Required NZ government agreements with access to public cloud services
If government organisations are looking to buy public cloud services that are covered in 1 or more of these all-of-government agreements, use the matching agreements instead of going directly to service providers.
Assess the risks before using required all-of-government agreements
For the information system you’re looking to use with the all-of-government agreement, you’ll still need to do a risk assessment. It’s needed to account for factors that are unique to your:
- information system
- business context.
Assess the risks of using a public cloud service
Check for certification documents you can use
You can use certification documents to help with your risk assessment of using an all-of-government agreement. To get these, contact the security team at the Department of Internal Affairs at ictassurance@dia.govt.nz.
Required all-of-government agreements
These 3 all-of-government agreements use, in varying amounts, public cloud services.
1 — Information Security Professional Services
When it comes to risk assessments for public cloud services, your organisation must either:
- have in-house expertise
- consult industry experts from Information Security Professional Services, or
- use a mix of both.
Information Security Professional Services
Level of in-house expertise | Are you required to use Information Security Professional Services? |
---|---|
Full | No. |
Partial | Yes — use the professional services for the parts of the risk assessment outside your organisation’s in-house expertise. |
None | Yes — use the professional services for the full risk assessment. |
2 — Telecommunications as a Service
The all-of-government agreement for Telecommunications as a Service (TaaS) helps government organisations with:
- telecommunications and managed security
- unified communications
- contact centres.
Telecommunications as a Service
3 — RealMe®
Government organisations are required to use RealMe® services rather than developing new systems for authenticating and verifying people’s identities. RealMe® helps government organisations with service delivery — specifically:
- security
- digital identity
- privacy.
Previously required: Infrastructure as a Service
In April 2023, the all-of-government agreement for Infrastructure as a Service (IaaS) stopped being required.
DIA’s information and communications technology (ICT) team has contacted the government organisations affected by this change. If you have questions, contact ictccpartners@dia.govt.nz.
In the meantime, this IaaS agreement continues to help government organisations with 4 core services for:
- data centres
- utility computing — a range of hypervisors
- storage
- back-up.
A hypervisor is a specialised operating system that allows server hardware to run multiple virtual guest operating systems at the same time.
More information — Cloud Capabilities Network
The Government Chief Digital Officer has set up a network for learning about using public cloud services. The Cloud Capabilities Network includes sharing resources among its many benefits.
Join the Cloud Capabilities Network — help with public cloud services
Utility links and page information
Last updated