23/02/2024
Jim Parsons
[FYI request #25573 email]
Tēnā koe Jim
OIA: 1321951 – Information on the Zero Data service
Thank you for your email of 30 January 2024 to the Ministry of Education (the Ministry) requesting
the following information:
1. Please provide an architectural overview of the zero.govt.nz service which I believe was
designed and is run by your department.
2. I would like to review any security assessments that were undertaken for this service,
whether it be pre or post public launch.
3. Please provide an overview of how much this service is costing, including who is paying for
the service (i.e are costs passed on to other government departments), and how much has
been spent on the service so far (running costs, not initial setup costs).
Your request has been considered under the Official Information Act 1982 (the Act).
In response to
part one of your request, the Zero Data service (the service) is a collaborative effort
between several government agencies including the Ministry. The Ministry has contributed to parts
of the overall solution for the service. We are providing an architectural diagram that outlines at a
high level how the system has been set up, as
Diagram One, of
Appendix A, below.
Te Whatu Ora provides the IT hosting infrastructure for the service. Te Whatu Ora contracted a
third party to complete a Security Review Report, as part of the standard government certification
and accreditation process, and this report formed the basis of a high-level Security Risk
Assessment (SRA) prior to launch. The SRA was part of the information used to inform the
Authority To Operate document, which authorises Te Whatu Ora websites to become accessible
through Zero.govt.nz
Furthermore, the system went through penetration testing (to test for cyber-security vulnerabilities)
post launch. We can confirm that all identified risk items were subsequently addressed.
We are refusing
part two of your request under section 18(a) of the Act, by virtue of section 9(2)(k)
of the Act, as the withholding of the information is necessary to prevent the disclosure or use of
official information for improper gain or improper advantage.
Wellington National Office, 1 The Terrace, Levels 5 to 14, Wellington 6011
PO Box 1666, Wellington 6140, DX SR51201 Phone: +64 4 463 8000
As required under section 9(1) of the Act, I have considered the public interest in releasing the
information withheld. I do not consider the public interest considerations favouring the release of
this information are sufficient to outweigh the need to withhold it at this time.
In response to
part three, the service is funded through a mix of staff time contributed by
agencies, and a club fund to pay for third party services, such as, web hosting, internet traffic
charges, and third tier support. The current traffic going through the service and seven partner
agencies amount to an average monthly agency charge of $1,000 to $2,000. The total charges for
hosting services and mobile data traffic between July 2023 and December 2023 has amounted to
$54,461. These charges are invoiced quarterly to agencies.
Please note, we may publish this response on our website after five working days. Your name and
contact details will be removed.
Thank you again for your email. You have the right to ask an Ombudsman to review my decision
on your request, in accordance with section 28 of the Act. You can do this by writing to
[email address] or to Office of the Ombudsman, PO Box 10152, Wellington 6143.
Nāku noa, nā
Stuart Wakefield
Chief Digital Officer
Te Pou Hanganga, Matihiko | Infrastructure and Digital
OIA: 1321951
Appendix A
Diagram One: Architectural overview of the Zero Data service.
OIA: 1321951