New Zealand Government Assessments to Reduce Spectrum of Risks
A due diligence approach to improve the effectiveness of the controls within the government sector. A government standard to improve the cybersecurity of organisations — an objective and independent assessment improves critical posture of security and reduces the risk. Cianaa provides assurance services for the New Zealand public sector under NZISM, ISO 27001, ISO 27701 and PCI DSS.
Multi-framework assurance
Other government & risk assessments
Why NZ Government Assurance Matters
Critical Industries Need Standards
Many industries and agencies are considered critical to the functioning of a society. Government standards can help ensure that these industries have appropriate cybersecurity measures in place.
Protecting Citizen Data
Governments collect and store a large amount of personal data on citizens, such as their names, addresses, and social security numbers. Implementing standards for cybersecurity can help protect this data.
National Defense & Resilience
Cyberattacks can be used to disrupt military operations, steal sensitive information, and cripple a country’s ability to respond to crises. Standards can help protect against this.
Best Practices for All
Implementing best practices from government standards for cybersecurity can help protect citizens, businesses, and the country as a whole from the growing threat of cyberattacks.
Acceptable Risk, Not Zero Risk
The aim is not to eliminate all risks but rather to identify and achieve an acceptable level of risk for the organisation.
Asset-Driven Policies
We identify an organisation’s information assets and then implement policies and procedures to protect those information assets.
Multi-Standard Government Assurance
We provide assurance services by certifying and attesting your organisation against NZISM, ISO 27001, ISO 27701 and PCI DSS.
NZ Information Security Manual
The New Zealand government standard providing a baseline for information security across government agencies and the critical infrastructure they serve.
Information Security Management
International ISMS standard for building, implementing, and continuously improving information security across the organisation.
Privacy Information Management
PIMS extension to ISO 27001 — managing personally identifiable information under GDPR, NZ Privacy Act and similar privacy regimes.
Cardholder Data Protection
Where government agencies process payment card data, we provide PCI DSS QSA-led assessments as part of integrated assurance.
The Auditor’s Philosophy
Scope & Objectives
The auditor defines the scope of the audit, sets clear objectives, and formulates a comprehensive plan for executing the audit effectively.
Identify Vectors
The auditors ascertain the individuals, processes, and technologies that fall within the scope of the audit, while also identifying potential attack vectors through comprehensive design review.
Threat-Based Framework
In light of the risks identified through the threat assessment, the auditors develop a comprehensive framework to assess each control, ensuring thorough due diligence is maintained.
Empirical Evidence
Our audit is grounded in empirical evidence. The findings are substantiated by data, providing our clients with a comprehensive overview of any identified nonconformities.
Control Effectiveness
The auditor assesses the effectiveness of the controls implemented to verify their presence, thereby mitigating potential threats and risks.
Conclusive Findings
The auditors expertly gather and analyze evidence from various sources to reach decisive conclusions and produce a robust, evidence-based report.
We use diverse approach to Evidence Corroboration
Triangulating evidence from multiple sources gives credible, defensible audit conclusions.
Multi-Standard Efficiency
Saves time efficiently by utilizing a single, streamlined method to evaluate a variety of different standards across multiple criteria.
Triple-Source Triangulation
Having three or more sources of evidence gives credible results for cyber security assessments.
Honest Posture Reporting
We state true facts or findings corroborated by evidence. The audit methodology indicates your probable risks and findings give you a true posture of risk — mitigated or elevated.
Frequently Asked Questions about NZ Government Assurance
What is NZISM?
NZISM is the New Zealand Information Security Manual — the government standard providing a baseline for information security across New Zealand government agencies and the critical infrastructure they serve.
What standards do you assess against for NZ government clients?
We provide assurance services by certifying and attesting your organisation against NZISM, ISO 27001, ISO 27701 and PCI DSS.
What is the goal of NZ government assurance assessment?
The aim is not to eliminate all risks but rather to identify and achieve an acceptable level of risk for the organisation. We identify information assets and implement policies and procedures to protect them.
How does Cianaa approach the audit?
Our audit is grounded in empirical evidence — multi-source corroboration across at least three sources to give credible results. We state true facts or findings corroborated by evidence.
Reduce your spectrum of risks
Independent NZ government assurance — NZISM, ISO 27001, ISO 27701 and PCI DSS in a single, evidence-driven engagement. Multi-source triangulation, transparent reporting, acceptable-risk focus.