Jurisdictional risks

In the context of public cloud services, jurisdictional risks occur where data is subject to the laws of the country where cloud services providers store, process, or transmit data.  ‘Data sovereignty’ is often used interchangeably with ‘jurisdictional risks’.

The Government Chief Information Officer has developed frameworks for assessing jurisdictional risks in relation to both jurisdictions and cloud services providers.  Agencies are encouraged to use these frameworks to inform their risk assessments of public cloud services.  These frameworks are available in the UNCLASSIFIED version of the guidance on managing jurisdictional risks (PDF, 816kb).

The full version of this guidance, which contains assessment of jurisdictions, is available to New Zealand government agencies.  Agencies should request the full version of this guidance from: gcio@dia.govt.nz

Page last updated: 24/07/2017