In this episode, Tom Maasland, a partner in MinterEllisonRuddWatts’ Technology team talks to Luke Han, a solicitor in Tom’s team, about the framework for cyber security that exists in New Zealand. Tom and Luke focus on recent New Zealand standards in cyber security that set out a framework for compliance, giving entities the best chance for protecting the data that they hold and defending their technology against cyber attacks. [2:10] Tom and Luke start by discussing the difference between data security (also known as information security) and cyber security, giving examples of each instance. [4:15] They then look at key standards in New Zealand, starting with the New Zealand Protective Security Requirement (PSR), in particular looking at personnel, information and physical security. [9:00] Next, they discuss the New Zealand Information Security Manual (NZISM), a component of the PSR that is maintained by the GCSB. They talk about the complexity of this document, and look at specific versus general contractual compliance. [12:12] Tom and Luke then talk about Te Whatu Ora’s Health Information Security Framework, that was introduced at the end of 2022. [14:56] Finally, they talk about the recently established National Cyber Security Centre’s (NCSC) Cyber Security Framework, which is currently in beta form and is inviting feedback. Information in this episode is accurate as at the date of recording, 03 November 2023. We note that the podcast references a large number of regulatory regimes and documentation, both here and abroad. For ease of reference, we have set out links to some of the key items mentioned below: •ISO standards: the international organisation for standardisation, which operates out of Switzerland. The best known standard for information security, cyber security and privacy protection is ISO/IEC 27001, available for purchase here. •NIST framework: a framework arising out of the United States to help organisations better manage and reduce cyber security risk. This is a voluntary framework except in the case of certain organisations, e.g. US federal government agencies. •Protective Security Requirements (PSR): the PSR is available here •NZ Information Security Manual (NZISM): the NZISM is available here •National Cyber Security Centre (NCSC): information about the NCSC is available here •NCSC Cyber Security Framework: the proposed framework and address for suggestions in feedback is here. Please contact Tom Maasland or our Technology team if you need legal advice and guidance on any of the topics discussed in the episode. Please get in touch to receive an episode transcript. Please don’t forget to rate, review or follow Tech Suite wherever you get your podcasts. You can also sign up to receive technology updates via your inbox here. For show notes and additional resources visit minterellison.co.nz/podcasts