Join us at Black Hat USA 2024!
Join us at Black Hat USA 2024!
Join us at Black Hat USA 2024!
Join us at Black Hat USA 2024!
Join us at Black Hat USA 2024!
Join us at Black Hat USA 2024!
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Protective Security Requirements (PSR) - Full guide

It establishes the govt’s supplies for privacy standards and for employees, data, and physical safety.

Effective safekeeping enables New Zealand govt organizations to operate together firmly in a situation of trust and sureness. Safeguarding people, information, and assets helps businesses to fulfil their strategic and operational objectives.

Whilst the PSR is meant for govt, the policy framework for security is also applicable for the private sector. At the centre of the PSR are 20 obligatory standards that encompass the four PSR categories of security governance, information security, personnel security, and physical security.

These obligatory standards are mandatory for particular government entities, not the private sector. However, these criteria should be considered best practice by private firms and if you are a supplier that is intending to engage with the government, being compliant with the requirements of the PSR is a good idea.

Protective Security Requirements (PSR) - Full guide

What is NCSC (National Cyber Security Centre)?

The Department of Environment, Climate, and Communications (DECC) established the National Cyber Security Centre (NCSC) in 2011. (DECC). The NCSC's mission is to advise and update providers of government IT and Critical National Infrastructure on the most pressing network information security risks and vulnerabilities.

It is responsible for leading the handling of major cyber security incidents throughout government, advising citizens and businesses, and building strong international ties within the global cyber security community to facilitate information exchange. Since 2011, the organization has been concentrating on strengthening its basis and expanding its capabilities in preparation for future operational endeavors.

What is the PSR?

Protective Security Requirements PSR meaning is a framework used by the NZ govt to protect its people, information, and assets from security risks.

Similar to the Australian PSR framework, the New Zealand PSR outlines mandatory privacy requirements that government agencies must adhere to. The context covers a broad range of security topics, including bodily privacy, personnel safety, statistics and communications technology security, and governance.

The New Zealand PSR framework is designed to help government agencies implement suitable privacy measures to safeguard their assets and evidence against a wide variety of privacy risks, including terrorism, espionage, and cyber threats. The framework is also intended to guarantee that govt agencies function successfully and competently, while maintaining the security and confidentiality of government information.

Adherence to the New Zealand PSR is mandatory for all govt agencies, and non-compliance can result in significant consequences, including reputational damage, financial penalties, and legal action.

Main Policies of the PSR

Main Policies of the PSR

New Zealand Protective Security Requirements include security management, human protection, info fortification, and physical privacy. All firms must follow the 20 regulations that span these four categories.

1. Security Governance (GOVSEC)

It is possible to safeguard employees, data, and property by strategically and efficiently managing security threats. To effectively deal with security threats, businesses must integrate safety into their everyday operations, policies, and procedures.

The PSR's eight mandatory management standards are meant to ensure that all security areas inside an enterprise are effectively monitored and managed.

  • GOV 1 – Develop and uphold the appropriate authority.
  • GOV 2 - Adopt a risk-based strategy.
  • GOV 3 - Plan ahead of time for disaster recovery.
  • GOV 4 – Raise vulnerability consciousness.
  • GOV 5: Control threats in group projects.
  • GOV 6 - Deal with data breaches.
  • GOV 7 - Can answer to heightened ranks of danger.
  • GOV 8 - Evaluate your capabilities.

2. PERSEC - Work Force security

The insiders are either our current or former workers, independent contractors, or business partners. They can cause harm to our employees, our customers, our assets, and our reputation by using the relevant data they have gained from their position of trust.

People are typically cited as a company's greatest strength, but they may also be its greatest vulnerability.

The PSR website stresses the importance of implementing safety precautions for employees beginning in the recruitment phase and continuing throughout their careers, recommending a threat-based strategy. In the PSR, you'll find stipulations for four different types of employees:

  • PERSEC 1 - Recruit the appropriate labor force.
  • PERSEC 2 - Always check their fitness for purpose.
  • PERSEC 3 - Plan their exit.
  • PERSEC 4 - Handle federal interest credentials.

3. INFOSEC - Data Security

Every business needs to guarantee that the data it handles, saves, and transmits remains private, intact, and always accessible. Maintaining confidentiality of data is essential for every company.

Knowing the nature and value of your data is essential for developing a strong password strategy.

A thorough inventory will help you identify the many information and ICT systems at your disposal, such as those that contribute to your organization's BC/DR preparations.

What the PSR means by an "information asset" should also be clear. The term is used to describe any and all types of material, such as:

  • Documents and other printed material.
  • a digital record of something.
  • storage, processing, and transmission software and hardware.
  • Facts gathered by individuals.
  • physical artefacts that could reveal design, components, or use.

For this reason, the following are the four fundamental necessities of info security:

  • Fundamental 1: Recognize Your Vulnerabilities.
  • Element 2: Plan your information integrity.
  • Fundamental 3: Verify your data encryption.
  • Element 4: Maintain current protective measures.

4. PHYSEC - Physical Security

Maintaining a healthy and secure atmosphere is an important part of your overall safety plan. A comprehensive strategy for guaranteeing access control incorporates both technological and procedural safeguards.

It's vital that you employ additional precautions to guarantee the protection of your data and information, and intrusion detection is an integral part of that.

In addition to bolstering health and safety regulations, solid physical protection for your business also improves its productivity and efficiency.

The first step in establishing reliable physical access is to identify potential weak points. It's possible that you'll want to safeguard:

  • your people, data, and assets.
  • patrons.
  • culture.

After you've catalogued your potential threats, you should assess how likely they are and how much damage they could do. Doing a risk assessment can help you identify areas where you need to take preventative measures.

There are four mandatory risk mitigation needs, including:

  • PHYSEC 1 – Learn what you must safeguard
  • PHYSEC 2 – Create a physical comprehensive plan
  • PHYSEC 3 – Confirm the validity of your data protection
  • PHYSEC 4 – Maintain current firewall rules

Compliance With PSR Requirements

It is mandatory for government entities. Failure to fulfil its requirements can have significant consequences, including reputational damage, financial penalties, and legal action.

To ensure compliance with its requirements, government entities are typically required to undergo regular security assessments and audits. These assessments help to identify any security gaps or weaknesses and provide recommendations for remediation.

In addition to assessments and audits, government entities must also develop and implement appropriate security policies, procedures, and controls to meet its requirements. This includes measures to protect physical assets, personnel, and information, as well as measures to detect, respond to, and recover from privacy incidents.

To support compliance with its requirements, government entities may also engage with third-party security consultants or vendors to provide expertise and assistance in implementing and maintaining appropriate privacy measures.


It is a framework used by the New Zealand Government to protect its people, information, and assets from security jeopardies. It outlines required safety requirements that government agencies must adhere to, covering topics like physical security, personnel privacy, information and communications technology security, and governance. Compliance with PSR is mandatory for government entities and failure to comply can result in significant consequences. This framework is designed to ensure appropriate security measures are in place to safeguard assets and information against a wide range of security risks, including terrorism, espionage, and cyber threats.


How can organizations ensure compliance with the PSR?
How are the PSR enforced?
Who is responsible for complying with the PSR?
What are some of the key requirements of the PSR?
Why are the PSR important?
What are Protective Security Requirements (PSR)?

Subscribe for the latest news

June 7, 2024
Learning Objectives
Subscribe for
the latest news
Related Topics