SAM-NZISM

A tool to help achieve compliance with the New Zealand Information Security Manual

The New Zealand Information Security Manual (NZISM) is the New Zealand Government's manual on information assurance and information systems security.

Assessing and tracking the implementation of NZISM with over 1500 requirements has, until now, been an onerous task so we created SAM-NZISM in order to remove some of the pain.

SAM-NZISM is a cloud based tool that helps Government Departments and service providers assess their compliance with NZISM, create and manage Actions and allocate Tasks to work toward full compliance, track improvement along the way, and display easy to understand reports showing how well you are doing to date.

SAM-NZISM Management Methodology

SAM-NZISM tracks compliance against six major functional requirements

  • Governance
  • Incident Management
  • Infrastructure and Equipment Management
  • System Security
  • Protective Technology
  • Personnel Management
  • SAM-NZISM breaks these overarching requirements down into individual Categories and, for each of these, you can see how effectively your current processes, procedures and technology deployments meet the security requirements defined within NZISM.

    At the base level of SAM-NZISM are the Workplans with individual requirements precisely mapped and referenced to the controls specified within NZISM. Establishing the level of completeness within these Workplans allows you to develop an overall picture of how effective your NZISM related controls are, and quickly identify areas that need extra activity.

    SAM-NZISM incorporates an Action Manager that drives a pro-active NZISM compliance management process. Create Actions and assign to specific individuals, report on status and monitor the status of work-in progress.

    Some Actions require several Tasks to achieve completion.  The SAM-NZISM task tool enables you to assign, monitor and report on allocated Tasks that complete Actions and facilitate the completion of NZISM requirements.

    When compliance requirements cannot be met, create an Exception. The SAM-NZISM exception process allows you to record the reasons for non-compliance and keeps track of when the exception should be reviewed.

    Alternatively, if compliance is not required, create an Exemption. The SAM-NZISM exemption process allows you to record exemptions in an Exemption Register and automatically adjusts your compliance accordingly. If the situation changes, you can simply remove the Exemption and reassess your status.