Last updated 9 May 2017
InstructionsReview the requirements (see appendix) and fill in this formif you are requesting for a new remote Data Labat your organisation for the purpose of accessingStatsNZ microdata.See Using the Data Lab for more details.
Remote facilities will be considered for projects that have been active for a period of more than six months, and have a good track record for confidentiality and security.
Email your completed application form in Microsoft Word format to .•After receiving your completed application, we will contact you to discuss your request.
•Our Microdata Access and Security teams will inspect the proposed site. We will work through the security requirements listed in the appendix. The time to set up a new remote Data Lab can vary depending on security requirements and technical configuration.
•Final approval of the new facility rests with the Government Statistician.
Before youstart
We strongly recommend you discuss your proposed request with us before you submit an application. Contact us by phone on(04) 931 4253 or email at .
Consider the following important issues when preparing your application.
Location / The proposed site is able to be secured.People / People at the location are aware of their roles and responsibilities regarding access to the remoteData Lab.
Confidentiality / Data should not be viewable by anyone who is not an approved Data Lab user.
More detailed requirements are in theappendix.
Part 1: About this application1.1Project title(s)
Enter thecode and title of your existing microdata project(s).
Code
(eg MAA20XX-XX) / Title
1.2Main contact
Provide details of the main contact for your project.
Name / Position / Organisation / Phone / Email
1.3Alternative contact
If the main contact cannot be contacted during the application process, provide details of an alternative contact person.
Name / Position / Organisation / Phone / Email
Part 2: Facility details
7.1 Address
Note:Access to microdata at a remote Data Lab is subject to confirmation that the requirements listed in the appendix have been met.
Physical address for proposed remote Data Lab
7.2 IT contact
Provide contact details of the IT contact personfor the remote Data Lab. This contact will be responsible for the initial set-up and ongoing management of the ‘IT system setup’ and ‘IT system security’ as stated inthe appendix.
Name / Position / Organisation / Phone / Email
7.3 Purpose
Explain why you are requesting a remote Data Lab.
Appendix
Security checklist for remote access to microdata
February 2017
Physical security
Access will only be permitted at the specified premises (the ‘approved research facility’)Research facility can be locked to prevent unauthorised access
Procedures are in place to prevent unauthorised people from observing microdata
Remote access terminal is locked whenever it is not in use
Remote access terminal session is ended (user logs off) when it is no longer needed
Remote access terminal screen and keyboard are positioned so that they cannot be seen
by unauthorised people (including people outside the building)
Approved research facility is not a private residence
Approved research facility is not a publically accessible place
Approved research facility is not an open-plan office
Researcher security and confidentiality practices
All researchers have completed a StatsNZ approved security and confidentiality training sessionAll researchers have confirmed they will not communicate information protected by the Statistics Act 1975 with any individual not approved by StatsNZ
All researchers have confirmed they will not transfer information out of the remote access to microdata service except as authorised by StatsNZ
All researchers have confirmed they will keep their remote access to microdata log-on details private and will not share them withany other individual
All researchers have confirmed they will not attempt to reverse-engineer the system in any way
All researchers have confirmed they will inform StatsNZ as soon as possible if they believe a security breach has occurred, or may occur
Monitoring and audit
All researchers allowStatsNZ to keepinformation including researchers’session activity. Stats NZ requires this information for managing the remote access system, billing accounts, and for auditing purposesResearch organisation agrees that StatsNZ or its agent may conduct physical audits of the approved research facility and IT systems
Service support
Research organisation agrees to provide StatsNZ or its agent with access to any IT equipment supplied by Stats NZ as necessary to maintain the equipmentResearch organisationacknowledges that support for the remote access system and general enquiries about the microdata will be available from 8.30am–5pm Monday to Friday, except public holidays and may be limited in special circumstances where advised
IT system set-up
Terminals are connected on one V-LAN with a single, static, IP addressTerminals are desktop PCs, not laptops
The terminals are thin clients/dumb terminals (ie only used for remote access to Stats NZ’s microdata access service)
No connection to the organisation's own IT system
No Start menu option
No Accessories such as Snipping Tool
No drive access
No email access
No internet apart from that required to connect to the Stats NZ network
Terminals must have MS Internet Explorer
Terminals may have MS Windows, Oracle Java Runtime, virus scanning software
IT Systems security
Research organisation has IT systems security policies in place to manage the risks of unauthorised access to IT facilities, servers and network devices, network infrastructure, and IT equipmentOnly authorised staff can manage, maintain or dispose of servers, network devices and IT equipment
Research organisation minimises administrative privileges following the ‘need to have’ principle on all IT equipment
Research organisation operates a firewall to prevent unauthorised access to its IT systems
Research organisation maintains up to date anti-virus software on all IT equipment
Research organisation maintains up-to-date operating system and third-party software patches on all IT equipment
Security of information collected under the Statistics Act 1975
Research organisationagrees that StatsNZ may remove access to the system without notice if any security or confidentiality concerns are identified.1