Your browser currently has JavaScript turned off, which means that Digital.govt.nz might not display properly on your device. It’s easy to turn JavaScript on - find out how to enable JavaScript in your browser.

Technical context of an information system

Find the technical context of an information system to get a basic understanding of its current security position — this way, you can know whether a change makes that position better or worse.

Stakeholders for the technical context

For the information system that you’re assessing for risk, you’ll need to meet with its technical stakeholders. Depending on the roles in your organisation, these could be:

the service or technical owner — or their nominated delegate
enterprise or solution architects
subject matter experts
development and operations (DevOps) teams.

Make sure all the relevant stakeholders are involved and that everyone is on board with setting up a successful risk assessment.

Setting up a successful risk assessment

Technical context for public cloud services

Risk assessments for public cloud services focus on internal and external risks — as defined by the International Organization for Standardization (ISO). Technical stakeholders can help you to identify, quantify and treat these risks.

Risk management — Guidelines — ISO 31000:2018

Aspects of legacy-system technical contexts

When meeting with technical stakeholders about a self-hosted, legacy information system, focus on identifying its:

logical architecture
system components.

Logical architecture

Views of the system and component levels for an information system. These should include the:

security domains where system components are located
system interfaces and information flows — where and how data is stored, transmitted and processed.

Stakeholders responsible for the logical architecture

Responsible for identifying the information system’s components and defining its boundaries are the:

service owner — or their nominated delegate
enterprise or solution architect.

System components

The hardware and software components that make up the information system. List all direct and indirect components, such as:

servers
switches
firewalls
operating systems
applications
databases.

Stakeholders responsible for the system components

Subject matter experts in the organisation’s information and communications technology (ICT) are responsible for the ongoing support and maintenance of the information system.

JavaScript is currently turned off in your browser — this means you cannot submit the feedback form. It’s easy to turn on JavaScript — Learn how to turn on JavaScript in your web browser.

If you’re unable to turn on JavaScript — email your feedback to info@digital.govt.nz.

Was this page helpful?

Yes No Partly

Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

What did you come here to do?

How can we improve this information?

Last updated 10 October 2022