New Zealand Government Cloud Adoption and Risk Assessment Framework¶
Status: ✅ Approved Version: 2.0
| Field | Value |
|---|---|
| ID | GUARD-SEC-007 |
| Category | Security |
| Subcategory | compliance |
| Type | guideline |
| Owner | Chief Information Security Officer / Compliance Team |
| Approved by | — |
| Approved date | — |
| Review due | — |
Description¶
Outlines the New Zealand government's mandatory framework for public cloud service adoption, including information classification, risk assessment requirements, and compliance with the Privacy Act 2020 and Information Security Manual. Government organizations must conduct due diligence using the Risk Discovery Tool covering data sovereignty, security, privacy, and incident response.
Source document¶
Last fetched: 2026-04-21
Related guardrails¶
- GUARD-CLOUD-001 — Cloud First Policy – NZ Government
- GUARD-CLOUD-002 — All of Government Cloud Sourcing Strategy
- GUARD-SEC-001 — New Zealand Information Security Manual (NZISM) v3.9
Change history¶
| Version | Date | Author | Summary |
|---|---|---|---|
| 2.0 | 2026-04-21 | auto-generated | Updated description and tags to reflect comprehensive cloud adoption framework covering risk assessment, privacy compliance, and data sovereignty requirements. Source refreshed from Microsoft Learn compliance documentation. |