia and Standards NZCURRENTPUBLISH SA/SNZ TS ISO 16175.2:2021 Information and documentation - Processes and functional requirements for software for managing records, Part 2: Guidance for selecting, designing, implementing and maintaining software for managing recordsSA/SNZ TS ISO 16175.2:202116175Standard identically adopts ISO/TS 16175 2:2020 which provides guidance for decision making and processes associated with the selection, design, implementation and maintenance of software for managing records. It is applicable to any kind of records system supported by software, including paper records managed by software, but is particularly focused on software for managing digital records. KEYWORDS: Record management; Software maintenance; Decision making; Processeshttps://www.standards.govt.nz/shop/sasnz-ts-iso-16175-22021/Accepted2021-05 Added as Accepted as an AS/NZS regional adoption of an ISO standard. Current regional standard (Australia and NZ)Standards Australia and Standards NZISO/TS 16175 2:2020 Regional (Australia and NZ)Standard - TechnicalStandards Australia and Standards NZCURRENT2021-03-19PUBLISHAdd2021-05-31 SA/SNZ TS ISO 19130.2:2015 Geographic information - Imagery sensor models for geopositioning - Part 2: SAR, InSAR, lidar and sonarSA/SNZ TS ISO 19130.2:201519130Supports the exploitation of remotely sensed images. It specifies the sensor models and metadata for geopositioning images remotely sensed by Synthetic Aperture Radar (SAR), Interferometric Synthetic Aperture Radar (InSAR), Light Detection And Ranging (lidar), and Sound Navigation And Ranging (sonar) sensors. The specification also defines the metadata needed for the aerial triangulation of airborne and spaceborne images. Identical to and reproduced from ISO/TS 19130-2:2014.https://www.standards.govt.nz/shop/sasnz-ts-iso-19130-22015/ Accepted2020-11 changed to Accepted from Informational as this is a regional adoption of ISO/TS 19130-2:2014 which was part of the Geospatial standards model developed with LINZ. 2019-11 added as Informational.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO/TS 19130-2:2014 Geographic information — Imagery sensor models for geopositioning — Part 2: SAR, InSAR, lidar and sonarRegional (Australia and NZ)Standard - Technical SpecificationStandards Australia and Standards NZCURRENT2015-02-182017PUBLISHUpdate 2020-11-17 SA/SNZ TS ISO 19150.1:2015 Geographic information - Ontology - Part 1: FrameworkSA/SNZ TS ISO 19150.1:201519150Defines the framework for semantic interoperability of geographic information. This framework defines a high level model of the components required to handle semantics in the ISO geographic information standards with the use of ontologies. Identical to and reproduced from ISO/TS 19150-1:2012.https://www.standards.govt.nz/shop/sasnz-ts-iso-19150-12015/Accepted2020-10 this has been changed from Informational to Accepted as it is a current regional SA/SNZ TS.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO/TS 19150-1:2012 Geographic information — Ontology — Part 1: FrameworkRegional (Australia and NZ)Standard - Technical SpecificationStandards Australia and Standards NZCURRENT2015-02-132016PUBLISHUpdate2020-10-05 SA/SNZ TS ISO 19159.1:2015 Geographic information - Calibration and validation of remote sensing imagery sensors and data - Part 1: Optical sensorsSA/SNZ TS ISO 19159.1:201519159Defines the calibration and validation of airborne and space borne remote sensing imagery sensors. The term calibration refers to geometry, radiometry, and spectral, and includes the instrument calibration in a laboratory as well as in situ calibration methods. The validation methods address validation of the calibration information. Identical to and reproduced from ISO/TS 19159-1:2014.https://www.standards.govt.nz/shop/sasnz-ts-iso-19159-12015/Accepted2020-11 added as Accepted as this is regional adoption of ISO/TS 19159-1:2014Current regional standard (Australia and NZ)Standards Australia and Standards NZRegional (Australia and NZ)Standard - Technical SpecificationStandards Australia and Standards NZCURRENT2015-02-13PUBLISHAdd2020-11-19 SA/SNZ TS ISO 19159.3:2019 Geographic information - Calibration and validation of remote sensing imagery sensors and data - Part 3: SAR/InSARSA/SNZ TS ISO 19159.3:201919159This technical specification defines the calibration of SAR/InSAR sensors and validation of SAR/InSAR calibration information. This technical specification addresses earth based remote sensing. The specified sensors include airborne and spaceborne SAR/InSAR sensors. This technical specification also addresses the metadata related to calibration and validation. This technical specification is identical with, and has been reproduced from, ISO/TS 19159-3:2018 Geographic information - Calibration and validation of remote sensing imagery sensors and data - Part 3: SAR/InSAR.https://www.standards.govt.nz/shop/sasnz-ts-iso-19159-32019/Accepted2020-11 this has been changed from Informational to Accepted as it is a current regional SA/SNZ TS.Current regional standard (Australia and NZ)Standards Australia and Standards NZISO/TS 19159-2:2016 Geographic information -- Calibration and validation of remote sensing imagery sensors and data -- Part 2: LidarRegional (Australia and NZ)Standard - Technical SpecificationStandards Australia and Standards NZCURRENT2019-05-30PUBLISHUpdate2020-10-05 SAML v2.0 (Security Assertion Markup Language v2.0)Security Assertion Markup Language (SAML) V2.0 is a version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. SAML 2.0 was ratified as an OASIS Standard in March 2005, replacing SAML 1.1. The critical aspects of SAML 2.0 are covered in detail in the official documents SAMLConform, SAMLCore, SAMLBind, and SAMLProf. Some 30 individuals from more than 24 companies and organizations were involved in the creation of SAML 2.0. In particular, and of special note, Liberty Alliance donated its Identity Federation Framework (ID-FF) specification to OASIS, which became the basis of the SAML 2.0 specification. Thus SAML 2.0 represents the convergence of SAML 1.1, Liberty ID-FF 1.2, and Shibboleth 1.3. The single most important requirement that SAML addresses is web browser single sign-on (SSO). Single sign-on is common at the intranet level (using cookies, for example) but extending it beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another more recent approach to addressing the browser SSO problem is the OpenID Connect protocol.) Source: GEA-NZ Standards Reference Appendix - 3. Identify Information and Authentication and Access management - 2. International Technical Standards. Maturehttp://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.htmlAcceptedGCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzNew Zealand Security Assertion Messaging StandardInternationalStandard - TechnicalOASISOASIS Standard2008-03-25PUBLISHUpdate2019-03-08 SCIM 2.0 (System for Cross Domain Identity Management 2.0)The System for Cross-domain Identity Management (SCIM) specification is designed to make managing user identities in cloud-based applications and services easier. The specification suite seeks to build upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. Its intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model, as well as binding documents to provide patterns for exchanging this schema using standard protocols. In essence: make it fast, cheap, and easy to move users in to, out of, and around the cloud. Source: GEA-NZ Standards Reference Appendix - 3. Identify Information and Authentication and Access management - 2. International Technical Standards.https://tools.ietf.org/wg/scim/Recommended2020-11 changed to Recommended from Future Consideration as agreed with GEAGThe SCIM standard is growing in popularity and has been adopted by numerous identity providers (e.g. Azure Active Directory) as well as applications (e.g. Dynamic Signal, Zscaler, and Dropbox). DIAInternationalStandard - TechnicalIETF (Internet Engineering Task Force)PUBLISHUpdate2020-11-26 SDMX Technical Specifications17369Use latest version. The SDMX initiative sets standards to facilitate the exchange of statistical data and metadata using modern information technology. Several versions of the technical specifications have been released since 2004. SDMX has also been published as an ISO International Standard (IS 17369). Was: SDMX 2.1 Technical Specifications – Consolidated version 2013https://sdmx.org/Recommended2020-11 changed to Recommended from Informational. Recommended by Stats NZ.Government Chief Statistican mandateStatistics NZInternationalStandard - TechnicalSDMX (Statistical Data and Metadata eXchange)PUBLISHUpdate2020-11-23 SDMX-JSON standardUse latest version. The SDMX-JSON standard is a JSON (JavaScript Object Notation) based data exchange message format designed for and therefore responding to the main use case of data discovery and visualisation on the web. The proposed format conforms to the JSON standard specification.https://sdmx.org/Recommended2020-11 changed to Recommended from Informational. Recommended by Stats NZ.Government Chief Statistican mandateStatistics NZInternationalStandard - TechnicalSDMX (Statistical Data and Metadata eXchange)PUBLISHUpdate2020-11-23 SFIA (Skills Framework for the Information Age)SFIA, a Skills Framework for the Information Age, describes skills required by professionals in roles involving information and communications technology. https://www.sfia-online.org/enAcceptedChanged from Future Consideration to Accepted as Skills Framework for the Information Age (SFIA) is sufficiently widespread in Government that it should be AcceptedWidely used. Private sector has 800 licences, Public Sector has 185.Public Service