Subscribe to our Newsletter!
To keep up to date with the latest news from 2Shakes!
Help With Centrix & DIA Forms
New Zealand clients of 2Shakes who use electronic ID Verification services, and in particular the Department of Internal Affairs (DIA) Passport Verification Service, need to have certain policies and plans.
We provide below a number of policies and plans that our clients may find useful to adopt, or to use as a starting point for their own customised policy.
2Shakes provides no warranties or guarantees whatsoever on the appropriateness or usefulness of these documents for any particular business. It is up to each client at their sole discretion to decide to use them in way they see fit, and in so doing so assume any and all liability for their use.
What you need to know
What you need to complete and send us
- Signed Centrix Subscriber Form
- Signed and typed DIA Form accompanied with your Privacy Policy
Email support@2Shakes.co.nz to get these forms sent to you.
Overall Tips
- The DIA Agency form must be typed.
Every part of the form must be typed, the only section they will accept not typed is the signature fields. Also, please do check your forms for grammatical errors, the DIA are very particular with their applications.
If you hear back from us regarding your DIA form, we are only trying to help ensure that your form has the best chance of being accepted, and won’t be rejected on the basis of a minor error. The processing time for the DIA can be around two weeks, so it’s imperative that your forms are in ship-shape before you send them. - The DIA form seems to be more Google Chrome friendly. So, if you are having some trouble entering details and find the text doesn’t always fit within the fields, try using Chrome as your browser of choice.
- The only additional document you are required to send in is your Privacy Policy. We don’t need your Information Security Policy or your Risk Management Policy. If you are worried about your Privacy Policy, we have put together some resources which might help you.
- It is important that you have a privacy policy in place since you deal with personally identifiable information. We suspect DIA will require this.
- Don’t forget to sign the Centrix Subscriber form as you will be the Subscriber.
DIA Form Tips
Q1. If your business also has a trading name, please put this alongside the registered name.
We strongly advise you to put your business’s website address down. If you don’t have a website but you have a Facebook page for your business or something similar, feel free to put that web address down.
If you don’t have a website or social media page for your business, please put N/A for website address.
Q4. In your answer, do mention that you are a reporting entity under AML/CFT Act and are required to carry out Customer Due Diligence to meet the Act.
Q5. If you don’t have a Privacy Policy or the other policies mentioned, we recommended that you do create them.
Q6. Like Q5. we recommend you have the documented plans.
Q7. This question is required. Briefly outline details of your security and risk management practices.
You may like to consider the following:
- Do you have password policies in place and renew passwords regularly?
- Do you use 2 factor authentication?
- Do you protect your business’ data and your customer’s?
- Do you limit staff access to sensitive information on a ‘need to know’ basis?
- Do you only collect data that is required to carry out business activities?
- Do you regularly make secure, offsite backups or back up to the cloud?
- Are staffed trained and aware of their responsibilities regarding risk management and security procedures?
Centrix Form Tips
Consumer Credit Bureau
- We have pre-ticked AML/CFT Act 2009.
- Remember to tick any other access purposes that your business needs.
Privacy Policy Help
Question 5 of the DIA form asks if you have a Privacy Policy and to attach it to the form. If you don’t have one, we recommend you create one.
When creating a privacy policy, you may like to consider:
- What client information do I collect?
- What do I use this information for and why do I need it?
- How long do I need to keep this information?
- Who has access to this information?
- Including a link to the 2Shakes policy in your own
See opposite for helpful resources.
Resources for a Privacy Policy
- You can use the tool on the Privacy Commissioner’s website to help create your own privacy statements
- Lawyers, Simmonds Stewart, have a template for a privacy policy and they also have a doc maker tool to create a privacy policy (you will need to create an account for the tool)
- The Privacy Commissioner’s Privacy Principles
- If you are a member of a professional institute or professional body, you will have access to resources that will help you create a privacy policy
- Business.govt.nz provide tips on what customer and employee information you should be keeping and ways to protect personal data
- Digital.govt.nz has guidance information on privacy and and key privacy concepts
Information Security Policy Help
You are not required to send this policy in with your forms. You will need to provide this if asked.
You may like to consider:
- What do you do to protect your business’s sensitive information
- What is your plan when you have a breach
- Who has system access
- How will staff know how to comply with company information security policy
See opposite for helpful resources.
Resources for an Information Security Policy
- Stuart Dillon-Roberts has written some articles with some great information on security policies and establishing an incident management plan. He has also provided helpful templates and checklists!
- Connect Smart have a NZ SME toolkit to help businesses create security policies.
- CERT NZ has guidelines on creating a cyber security policy for your business
- Digital.govt.nz has information on security that is aimed at Government agencies, but it does also have some information on cloud service risk assessments
Risk Management Policy Help
Again, you are not required to send this policy in with your forms. You will need to provide this if asked.
If you don’t already have a risk management policy and are thinking about creating one for your business, you may like to consider:
- What are the risks that my business could face?
- How can I mitigate these risks?
- How will staff know how to respond to these risks?
See opposite for helpful resources.
Resources for a Risk Management Policy
- CERT NZ has several tips for businesses creating risk assessment policies
- Digital.govt.nz has several resources specifically for the public sector, but they may help you understand many aspects of risk management in relation to your business.
Additional 2Shakes Privacy and Security Information
We would also like to mention that 2Shakes places the protection of data and the privacy of information as a top priority in the design and operation of our solution. We adhere to the principal of Privacy by Design – which means that Privacy and protection of data were designed into our solution from the beginning rather than added on at the end.
2Shakes was developed to meet the New Zealand Governments strict requirements for Privacy and Security, this means:
- NZ Privacy Act requires that you only collect information that you need.
When you onboard with 2Shakes the fields and selections you make only ask for required information.
We have also designed our sign up process in a way that prevents inadvertent sharing of private information like IR numbers across different signing parties. - ACC Privacy Assessment 2Shakes has passed a privacy assessment completed by NZ ACC.
This provides an independent confirmation that we deal with client private information appropriately. - DIA 105 Questions 2Shakes has completed NZ Department of Internal Affairs 105 questionnaire on secure cloud computing for government.
This again provides an independent confirmation that we are storing client information safely and securely online.
Your information is stored securely on Microsoft’s world-class Azure Platform. Dual Australian data centres provide
geo-redundancy, and ensure data is in a trusted Five Eyes (FVEY) territory outside the U.S. Patriot Act.