Security & trust

Built security-first, for public information.

IAR is designed for the New Zealand public sector, with security considered from the architecture up. A useful starting point: the register only holds metadata about your information holdings (descriptive, public information) not the sensitive content of the records it governs.

The data in IAR

An asset register describes what you hold and how it is governed, as published in your disposal schedule(s). This is already public information.

01

IAR records assets, classes, schedules, stewards, retention, and disposal rules: register metadata, which is public information.

02

The records themselves stay in your content systems (SharePoint, EDRMS, line-of-business) under your existing controls.

03

That keeps IAR's risk profile low, while still giving you, and your regulator, the accountable view across everything.

How we protect it

Security-first by design.

The controls below are part of how IAR is built. We can supply architectural documentation on request to inform your assurance process.

Security-first architecture

Security is designed in, not bolted on. We can supply architecture and control evidence to support your assurance and accreditation work.

Native single sign-on

SSO is native to IAR, so access uses your existing identity provider and your own joiner / mover / leaver controls.

NZISM-aligned by design

IAR is built to align with the New Zealand Information Security Manual. A formal review is on our roadmap; the design intent is NZISM alignment from the outset.

Your data, portable

All content is available as CSV export at any time, and the API is bi-directional, so your information and its metadata are never locked in.

Local hosting and compute

Through our partnership with TeamCloud / TeamIM, IAR can be hosted and run on New Zealand infrastructure where local hosting and compute are required.

Low-risk by data design

Because the register holds public metadata rather than sensitive record content, the consequences of any exposure are inherently limited.

Integration & access

Fits your stack, on your terms.

IAR is designed to sit alongside the systems you already run, not to replace them or trap your data inside it.

  • Native SSO with your existing identity provider
  • Bi-directional API for read and write integration
  • Full CSV export of all content, any time
  • Local hosting / compute via TeamCloud / TeamIM where required
  • Evidence available to support your assurance and accreditation

Running an assurance review?

We're happy to work through your security questionnaire, provide architecture and control evidence, and support accreditation. Tell us what your process needs.

elias@talentjam.io

Assurance

We'll meet your security process head-on.

Send us your questionnaire or assurance requirements and we'll respond with the evidence you need.