Commissioncommission@publicservice.govt.nzInternationalFrameworkSFIA FoundationPUBLISH SFTP (SSH Secure File Transfer Protocol)SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. It runs over the SSH protocol. It supports the full security and authentication functionality of SSH. SFTP has pretty much replaced legacy FTP as a file transfer protocol, and is quickly replacing FTP/S. It provides all the functionality offered by these protocols, but more securely and more reliably, with easier configuration. There is basically no reason to use the legacy protocols any more. SFTP also protects against password sniffing and man-in-the-middle attacks. It protects the integrity of the data using encryption and cryptographic hash functions, and authenticates both the server and the user.https://www.ssh.com/academy/ssh/sftpAccepted2020-11 added as an Accepted alternative to FTP (which is Not Accepted). GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalIETF (Internet Engineering Task Force)CurrentPUBLISH SIF Data Model Implementation Specification 3.x (NZ)The SIF Specification is a technical blueprint for sharing educational data between systems. It defines the architecture requirements and communication protocols for software components and the interfaces between them. The SIF Data Model Specification includes the XML and JSON schemas that define the payload of the messages sent over the SIF Infrastructure implementation. http://specification.sifassociation.org/Implementation/NZ/3.0/SIFNZ.htmlRecommendedRecommended by MINEDUSchoolsMINEDUGovernment (NZ)StandardAccess 4 Learning Community (NZ)PublishedPUBLISHUpdate2020-07-27 SIF Infrastructure Implementation Specification 3.xThe SIF Specification is a technical blueprint for sharing educational data between systems. It defines the architecture requirements and communication protocols for software components and the interfaces between them. The SIF Infrastructure Implementation Specification defines the transport and messaging functionality over which SIF payloads defined in the SIF Data Model are securely exchanged.https://www.a4l.org/page/InfrastructureRecommended2019-12 Assed as Recommended. Recommended by MINEDUSchoolsMINEDUInternationalStandardAccess 4 Learning CommunityPublishedPUBLISHAdd2019-12-02 Social Investmenthttp://www.treasury.govt.nz/statesector/socialinvestmenthttp://www.treasury.govt.nz/statesector/socialinvestmentRecommendedThe TreasuryGovernment (NZ)Guidance The TreasuryPUBLISH Statistics New Zealand Statistical StandardsThis is a collection of the full list of statistical standards produced by Statistics NZ. Further information on these can be obtained by following the link to Aria. Support for using any of these standards can be sought via contacting classifications@stats.govt.nz. Was: Statistics New Zealand Data Classifications and Related Statistical Standards Note: 2020-11 agreed with Stats to have this higher level link to the statistical standards rather than the individual standards as these are well managed by Stats. http://aria.stats.govt.nz/aria/#StandardSearch:facet.lifecycle=1&fl=defn,name,doc&sort=relevance-&start=0&rows=20RecommendedGCDS Data functional leadership mandate.Statistics NZGovernment (NZ)StandardStatistics NZPUBLISH Strategy for a Digital Public ServiceThe Strategy is a call to action for the public service to operate in the digital world in a more modern and efficient way — delivering the outcomes that Aotearoa New Zealand needs. The Strategy sets a whole-of-public-service direction — one that improves the efficiency of the public service, enables change, supports better services and the digital transformation of agencies, putting people and businesses at the centre of government services.https://www.digital.govt.nz/digital-government/strategy/strategy-summary/strategy-for-a-digital-public-service/Recommended2020-05 added as Recommended.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzGovernment ICT Strategy 2015Government (NZ)Government StrategyGCDO (Government Chief Digital Officer)Published2019-11PUBLISHAdd2020-05-29 Street address data mandated standardThis standard should be used to format street address for sharing purposes. Street address data content standard is ISO 19160-1:2015 Addressing Part 1: Conceptual Model to be used to format street address information for sharing purposes. A New Zealand draft profile of ISO 19160-1 will be incorporated into this data content requirement when completed. NZ draft profile of ISO 19160-1 Easy to read information and guidance on working with addresses that are well structured is available from Land Information New Zealand (LINZ). This information is based on ISO 19160-1 as well as the AS/NZS4819: Addressing standard. Useful information for people working with addresses (LINZ). Was: Street address data content requirement, Person name data Street addresshttps://www.data.govt.nz/toolkit/data-standards/mandated-standards-register/street-address-standard/MandatedGCDS Data functional leadership mandate.Statistics NZMandatedStandards@stats.govt.nz.