Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search

 


MSD releases Deloitte Phase II report

MSD releases Deloitte Phase II report


Ministry of Social Development Chief Executive Brendan Boyle has welcomed the independent Deloitte Phase 2 Report into IT security saying it is timely and constructive as we move to expand our online capability.

Two primary causes of the kiosk security breach were that security was not adequately designed into the kiosk project and that exposures identified by penetration testing were not adequately escalated or followed up in that case.

“While there are matters that need to be addressed, I am reassured that the Phase 2 Report has found those issues are not widespread across the Ministry. From the scope of the work Deloitte did, there was also no evidence found to suggest that there were other breaches of the Ministry’s IT systems.

“This was a very wide ranging and thorough review. I wanted to be assured that our organisation’s culture and approach to privacy and security was robust,” said Brendan Boyle.

“I’m very pleased that the report has found that MSD does have a strong culture that values the importance of privacy and information security. This has meant that in general, good judgement has been applied when risks have been identified.

“Deloitte has found that we need to improve our policies and processes to ensure that information security risks are escalated to the right level in all cases. We also need to make explicit that information systems security is a critical part of all our IT projects and is an integral part of everyday business.

“I have made it clear to my leadership team that we are responsible for ensuring this occurs and that the protection of client information is at the forefront of all decision-making. We have already taken steps to make improvements in these areas and I am committed to implementing all the recommendations in the report.

“To that end I am creating a new senior management position of Chief Information Security Officer to support the implementation of all of the recommendations from the two Deloitte reports. We will begin recruiting for this role within the next few weeks.

This role will report directly to the Deputy Chief Executive, People, Capability and Resources, and I have formally assigned information security management to that Deputy Chief Executive to provide a single point of responsibility for driving information security activity across the Ministry.

“Taking the two reports together, I’m confident we have provided a very thorough and effective response to this breach,” Brendan Boyle said.

“Implementation of the remaining recommendations is our priority, and I will also be reviewing any recommendations from the forthcoming GCIO report very closely so as to provide the New Zealand public with full confidence that their personal information is safe and secure in MSD systems.

“Lastly, I can confirm the Ministry has decided on a preferred option to replace the computer kiosks closed in October.

“We’re in negotiations with a preferred supplier for new client self-service workstations that will be completely separate from the Ministry’s own IT systems.

“The next stage will be proof of concept and rigorous testing. The workstations will only be introduced once we’re satisfied that they are as secure as possible. All going well, we aim to roll them out from May next year,” Brendan Boyle said.

Around 75 per cent of clients have access to the internet without having to use our services and the remaining clients are being supported to find jobs by their case managers and referrals to alternative internet services such as local libraries.

“I’m sorry we won’t have them up sooner, but it is essential we get this right,” said Brendan Boyle.

The Phase 2 Report
Download the Deloitte Phase 2 Report (PDF 892.9KB)
[Scoop copy: deloittephase2finalreport.pdf, Key findings p15,16]


Deloitte Phase 2 report - questions and answers
What happens next?

The Ministry of Social Development will implement all recommendations made in the second independent Deloitte report. We want to assure the public that we take this security breach and the wider issue of IT security extremely seriously and have taken swift action to address it.

Taking both Deloitte reports together, the Ministry is confident it now has the platforms and strategic direction in place to ensure our IT security system is robust. This second Deloitte report has been given to the Government’s Chief Information Officer to support his wider review of public computer systems operated by government agencies.

What will the Chief Information Security Officer do?

In response to Deloitte’s Phase 2 report the Ministry will appoint a Chief Information Security Officer who will report directly to the Deputy Chief Executive, People, Capability and Resources.

The primary focus of this role is to lead the Ministry’s information security risk management to ensure that personal client information is adequately protected, controlled and secured. The position will also oversee the Ministry’s information security strategy and associated policies and standards.

Have you contacted all those affected by the kiosk breach?
Of all the items downloaded, invoices relating to 10 individuals contained highly sensitive information. The Ministry has spoken with all these individuals or people acting on their behalf (some are children) and is continuing to work with them to address their concerns.

How many people called the Ministry to ask about their details?

The Ministry has been able to reassure around 100 people, who have contacted us over the past six weeks. Anyone who may be concerned that their information may have been accessed can contact us on 0800 559 009.

Can MSD give an assurance this won’t happen again?

The Ministry can give an assurance that it’s taken this security breach extremely seriously and has moved swiftly to strengthen IT security. This review, along with the first Deloitte report, has given us the information we need to build on our existing IT risk management structure to take all possible steps to prevent something like this happening again.

Is the employment investigation complete?

Not yet. We’re continuing to work through the employment investigation involving four individuals. This process needs to be fair and we’ll take the time necessary to ensure this happens. Findings from the Phase 2 report will be used as part of this investigation.

How much did the report cost?

The two reports cost about $450,000. This is a significant sum, but we had to ensure we understood what had occurred and were in a position to take every possible step to prevent it happening again. New Zealanders we work with must have confidence we will keep their information secure.

Do Work and Income clients still have access to on-line services?

Around 75 per cent of Work and Income clients have access to the internet. We’ve been supporting those who don’t in a range of ways which has included case managers working directly with clients, on site, with their online search. Clients can also call our 0800 number and staff will help them over the phone.

