About Wellington International Airport
Wellington International Airport Limited (WIAL) is a joint venture between Infratil and the Wellington City Council to operate a domestic/international airport.
Wellington is the third busiest airport in New Zealand. In a typical year it will handle around six million passengers and provides an important transport link to the nation’s capital. The airport, in addition to connecting many New Zealand destinations with national and regional carriers, also has links to major cities in eastern Australia, Fiji and Singapore.
The airport has 100 employees, with 60% undertaking aeronautical operational roles, and 40% performing a mix of corporate and commercial support roles. The airport has embraced technology and automation to enhance its efficiency, and utilises over 70 IT systems.
The key driver for formalising a set of IT policies for WIAL was the constant challenge of managing an ever-changing set of cyber risks. The WIAL Board and Executive team have no tolerance for a cyber breach, so the organisation conducts regular audits and reviews of its cyber controls. Robust IT policies are regarded as a key element in managing cyber risks and extremely valuable in establishing an appropriate control environment.
“Maintaining our policies to ensure they were well written and still relevant to the changing landscape presented a challenge for us,” says Leanne Gibson, General Manager Facilities, Transport & Technology.
“Periodically we were questioned by suppliers and staff over compliance because some of the policies were poorly drafted or incomplete. We also did not have any way to easily reference the content to industry standard cybersecurity frameworks,” comments Leanne.
In assessing the Policy Management as a Service offering, it was clear it would be an excellent fit for WIAL’s requirements. “Whilst we had some good original IT policies, it was great that the team would be able to work with a far more complete and comprehensive set of policies, in a system, that are all cross referenced to relevant standards. This allowed us to fill the gaps and, in most cases, tighten the wording and directions for the three different user groups we service - Management, General Users, and our Technical staff,” says Leanne.
On completion of the workshop the final WIAL system was made available on AWS, having been fully customised and branded to the airport’s requirements. The policy statements in the system are referenced to a number of recognised standards selected by WIAL. Under their subscription model any ongoing changes that may be required in areas such as policy statement wording, standards, or terminology are taken care of by Kaon Security. This ensures the contents of the system will remain current and valid for use by the team at WIAL.
The System includes:
• 25 key policies – for user, manager and technical roles
• Audit requirement details and compliance index
• Process and Procedures section
• Forms, Logs and Guidelines content
• Security Awareness videos
• Various search and system navigational tools
Leanne comments, “It has been invaluable to have reference to a credible, trusted, up to date set of IT policies for all situations. Since implementation, our team has been able to meet all demands and requests put to us in a professional, proactive, and timely manner. The team now feel they can give authoritative advice and direction based on the policy set.”
“During the workshop, it was fantastic having access to such experienced security gurus. The team all felt that their knowledge was enhanced exponentially and that the time spent was extremely worthwhile.”
“As a CIO, this system has helped me enormously from a compliance perspective, and it is one that I now wouldn’t be without and I have no hesitation in recommending it.”
WIAL have an annual IT Awareness refresher session for all staff, as well as an induction session on IT policy for new staff members. The IT Policy website is promoted at both of these events.