#ISO 19160-1:2015 Addressing — Part 1: Conceptual model, #New Zealand’s draft Profile of ISO 19160-1:2015 Addressing – Part 1: Conceptual Model, #Useful information for people working with Addresses, #AS/NZS 4819: Addressing standardGovernment (NZ)StandardGCDS (Government Chief Data Steward)Approved2020-04-02PUBLISHUpdate 2019-11-04 Superannuation Schemes Unique Identifier Code 2020This code provides agencies involved with certain superannuation schemes with a potential exemption from information privacy principle 13.https://www.privacy.org.nz/privacy-act-2020/codes-of-practice/ssuic2020/Mandated2020-12 added as Mandated.Privacy CommissionerSuperannuation Schemes Unique Identifier Code 1995National (NZ)StandardThe Privacy CommissionerCurrentPUBLISHAdd2020-12-01 System Capability ReviewsSystem Capability Reviews support agencies working effectively to deliver shared outcomes. The Capability Review Programme is an important tool to help realise a modern and responsible Public Service that delivers for New Zealanders, now and in the future. System Capability Reviews, which form part of this Programme, provide a forward-looking view of the capability needed across groups of agencies that are delivering shared outcomes and working across common customers, clients, and businesses. The focus of these reviews is to unlock the potential of the Public Service by identifying ways to improve how public services are delivered, where responsibility for delivery is shared across agencies. System Capability Reviews - Te Kawa Mataaho Public Service CommissionRecommended2023-06 added as RecommendedPublic Service System - System Design - Capability Review ProgrammePSCCapabilityReview@publicservice.govt.nz Government (NZ)ToolPublic Service CommissionPublishedPUBLISHAdd 2023-06-27 Telecommunications Information Privacy Code 2020This code applies specific rules to telecommunications agencies to better ensure the protection of individual privacy. It addresses the telecommunications information collected, held, used, and disclosed by telecommunications agencies.https://www.privacy.org.nz/privacy-act-2020/codes-of-practice/tipc2020/Mandated2020-12 added as Mandated.Privacy CommissionerTelecommunications Information Privacy Code 2003National (NZ)StandardThe Privacy CommissionerCurrentPUBLISHAdd2020-12-01 The Open Group Government Reference Model (GRM) The Business Architecture defines the business strategy, governance, organization, business information, and key business processes of an Enterprise Architecture. An architecture approach determines how to effect change within the appropriate cost, benefit, and risk parameters. A challenge to this approach arises due to a lack of consistency in the application of architecture standards used to inform Business Architects or those intending to develop a Business Architecture or technical solution on the expected Architecture Building Blocks (ABBs) for governments worldwide. The Government Reference Model (GRM) gives public sector organizations a common way to view themselves in order to plan and execute effective transformational change.TOGAF Series Guide: Gov Ref Model (opengroup.org)Future Consideration2023-06 added as Future ConsiderationGCDO Government Enteprrise Architecture for NZDIAGEA@dia.govt.nzGovernment (NZ)Common LanguageThe Open GroupPublishedPUBLISHAdd 2023-06-27 The Privacy, Human Rights and Ethics framework (PHRaE)The Privacy, Human Rights and Ethics framework (PHRaE) helps ensure MSD acts responsibly by assessing the privacy, human rights and ethical impacts of using personal information to develop new services. The PHRaE is a set of materials including an interactive tool with built in guidance and a team of specialists. This team will work alongside project teams to supplement their use of the materials and facilitate discussions to ensure privacy, human rights and ethics are adequately considered in design.https://www.msd.govt.nz/about-msd-and-our-work/work-programmes/initiatives/phrae/index.htmlRecommended2020-05 added as Recommended.MSDGovernment (NZ)FrameworkMSDPublishedPUBLISHAdd2020-05-29 TOGAF (The Open Group Architecture Framework)The TOGAF® Standard, a standard of The Open Group, is a proven Enterprise Architecture methodology and framework used by organizations to improve business efficiency.https://www.opengroup.org/togafAccepted2020-01 added as Accepted. TOGAF is Accepted as a library of approaches and techniques that are useful in the practice of Enterprise Architecture. In practice closely following TOGAF can be extremely time consuming.