Waka Kotahi, the NZ Transport Agency, is New Zealand's Crown entity responsible for promoting safe and functional transport by land, including the responsibility for driver and vehicle licensing, and administering the New Zealand state highway network.
Waka Kotahi came to Catalyst looking for a solution that would automate essential aspects of their security assurance process and embed security requirements earlier into the product development lifecycle. They wanted a tool that delivered 'security by design' across the agency's technology teams.
By digitising and automating the previously document-based workflows, the Security Development Lifecycle Tool (SDLT) enables Waka Kotahi to simplify the security assurance process, reduce spend on unnecessary third-party assessments, and cut the product approval and delivery process from weeks to days.
Through a simple form-based interface, SDLT uses a series of questions to determine the complexity of the end product and will generate additional questionnaires such as Privacy Impact Assessments, or cloud risk assessments – commonly known as the GCIO 105 – to help teams digitally assess and record their security requirements.
The SDLT integrates with workflow management systems such as Jira, provides an audit trail that ensures security assurance has been built into the project delivery from the start and is based on the Government Chief Digital Officer (GCDO) and the New Zealand Information Security Manual standards as used by Waka Kotahi.
The four fundamental functions of Waka Kotahi’s SDLT are:
- Proof of Concept or Software Trial software
- Software-as-a-Service Adoption
- Solution or Initial Software Release
- Software Feature Release or Bug-fixes
Digital Security Risk Assessment
The SDLT also enables organisations to implement an innovative Digital Security Risk Assessment (SRA) process: questionnaires and task features are available to produce a complete risk assessment table. The SRA enables users to easily submit a Risk Questionnaire to assess and configure risks against digital component controls – these can all be customised and managed.
Waka Kotahi open sourced the project as the tool handles information gathering, task creation, workflow management, and business approvals – meeting the needs of a large variety of agencies. Open sourcing this tool means that there is unlimited potential for organisations to save thousands of dollars and work hours.
Catalyst and Waka Kotahi continue to innovate together, discussing new updates and features and we look forward to seeing this tool grow.