Staff members have also been connecting people with free local internet services, including libraries and places with wireless broadband connections. As well as this there are many community organisations that have publicly available internet access.

Sites also provide clients with access to newspapers, Student Job Search and employment agencies. Access to the Ministry’s online services such as MyAccount has not been affected by the kiosks’ absence.

We know the absence of the kiosks has been disruptive. The vast majority of our clients have been understanding of the shutdown and we thank them for their patience as we work through this.

What services will the new workstations provide?

Clients will be able to access the internet from the stations to job search and apply for benefits and payments online. Functionality to upload CVs, and create and print documents, may be added at a later stage.

Given the age we live in, we are committed to helping our clients understand and use digital services. We expect the workstations to be superseded by new technology over future years, as new online and mobile channels emerge.

© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

 

PARLIAMENT TODAY:

  • Govt Probed Over Health & Safety
  • Questions and Answers 28-05-15
  • Week in Parliament 22-05-15
  • Saturday Sitting
  • House Rises At Midnight
  • Telco Levy Bill Passes
  • Telco Levy Bill Completes First Reading
  • Social Housing Bill Passes Under Urgency

  • Labour Party: McCully Doesn’t Deny Bribe In Saudi Sheep Scandal

    “In Parliament today I asked Murray McCully directly: Why is he the first Minister in history to back a multi-million dollar facilitation arrangement which in other jurisdictions is called a bribe? says Labour’s Export Growth and Trade spokesperson ... More>>

    ALSO:

    Welfare: Closure Of Relationships Aotearoa

    The Aotearoa New Zealand Association of Social Workers (ANZASW) Chief Executive Lucy Sandford-Reed is concerned about the closure of a national service which provides a wide range of services to rural and urban communities throughout New Zealand. More>>

    ALSO:

    TPPA: University Of Auckland Warns Of Negative TPP Impact

    The University of Auckland May 20, 2015 University of Auckland Warns of Negative TPP Impact With the Trans Pacific Partnership (TPP) negotiation drawing to a close, the University of Auckland has expressed serious concerns about its potential implications. ... More>>

    NZ Flag: Flag Referendum Gets Hit Hard In New Poll

    The latest Campbell Live text poll confirms it is time for the Prime Minister to listen to the public and shelve his flag referendum, says the New Zealand First Leader Rt Hon Winston Peters. More>>

    Gordon Campbell: The Government’s Belated Moves On Property Speculation

    Is it a property tax on capital gains or a capital gains tax on property? The Jesuitical distinctions in the government’s spin about its latest moves on property speculators are all about whether the government can claim that it jumped, or confess that it ... More>>

    Grant Robertson:
    Key Can’t Just Be Prime Minister For Parnell

    John Key must show New Zealanders in next week’s Budget that he is more than the Prime Minister for Parnell, and is also the Prime Minister for Pine Hill, Putararu and Palmerston North, Labour’s Finance spokesperson Grant Robertson says. In a ... More>>


    Labour Party: More Regional Jobs Go In Corrections Reshape

    News that 194 Corrections staff are to lose their jobs will have ramifications not only for them and their families but for the wider community, Labour’s Corrections spokesperson Kelvin Davis says. Prison units at Waikeria, Tongariro and Rimutaka ... More>>

    ALSO:

  • NZ First - Prison Job Losses to Send Money Offshore
  • TPPA: ‘Team Obama’ Regroups On Fast Track, Still Not Deliverable

    ‘After yesterday’s stinging and unexpected defeat for the Obama administration’s attempt to advance Fast Track legislation in the US Senate, Senate leaders have worked up a compromise they think will get them past this blockage’, according to Auckland ... More>>

    NZ Government: 5,500 More Doctors And Nurses In Our Hospitals

    Health Minister Jonathan Coleman says a record number of doctors and nurses are working in District Health Boards across the country. More>>

    Controller and Auditor General: Katherine Rich Conflict of Interest Decision

    We are writing to you about a matter that has been raised with us by members of the public. More>>

    ALSO:

    Budget 2015: Andrew Little On The 2015 Budget

    Speaking to the Chamber of Commerce, the Labour opposition leader attacked the government’s approach to economic issues facing New Zealand. He said they have been “more than reckless in their complacency” and “the next week’s budget will do nothing ... More>>

    Defence Force: NZDF Building Partner Capacity Mission Personnel In Iraq

    NZDF Building Partner Capacity Mission Personnel in Iraq The New Zealand Defence Force Building Partner Capacity training mission contingent is in place at Taji Military Complex in Iraq. The Chief of Defence Force Lieutenant General Tim Keating says the ... More>>

    PM Press Conference: ACC Levy Cuts Announced

    In a press conference this afternoon in Wellington, ACC Minister Nikki Kaye proposed $500 million worth of ACC levy cuts. More>>

    Quakes: New Process For Red Zone Crown Offers

    Canterbury Earthquake Recovery Minister Gerry Brownlee has announced a process to give everyone a say on the Crown offers to owners of vacant, commercial/industrial and uninsured properties in the Residential Red Zone. More>>

    ALSO:

    Get More From Scoop

     

    LATEST HEADLINES

     
     
     
     
     
     
     
     
     
    Politics
    Search Scoop  
     
     
    Powered by Vodafone
    NZ independent news