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalFrameworkThe Open GroupPublishedPUBLISHAdd2020-01-23 UDDI 3.0 (Universal Description, Discovery, and Integration 3.0)The UDDI Version 3.0.2 Specification describes the Web services, data structures and behaviours of all instances of a UDDI registry. Source: GEA-NZ Standards Reference Appendixhttp://www.uddi.org/pubs/uddi-v3.0.2-20041019.htmNot Accepted2020-02 Changed to Not Accepted as this is an abandoned standard.UDDI has not been as widely adopted as its designers had hoped. IBM, Microsoft, and SAP announced they were closing their public UDDI nodes in January 2006. The group defining UDDI, the OASIS Universal Description, Discovery, and Integration (UDDI) Specification Technical Committee voted to complete its work in late 2007 and has been closed. In September 2010, Microsoft announced they were removing UDDI services from future versions of the Windows Server operating system.GCDO Digital functional leadership mandate.DIAInternationalStandardOASISAbandonedPUBLISHUpdate2020-02-03 UML (Unified Modelling Language)The Unified Modelling Language (UML) is a general-purpose, developmental, modelling language in the field of software engineering, that is intended to provide a standard way to visualize the design of a systemhttps://www.uml.org/RecommendedWidespread use. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandardOMG (Object Management Group)CurrentPUBLISH UNICODE10646The Unicode Standard is the universal character encoding standard for written characters and text. It defines a consistent way of encoding multilingual text that enables the exchange of text data internationally and creates the foundation for global software. As the default encoding of HTML and XML, the Unicode Standard provides the underpinning for the World Wide Web and the global business environments of today. Required in new Internet protocols and implemented in all modern operating systems and computer languages such as Java and C#, Unicode is the basis of software that must function all around the world. Unicode characters are represented in one of three encoding forms: a 32-bit form (UTF32), a 16-bit form (UTF-16), and an 8-bit form (UTF-8). The 8-bit, byte-oriented form, UTF-8, has been designed for ease of use with existing ASCII-based systems. The Unicode Standard is code-for-code identical with International Standard ISO/IEC 10646. Any implementation that is conformant to Unicode is therefore conformant to ISO/IEC 10646.https://home.unicode.org/Recommended2020-09 added as simply UNICODE with a Catalogue_status of Recommended as it was agreed UNICODE should use the latest version. GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalThe Unicode ConsortiumCurrentPUBLISHAdd2020-09-07 Useful information for people working with AddressesA look at the concepts and practical issues for people in agencies and organisations working with addresses. The Integrated Property Services team at Land Information New Zealand is working on a proof of concept to link various components of property together in a structured way with an aim of improving property data accessibility and interoperability. One of the components of property is ‘address’. To work well with and be accurately linked to other property data, it is essential that addresses are well structured, contain all the information an address should have, and contain accurate and consistent information. Consultation with other government agencies in 2016 found that many people capturing addresses from customers, and many IT professionals designing systems that contain addresses, do not have a clear understanding of what makes a good address, and in particular, how concepts like validation help improve the addresses in their systems. The purpose of this document is to explain address concepts and practical issues (including ‘validation’) for people in agencies and organisations working with addresses.https://www.linz.govt.nz/about-linz/what-were-doing/connecting-property-information/useful-information-for-people-working-addressesRecommended2020-10 added as Recommended.LINZcustomersupport@linz.govt.nz #Address: Conceptual Model for New Zealand - The New Zealand Profile of ISO 19160-1:2015, Addressing – Part 1: Conceptual Model, #AS/NZS 4819: Rural and urban addressing, #New Zealand Government OASIS CIQ Address Profile October 2012#Street address mandated data standardNational (NZ)GuidanceLINZPublished2018-06PUBLISHAdd2020-10-06 UTF-8 (UCS Transformation Format 8-bit encoding)10646The encoding is variable-length and uses 8-bit code units. It was designed for backward compatibility with ASCII, and to avoid the complications of endianness and byte order marks in the alternative UTF-16 and UTF-32 encodings. The name is derived from: Universal Coded Character Set + Transformation Format - 8-bit RFC 3629 describes UTF-8, a transformation format of ISO 10646 ISO/IEC 10646-1 defines a large character set called the Universal