Understanding the PSR:

A Practical Guide for NZ Organisations

Security threats in New Zealand are changing fast. From cyber attacks and insider risks to unauthorised access and sabotage, organisations face increasing pressure to protect people, assets, and information. Yet many still respond reactively, buying tools, running isolated projects, or patching issues without a clear plan.

The Protective Security Requirements (PSR) offer a way to change that. Tailored for New Zealand, the PSR provides a practical framework to help organisations design security measures that are aligned, consistent, and proportionate to risk.

This guide explains how the PSR works, why it matters, and how it can help your organisation take a more strategic approach to protective security.

A Framework Born from Practical Need

The PSR was introduced in 2014 to resolve inconsistencies in how government agencies handled security. Different standards across departments had created avoidable vulnerabilities. Drawing from similar frameworks in the UK and Australia, the PSR was adapted to fit New Zealand’s environment. It is flexible, risk-aware, and practical.

While its roots are in the public sector, the PSR is now widely used in private enterprise, non-profits, and infrastructure providers. Its structured approach helps any organisation align security decisions with operational realities.

The Four Domains of Protective Security

The PSR organises security into four interdependent domains:

1. Governance

Senior leaders are responsible for making informed security decisions. Governance ensures that risks are known, and that the organisation’s security responsibilities are clearly defined.

2. Personnel Security

People with access to sensitive systems or information must be vetted and supported. Personnel security covers hiring, onboarding, behaviour management, and exit procedures.

3. Information Security

Sensitive information, whether digital or physical, must be protected against unauthorised access, loss, or corruption.

4. Physical Security

Buildings, equipment, and people need protection from intrusion, theft, and harm. Physical security includes access controls, surveillance, and emergency planning.

Each domain is important, but they are most effective when applied together. A failure in one area can reduce the effectiveness of controls in another.

Why Method Matters More than Measures

Many organisations equate security with hardware such as CCTV, barriers, or access cards. These tools only work when driven by a clear, risk-based process.

The PSR encourages a structured approach. It begins by identifying risks, assessing their likelihood and impact, and then selecting measures that directly address those risks.

A structured, risk-led approach turns that around. It starts by identifying real threats, assessing impact, and selecting targeted, proportionate controls. Every security measure is tied to a purpose. This avoids both overengineering and under-protection.

The PSR supports this discipline. It provides a framework that helps organisations make decisions based on evidence, not assumptions. This ensures each investment strengthens overall resilience rather than simply adding another layer.

What the PSR Delivers:

  • A consistent, scalable security strategy across teams

  • Better ROI by prioritising controls that matter most

  • Fewer blind spots and fewer overengineered solutions

  • Stronger internal alignment between security, operations, and leadership

Still Relying on Tools Without a Strategy?

If your security spend feels reactive or fragmented, we’ll help you build a practical, risk-led roadmap aligned with the PSR.

Beyond Government: Practical Applications Across Sectors

While the PSR began in the public sector, it’s increasingly adopted by private businesses particularly those handling sensitive data, managing infrastructure, or operating in regulated environments.

From banks and law firms to logistics providers and retailers, more organisations are turning to the PSR as a risk-smart alternative to scattered security investments.

The PSR is flexible enough to apply across industries. Here’s how different sectors are putting it to work:

  • Retail: Managing theft, after-hours access, and staff safety

  • Professional Services: Protecting client data and limiting insider risk

  • Manufacturing: Securing intellectual property, production facilities, and supply chains

  • Education: Controlling lab access, safeguarding student records, and protecting open campuses

  • Non-profits and Community Organisations: Enhancing safety for volunteers and planning for disruptions

For example, a university might apply the PSR to identify risks such as unsecured lab spaces or unmonitored access to student records. By mapping those risks to targeted controls, the institution builds a coherent strategy that matches investment to actual exposure.

The PSR as a Long-Term Strategic Tool

The PSR is more than a set of guidelines. It is a practical tool that helps leaders build a strong foundation for long-term resilience. It encourages strategic thinking and enables organisations to scale their security efforts with consistency across teams, locations, and assets.

It is also designed to evolve. The PSR is updated regularly to address emerging threats, including cybercrime, insider threats, and state-sponsored interference.

Organisations that integrate the PSR into planning and operations report clearer decision-making, better use of budget, and stronger trust with stakeholders.


Build Confidence Through Process

Security is not defined by how much you spend or how many devices you install. It is shaped by how well you understand your environment, prioritise your risks, and implement consistent, proportionate measures.

The PSR helps organisations make confident decisions, backed by evidence, and focused on real outcomes. It reduces guesswork, aligns teams, and creates a shared understanding of what good security looks like.

By embedding this process, organisations build not just protection but confidence internally and externally

Ready to Lead with Confidence?

Join the growing number of NZ organisations building smarter, scalable security frameworks with the PSR.

Together, we’ll shape a strategy you can trust, measured, structured, and fit for purpose.