Skip to main content

Required NZ government agreements with access to public cloud services

If government organisations are looking to buy public cloud services that are covered in 1 or more of these all-of-government agreements, use the matching agreements instead of going directly to service providers.

Assess the risks before using required all-of-government agreements

For the information system you’re looking to use with the all-of-government agreement, you’ll still need to do a risk assessment. It’s needed to account for factors that are unique to your:

  • information system
  • business context.

Assess the risks of using a public cloud service

Check for certification documents you can use

You can use certification documents to help with your risk assessment of using an all-of-government agreement. To get these, contact the security team at the Department of Internal Affairs at

Required all-of-government agreements

These 3 all-of-government agreements use, in varying amounts, public cloud services.

1 — Information Security Professional Services

When it comes to risk assessments for public cloud services, your organisation must either:

  • have in-house expertise
  • consult industry experts from Information Security Professional Services, or
  • use a mix of both.

Information Security Professional Services

Table 1: Work out if you need to use Information Security Professional Services

Level of in-house expertise Are you required to use Information Security Professional Services?
Full No.
Partial Yes — use the professional services for the parts of the risk assessment outside your organisation’s in-house expertise.
None Yes — use the professional services for the full risk assessment.

2 — Telecommunications as a Service

The all-of-government agreement for Telecommunications as a Service (TaaS) helps government organisations with:

  • telecommunications and managed security
  • unified communications
  • contact centres.

Telecommunications as a Service

3 — RealMe®

Government organisations are required to use RealMe® services rather than developing new systems for authenticating and verifying people’s identities. RealMe® helps government organisations with service delivery — specifically:

  • security
  • digital identity
  • privacy.


Previously required: Infrastructure as a Service

In April 2023, the all-of-government agreement for Infrastructure as a Service (IaaS) stopped being required.

DIA’s information and communications technology (ICT) team has contacted the government organisations affected by this change. If you have questions, contact

In the meantime, this IaaS agreement continues to help government organisations with 4 core services for:

  • data centres
  • utility computing — a range of hypervisors
  • storage
  • back-up.

Infrastructure as a Service

A hypervisor is a specialised operating system that allows server hardware to run multiple virtual guest operating systems at the same time.

More information — Cloud Capabilities Network

The Government Chief Digital Officer has set up a network for learning about using public cloud services. The Cloud Capabilities Network includes sharing resources among its many benefits.

Join the Cloud Capabilities Network — help with public cloud services

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated