Log in with RealMe

To access the Procurement online service, you need a RealMe login. If you've used a RealMe login somewhere else, you can use it here too. If you don't already have a username and password, just select "Log in" and choose to create one.

What's RealMe?

To log in to this service you need a RealMe login.

This service uses RealMe login to secure and protect your personal information.

RealMe login is a service from the New Zealand government that includes a single login, letting you use one username and password to access a wide range of services online.

Find out more at www.realme.govt.nz.

Safety, security and accessibility requirements and guidelines

Minimum standards, requirements and guidelines to provide a safe and secure work environment for all employees and visitors, including clients and contractors.

Safe and secure environment requirements

All staff must follow occupational safety and health standards published under law and by their agency. Agencies located within the same building must use the same security access control system.

Workplaces need to meet any security requirements published by the New Zealand Security Intelligence Service.

Protective Security Requirements

The Protective Security Requirements (PSR) outline the government’s expectations for managing personnel, as well as physical and information security. They include mandatory requirements that all government agencies must implement to:

  • better manage business risks
  • ensure continuity of service delivery
  • assure the government and the public that appropriate, effective measures are in place to protect New Zealand’s people, information and assets.

As part of its role, the PSR aims to ensure that each agency’s security capability aligns with the risk environment they work in. The PSR has developed a security capability maturity model to help agencies work this out. Agencies should use it to self-assess both their current security capability and their desired future state.

The model can be downloaded from the Protective Security Requirements website, along with other tools and templates.

Capability Maturity Model for Protective Security [PDF 743KB] – Protective Security Requirements

Physical security requirements

To make sure your agency is physically secure, you must provide clear direction on physical security through the development of policy and an agency security plan.

Have in place policies and protocols to:

  1. identify, protect and support employees under threat of violence, based on a threat and risk assessment of specific situations. In certain cases, agencies may have to extend protection and support, for example to family members
  2. report incidents to management, human resources, security and law enforcement authorities, and Worksafe NZ as appropriate
  3. provide information, training and counselling to employees
  4. maintain thorough records and statements on reported incidents.

Fully integrate physical security early into the process of planning, selecting, designing and modifying your facilities.

Make sure any proposed physical security measure or activity is consistent with the relevant health and safety requirements.

You also need to show a duty of care for the physical safety of the public interacting with the New Zealand Government. Where an agency’s function involves providing services, the agency must ensure clients can transact with the government with confidence about their physical wellbeing.

Your physical security measures must minimise or remove the risk of information assets being made inoperable, inaccessible or improperly accessed or used. Develop plans and protocols to move up to heightened security levels in cases of emergency and increased threat.

The New Zealand Government may direct its agencies to implement heightened security levels. Download our high-level framework for incorporating security assessments and responses into a design project for more information.

There are more considerations for co-location projects.

Health, safety and security in a co-location

Security zones in workplace design

Workplaces are designed with three general categories of space.

  1. Public (Zone 1 in PSR): areas that the public have unimpeded access to during office hours. This includes transaction counters, reception, and meeting spaces.
  2. Invited (Zone 2 in PSR): areas that known visitors can access when escorted by an employee. These are generally collaborative areas or controlled meeting areas.
  3. Private (Zone 2 or higher in PSR): areas that only employees can access, such as the general work area. Areas within this space can be restricted to specific employees, either through:
    1. physical controls, for example a secure evidence room, or
    2. temporary people-based controls, like signage indicating that a meeting room is needed for confidential work.

Access guidelines

Workplace access should be based on the level of security required. Public areas, including reception and some meeting rooms, should maximise sharing between agencies and minimise barriers for external guests. Designated invited areas should allow staff to host guests beyond the public area while minimising disruption to the workplace and maintaining business confidentiality and security for other staff members.

Your agency's private areas should be designed to support staff security and confidentiality.

Where there are specific security requirements, some agencies may want to establish additional secure zones within private areas. These secure zones may incorporate electronic and physical security systems.

You should minimise the number of secured access routes or paths within the work environment. Any building access control systems should be capable of operating advanced encryption, and your agency should use a common system type. This will allow controlled movement between buildings, as settings applied in the systems allow, while providing the physical security required.

General security guidelines

The reception counter area should be designed to ensure the safety of staff. This should include barriers, distress alarms and a refuge area.

Closed circuit television implementation and other security measures should be aligned with the Government Standard Building Performance Specifications.

Guidelines for securing documents

Set up follow me printing capabilities to give staff the flexibility and freedom to work and print anywhere across the agency’s portfolio, as well as to increase document security. Also be sure to set up systems that allow staff to store confidential documents securely and with ease.

Implementing clear desk policies ensures sensitive information is properly secured by staff at the end of each day.

Accessibility guidelines

Every public service office must be accessible, and usable, for all staff and visitors.

Each office design or fit-out should cater to the widest possible range of ability, with as few barriers or constraints as possible. You may not be able to achieve a truly universal design or fit-out because of the practical limitations of the building’s physical shape, equipment availability and cost, but any design or fit-out should aim to make the workplace accessible for and usable by all people.

Where practical, your workplace should cater for disabled people through both the physical environment and operational elements. Your agency should provide reasonable accommodation for disabled people.

Agencies should also incorporate the Building Performance 'Designing for access and usability' guidance.

Reasonable accommodation – Ministry of Social Development

Buildings for everyone: Designing for access and usability – Building Performance

A workplace safety and security scenario

Mark arrives at work one morning and is approached in the lobby by a person he does not know. The stranger isn’t wearing appropriate identification and claims to have forgotten his swipe card. He asks Mark to swipe him to Level 7 of the building.

Mark does not do this, but directs the stranger to reception to get new identification and access into the private areas of the building. This is fortunate, as this person was not a staff member and should not have access to invited or private office areas.

When Mark arrives at his floor he heads to a communal work space and notices that a nearby team has signposted the area as requiring a higher level of privacy. Even though Mark is wearing his staff identification and is allowed on the floor, he chooses another area to work from, which will allow the neighbouring team a suitable degree of privacy.

Simple, people-based controls can deal with situations which require greater than normal privacy. When staff communicate their requirements clearly and respectfully, understand others’ requirements and have well understood and accepted flexible work environments; they are able to act in a secure manner without having to be security experts – it’s easy for them to do the right thing.

Top