Character Set (UCS) which encompasses most of the world's writing systems. The originally proposed encodings of the UCS, however, were not compatible with many current applications and protocols, and this has led to the development of UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the full US-ASCII range, providing compatibility with file systems, parsers and other software that rely on US-ASCII values but are transparent to other values. Specified in ISO/IEC 10646 Information technology — Universal Coded Character Set (UCS) Source: GEA-NZ Standards Reference Appendix - 2. Data Integration - 3. International Technical Foundation Standards. https://www.utf8.com/RecommendedUTF-8 accounts for 98% of all web pages.GCDO Digital functional leadership mandate.DIAGCDO@dia.govt.nzInternationalStandard - TechnicalThe Unicode ConsortiumCurrentyPUBLISH Web Content Accessibility Guidelines (WCAG) 2.1Web Content Accessibility Guidelines (WCAG) 2.1 covers a wide range of recommendations for making Web content more accessible. Following these guidelines will make content more accessible to a wider range of people with disabilities, including accommodations for blindness and low vision, deafness and hearing loss, limited movement, speech disabilities, photosensitivity, and combinations of these, and some accommodation for learning disabilities and cognitive limitations; but will not address every user need for people with these disabilities. These guidelines address accessibility of web content on desktops, laptops, tablets, and mobile devices. Following these guidelines will also often make Web content more usable to users in general.https://www.w3.org/TR/WCAG21/Recommended2020-05 added as Recommended. This is referenced by the Web Accessibility Standard 1.1 and provides the conformance criteria. GCDO Digital functional leadership mandate.DIAweb.standards@dia.govt.nz#NZ Government Web StandardsWeb Content Accessibility Guidelines v2.0 (WCAG 2.0)InternationalStandardW3C (World Wide Web Consortium)Recommendation2018-06-05PUBLISHAdd2020-05-26 WSDL 2.0 (Web Services Description Language Version 2.0)The Web Services Description Language Version 2.0 (WSDL 2.0) is an XML language for describing Web services. This specification defines the core language which can be used to describe Web services based on an abstract model of what the service offers. It also defines the conformance criteria for documents in this language. Source: GEA-NZ Standards Reference Appendix - 1. Internet and On-line Presence - 3. International Technical Foundation Standards. GEA-NZ Standards Reference Appendix - 2. Data Integration - 3. International Technical Foundation Standards. Was: Web Services Description Language (WSDL) Version 2.0 https://www.w3.org/2004/07/xml2004-hh/wsdl20-update.htmlAccepted2020-09 Changed to Accepted from Recommended as agreed at workshop 2020-09-07 as WSDL is not recommended over other standards.GCDO Digital functional leadership mandate.DIAInternationalStandard - TechnicalW3C (World Wide Web Consortium)Recommendation2007-06-26PUBLISHUpdate 2020-09-07 WS-I Basic Profile 2.0The WS-I Basic Profile (official abbreviation is BP), a specification from the Web Services Interoperability industry consortium (WS-I), provides interoperability guidance for core Web Services specifications such as SOAP, WSDL, and UDDI. Source: GEA-NZ Standards Reference Appendix - 2. International Technical Interoperability Standards. Mature and managedhttp://ws-i.org/Profiles/BasicProfile-2.0-2010-11-09.htmlAcceptedDIAInternationalStandard - TechnicalWS-I (Web Services Interoperability Organisation)Final Material2010-11-09PUBLISH XMI (XML Metadata Interchange)The XML Metadata Interchange (XMI) is an Object Management Group (OMG) standard for exchanging metadata information via Extensible Markup Language (XML). It can be used for any metadata whose metamodel can be expressed in Meta-Object Facility (MOF). The most common use of XMI is as an interchange format for UML models, although it can also be used for serialization of models of other languages (metamodels). Note: - XMI Version 2.4.2 has been formally published by ISO as the 2014 edition standard: ISO/IEC 19509. - XMI Version 2.0.1 has been formally published by ISO as the 2005 edition standard: ISO/IEC 19503. Source: GEA-NZ Standards Reference Appendix - 1. Internet and On-line Presence - 3. International Technical Foundation Standards. GEA-NZ Standards Reference Appendix - 2. Data Integration - 2. International Technical Standards. Mature and Managed. Widespread adoption. GEA-NZ Standards Reference Appendix - 2. Data Integration - 3. International Technical Foundation Standards. AKA: MOF 2 XMI Mappinghttps://www.omg.org/spec/XMI/2.5.1/PDFRecommendedGEA-NZ models produced from Sparx EA are published using XMI.DIAInternationalStandard - TechnicalOMG (Object Management Group)PUBLISH