New Zealand Government Independent Trusted Authority Evaluator for Security and Privacy
A due diligence approach to improve the effectiveness of the controls within the government sector. The Digital Identity Services Trust Framework is designed to establish a digital identity environment that is both secure and reliable — individuals can confidently share their information knowing it’s protected. Cianaa is a Trusted Authority Evaluator (TFA) for New Zealand government services.
Evaluation snapshot
Other NZ & government assessments
Why TFA Evaluation Matters
Secure Digital Identity
The Digital Identity Services Trust Framework is designed to establish a digital identity environment that is both secure and reliable. Individuals can confidently share their information.
Strict Standards by Law
Securing accreditation means your service has met strict security and privacy standards set by law. Independent evaluators assess your controls against criteria like the Privacy Act 2020 and best practice.
Protecting Citizen Data
Governments collect and store a large amount of personal data on citizens. Implementing standards for cybersecurity can help ensure that this data is protected.
National Resilience
Cyberattacks can be used to disrupt operations, steal sensitive information, and cripple a country’s ability to respond to crises. Standards can help protect against these.
Best Practices for All
Implementing best practices from government standards for cybersecurity can help protect citizens, businesses, and the country as a whole from the growing threat of cyberattacks.
Independent Verification
An objective and independent assessment improves critical posture of security and reduces the risk of digital identity service compromise.
TFA Accredited Services to Process
Three stages to TFA accreditation — scope, document, demonstrate.
Define Scope
Define the scope of the services for which you seek accreditation and ensure you meet baseline requirements. Experts advise focusing only on the parts of your business that need accreditation (e.g. only the identity services).
Document Conformance
The independent evaluation results are included here as evidence of compliance for security, privacy, and identity standards. Essentially, this step is about documenting everything: your policies, procedures, controls.
Review & Demonstrate
During this stage the Identification Team will review your conformance documentation and ask for a demonstration of your service to review that it does as your documentation describes, and meets the assurance criteria.
The Auditor’s Philosophy
Scope & Objectives
The auditor defines the scope of the audit, sets clear objectives, and formulates a comprehensive plan for executing the audit effectively.
Identify Vectors
The auditors ascertain the individuals, processes, and technologies that fall within the scope of the audit, while also identifying potential attack vectors through comprehensive design reviews.
Threat-Based Framework
In light of the risks identified through the threat assessment, the auditors develop a comprehensive framework to assess each control, ensuring thorough due diligence is maintained.
Empirical Evidence
Our audit is grounded in empirical evidence. The findings are substantiated by data, providing our clients with a comprehensive overview of any identified nonconformities.
Control Effectiveness
The auditor assesses the effectiveness of the controls implemented to verify their presence, thereby mitigating potential threats and risks.
Conclusive Findings
The auditors expertly gather and analyze evidence from various sources to reach decisive conclusions and produce a robust, evidence-based report.
Frequently Asked Questions about TFA Evaluation
What is the Trust Framework Authority (TFA)?
The Digital Identity Services Trust Framework is designed to establish a digital identity environment that is both secure and reliable. The Trust Framework Authority (TFA) is the body that accredits services under this framework.
What does TFA accreditation involve?
Securing accreditation means your service has met strict security and privacy standards set by law. Independent evaluators assess your controls against criteria like the Privacy Act 2020 and best practice.
What is the scope of a TFA evaluation?
Define the scope of the services for which you seek accreditation and ensure you meet baseline requirements. Experts advise focusing only on the parts of your business that need accreditation.
What does the evaluation process look like?
The Identification Team reviews your conformance documentation and asks for a demonstration of your service. They verify that the service operates as documented and meets the assurance criteria.
Ready to begin your TFA accreditation?
NZ Government Independent Trusted Authority Evaluator for Security and Privacy — Digital Identity Services Trust Framework, Privacy Act 2020 alignment, evidence-based evaluation.