Certification and compliance to professional standards

Information security

TIMG manages sensitive records for both Government and corporate clients, who by default, demand the highest level of information security and process auditability/transparency of both physical and digital information.

We are members of the following organisations or comply with the professional standards or requirements as listed.

International Legislation

TIMG adheres to applicable information security requirements contained in legislation such as the following;

  • Privacy Act (NZ)
  • Public Records Act (NZ)
  • Notifiable Data Breach Legislation (Australia)
  • General Data Protection Regulation (EU)

i-SIGMA Member

International Secure Information Governance and Management Association™ (i-SIGMA™), is recognised as the leading international body for companies providing secure information destruction services. NAID AAA Certification means that your information will be disposed of according to Government regulations that are applicable to your business.

TIMG are i-SIGMA members and our Wellington branch is NAID AAA certified for secure destruction of information contained on media such as paper, micro media, and physical hard drives. At our other nationwide branches, we destroy documents and media with compliance with NAID AAA standards.

In New Zealand, TIMG is the only i-SIGMA member holding NAID AAA accreditation.



The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s guide on information assurance and information systems security.

The NZISM is a practitioner’s set of requirements to meet the needs of agency information. Agency Heads utilise the guide to accredit vendors, contractors and consultants who provide services to agencies. The requirements include minimum technical security standards for good system hygiene, as well as provide other technical and security guidance for Government departments and agencies to support good information governance and assurance practices.

TIMG collaborates with our Government clients on a case by case basis to ensure that our solutions meet NZISM compliance.


The Payment Card Industry Data Security Standard (PCI DSS) is a global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data.  It consists of steps that mirror security best practices.  The PCI DSS is administered and managed by the PCI Security Standards Council – an independent body that was created by the major payment card brands.

TIMG are compliant with the PCI DSS requirements 9 & 12 regarding personnel access and physical security of the media. NB this is not applicable to BackOnline services in NZ.

Archives New Zealand

Archives New Zealand, Te Rua Mahara o te Kāwanatanga, is the official guardian of New Zealand’s public archives. They gather, store and protect an extremely wide range of material. The Public Records Act 2005 sets the framework for contemporary record keeping across Government and Archives New Zealand works with Government agencies to administer the Act.

TIMG adheres to the guidelines laid down by the Public Records Act.

Toitū carbonreduce® (formerly CEMARS)

TIMG are a Toitū carbonreduce® (formerly CEMARS) certified organisation. Our greenhouse gas emissions are measured in accordance with ISO 14064-1 and we are committed to managing and reducing emissions. The Toitū carbonreduce® certification comprises the first two steps towards the Toitū carbonzero certification.

TIMG is part of the Freightways group of companies and each business within the group will measure emissions to gain an understanding of our impact on the environment in which we do business. Freightways are currently committed to a five year reduction plan, with longer-term targets being developed on an ongoing basis. Freightways believes that our commitment to the Toitū carbonreduce® certification process will encourage staff and contractors across Freightways, together with our business partners and suppliers, to make environmentally positive decisions every day. Toitū carbonreduce® certification allows Freightways to take a very positive step toward reducing our carbon emissions and further minimising our relative impact on the environment.

Private Investigators and Security Guards Act

TIMG maintains strict security, handling, and environmental protocols that comply fully with Section 16 of the Private Investigation and Security Guards Act.

Certificate of Approval

TIMG carries a Company Licence to run a business in the private security industry, as defined in the Private Security Personnel and Private Investigators Act.  As such, all TIMG staff carry a current Certificate of Approval and have been security cleared by the Ministry of Justice and the NZ Police.

Staff Security Clearances

Level 1 - Ministry of Justice

Certificate of Approval, issued by the Registrar of Private Investigators and Security Guards through the Department for Courts – checks for convictions held on the Justice Department’s database (primarily for convictions of dishonesty and / or violence)

Level 1 - Inland Revenue

Inland Revenue Department – checks for financial indiscretions of an individual in terms of tax liability, student loans and DPB payments

Level 2 - NZ Police

NZ Police clearance, via NZ Police vetting and validation – checks for suspected crimes, association with known or suspected criminals

Level 3 - NZ Security Intelligence Service

Clearance carried out by the Department of Internal Affairs, via NZ Security Intelligence

Level 3 - NZ Security Intelligence Service

Service – same as above but also includes undermining any Government by unlawful means, violation of the civil rights of ethnic, religious or political group