TFA EvaluatorDigital IdentityPrivacy Act 2020NZ Government

New Zealand Government Independent Trusted Authority Evaluator for Security and Privacy

A due diligence approach to improve the effectiveness of the controls within the government sector. The Digital Identity Services Trust Framework is designed to establish a digital identity environment that is both secure and reliable — individuals can confidently share their information knowing it’s protected. Cianaa is a Trusted Authority Evaluator (TFA) for New Zealand government services.

TFA at a glance

Evaluation snapshot

🇳🇿 Digital Identity Services Trust Framework
⚖️ Privacy Act 2020 alignment
🛡️ Security standards by law
👁️ Independent third-party evaluator
Trust Framework Authority (TFA)

Why TFA Evaluation Matters

Secure Digital Identity

The Digital Identity Services Trust Framework is designed to establish a digital identity environment that is both secure and reliable. Individuals can confidently share their information.

Strict Standards by Law

Securing accreditation means your service has met strict security and privacy standards set by law. Independent evaluators assess your controls against criteria like the Privacy Act 2020 and best practice.

Protecting Citizen Data

Governments collect and store a large amount of personal data on citizens. Implementing standards for cybersecurity can help ensure that this data is protected.

National Resilience

Cyberattacks can be used to disrupt operations, steal sensitive information, and cripple a country’s ability to respond to crises. Standards can help protect against these.

Best Practices for All

Implementing best practices from government standards for cybersecurity can help protect citizens, businesses, and the country as a whole from the growing threat of cyberattacks.

Independent Verification

An objective and independent assessment improves critical posture of security and reduces the risk of digital identity service compromise.

TFA Accredited Services Process

TFA Accredited Services to Process

Three stages to TFA accreditation — scope, document, demonstrate.

1

Define Scope

Define the scope of the services for which you seek accreditation and ensure you meet baseline requirements. Experts advise focusing only on the parts of your business that need accreditation (e.g. only the identity services).

2

Document Conformance

The independent evaluation results are included here as evidence of compliance for security, privacy, and identity standards. Essentially, this step is about documenting everything: your policies, procedures, controls.

3

Review & Demonstrate

During this stage the Identification Team will review your conformance documentation and ask for a demonstration of your service to review that it does as your documentation describes, and meets the assurance criteria.

Our approach

The Auditor’s Philosophy

1

Scope & Objectives

The auditor defines the scope of the audit, sets clear objectives, and formulates a comprehensive plan for executing the audit effectively.

2

Identify Vectors

The auditors ascertain the individuals, processes, and technologies that fall within the scope of the audit, while also identifying potential attack vectors through comprehensive design reviews.

3

Threat-Based Framework

In light of the risks identified through the threat assessment, the auditors develop a comprehensive framework to assess each control, ensuring thorough due diligence is maintained.

4

Empirical Evidence

Our audit is grounded in empirical evidence. The findings are substantiated by data, providing our clients with a comprehensive overview of any identified nonconformities.

5

Control Effectiveness

The auditor assesses the effectiveness of the controls implemented to verify their presence, thereby mitigating potential threats and risks.

6

Conclusive Findings

The auditors expertly gather and analyze evidence from various sources to reach decisive conclusions and produce a robust, evidence-based report.

FAQ

Frequently Asked Questions about TFA Evaluation

What is the Trust Framework Authority (TFA)?

The Digital Identity Services Trust Framework is designed to establish a digital identity environment that is both secure and reliable. The Trust Framework Authority (TFA) is the body that accredits services under this framework.

What does TFA accreditation involve?

Securing accreditation means your service has met strict security and privacy standards set by law. Independent evaluators assess your controls against criteria like the Privacy Act 2020 and best practice.

What is the scope of a TFA evaluation?

Define the scope of the services for which you seek accreditation and ensure you meet baseline requirements. Experts advise focusing only on the parts of your business that need accreditation.

What does the evaluation process look like?

The Identification Team reviews your conformance documentation and asks for a demonstration of your service. They verify that the service operates as documented and meets the assurance criteria.

NZ Trust Framework Authority

Ready to begin your TFA accreditation?

NZ Government Independent Trusted Authority Evaluator for Security and Privacy — Digital Identity Services Trust Framework, Privacy Act 2020 alignment, evidence-based evaluation.