Online Practice Guidelines
The Department of Internal Affairs has developed a set of online practice guidelines to help agencies and vendors establish a fit-for-purpose approach to managing information and services online, apply the approach to their websites and make informed risk management decisions. The guidelines include tools and checklists that focus on online security and privacy risk management, managing information and data on the web, and strategic online management guidance.
The guidance aims to establish a common understanding across agencies about what ‘good practice online’ means. It aims to describe the minimum quality baselines that agencies can reasonably be expected to meet, drawn from existing requirements.
Three guides have been developed:
- The first guide aims to raise awareness of security and privacy management online, and outlines reasonable expectations of security and privacy risk management for agencies’ websites and services. This security and privacy guideline is available on the Government Web Toolkit now.
- The second guide draws on the principles of the Rethink Online strategy to provide guidance on strategic management of agencies’ online channels. This strategic management guideline is available on the Government Web Toolkit now.
- The third guide provides practical advice about how to effectively manage information and data online to help meet obligations set out in mandatory standards and legislation. It draws on the Public Records Act 2005, New Zealand Data and Information Management Principles and the new Records Management Standard. This information and data management guideline is available on the Government Web Toolkit now.
The guides have been developed with the assistance of cross-agency groups and support the ICT Strategy and Action Plan, the Better Public Services Programme (specifically, Results 9 and 10) the requirements of the Privacy Act and Privacy Principles, SIGS and the NZISM, records management standards and the Data and Information Management Principles.
For further information, email email@example.com