IAR is designed for the New Zealand public sector, with security considered from the architecture up. A useful starting point: the register only holds metadata about your information holdings (descriptive, public information) not the sensitive content of the records it governs.
An asset register describes what you hold and how it is governed, as published in your disposal schedule(s). This is already public information.
IAR records assets, classes, schedules, stewards, retention, and disposal rules: register metadata, which is public information.
The records themselves stay in your content systems (SharePoint, EDRMS, line-of-business) under your existing controls.
That keeps IAR's risk profile low, while still giving you, and your regulator, the accountable view across everything.
The controls below are part of how IAR is built. We can supply architectural documentation on request to inform your assurance process.
Security is designed in, not bolted on. We can supply architecture and control evidence to support your assurance and accreditation work.
SSO is native to IAR, so access uses your existing identity provider and your own joiner / mover / leaver controls.
IAR is built to align with the New Zealand Information Security Manual. A formal review is on our roadmap; the design intent is NZISM alignment from the outset.
All content is available as CSV export at any time, and the API is bi-directional, so your information and its metadata are never locked in.
Through our partnership with TeamCloud / TeamIM, IAR can be hosted and run on New Zealand infrastructure where local hosting and compute are required.
Because the register holds public metadata rather than sensitive record content, the consequences of any exposure are inherently limited.
IAR is designed to sit alongside the systems you already run, not to replace them or trap your data inside it.
We're happy to work through your security questionnaire, provide architecture and control evidence, and support accreditation. Tell us what your process needs.
Send us your questionnaire or assurance requirements and we'll respond with the evidence you need.