Help With Centrix & DIA Forms

New Zealand clients of 2Shakes who use electronic ID Verification services, and in particular the Department of Internal Affairs (DIA) Passport Verification Service, need to have certain policies and plans.

We provide below a number of policies and plans that our clients may find useful to adopt, or to use as a starting point for their own customised policy.

2Shakes provides no warranties or guarantees whatsoever on the appropriateness or usefulness of these documents for any particular business.  It is up to each client at their sole discretion to decide to use them in way they see fit, and in so doing so assume any and all liability for their use.

 

What you need to know

What you need to complete and send us

  • Signed Centrix Subscriber Form
  • Signed and typed DIA Form accompanied with your Privacy Policy

Email support@2Shakes.co.nz to get these forms sent to you.

Overall Tips

  • The DIA Agency form must be typed.
    Every part of the form must be typed, the only section they will accept not typed is the signature fields. Also, please do check your forms for grammatical errors, the DIA are very particular with their applications.
    If you hear back from us regarding your DIA form, we are only trying to help ensure that your form has the best chance of being accepted, and won’t be rejected on the basis of a minor error. The processing time for the DIA can be around two weeks, so it’s imperative that your forms are in ship-shape before you send them.
  • The DIA form seems to be more Google Chrome friendly. So, if you are having some trouble entering details and find the text doesn’t always fit within the fields, try using Chrome as your browser of choice.
  • The only additional document you are required to send in is your Privacy Policy. We don’t need your Information Security Policy or your Risk Management Policy. If you are worried about your Privacy Policy, we have put together some resources which might help you.
  • It is important that you have a privacy policy in place since you deal with personally identifiable information. We suspect DIA will require this.
  • Don’t forget to sign the Centrix Subscriber form as you will be the Subscriber.

DIA Form Tips

Q1. We strongly advise you to put your business’s website address down.

Q4. In your answer, do mention that you are a reporting entity under AML/CFT Act and are required to carry out Customer Due Diligence to meet the Act.

Q5. If you don’t have a Privacy Policy or the other policies mentioned, we recommended that you do create them.

Q6. Like Q5. we recommend you have the documented plans.

Q7. This question might not apply to everyone. Not applicable is an acceptable answer

Centrix Form Tips

Consumer Credit Bureau

  • We have pre-ticked AML/CFT Act 2009.
  • Remember to tick any other access purposes that your business needs.

Privacy Policy Help

Question 5 of the DIA form asks if you have a Privacy Policy and to attach it to the form. If you don’t have one, we recommend you create one.

When creating a privacy policy, you may like to consider:

  • What client information do I collect?
  • What do I use this information for and why do I need it?
  • How long do I need to keep this information?
  • Who has access to this information?
  • Including a link to the 2Shakes policy in your own

See opposite for helpful resources.

 


Information Security Policy Help

You are not required to send this policy in with your forms. You will need to provide this if asked.

You may like to consider:

  • What do you do to protect your business’s sensitive information
  • What is your plan when you have a breach
  • Who has system access
  • How will staff know how to comply with company information security policy

See opposite for helpful resources.


Risk Management Policy Help

Again, you are not required to send this policy in with your forms. You will need to provide this if asked.
If you don’t already have a risk management policy and are thinking about creating one for your business, you may like to consider:

  • What are the risks that my business could face?
  • How can I mitigate these risks?
  • How will staff know how to respond to these risks?

See opposite for helpful resources.


Additional 2Shakes Privacy and Security Information

We would also like to mention that 2Shakes places the protection of data and the privacy of information as a top priority in the design and operation of our solution. We adhere to the principal of Privacy by Design – which means that Privacy and protection of data were designed into our solution from the beginning rather than added on at the end.

2Shakes was developed to meet the New Zealand Governments strict requirements for Privacy and Security,  this means:

  • NZ Privacy Act requires that you only collect information that you need.
    When you onboard with 2Shakes the fields and selections you make only ask for required information.
    We have also designed our sign up process in a way that prevents inadvertent sharing of private information like IR numbers across different signing parties.
  • ACC Privacy Assessment 2Shakes has passed a privacy assessment completed by NZ ACC.
    This provides an independent confirmation that we deal with client private information appropriately.
  • DIA 105 Questions 2Shakes has completed NZ Department of Internal Affairs 105 questionnaire on secure cloud computing for government.
    This again provides an independent confirmation that we are storing client information safely and securely online.

Your information is stored securely on Microsoft’s world-class Azure Platform.  Dual Australian data centres provide
geo-redundancy, and ensure data is in a trusted Five Eyes (FVEY)  territory outside the U.S. Patriot Act.