Contract Analysis Project FAQs

Frequently asked questions about the Contract Analysis Project.

These FAQs may be updated periodically.

Read more about the Contract Analysis project on the System Leadership page.

FAQs

How does this fit into social investment? 

This system-wide visibility is foundational to genuine social investment practice. By understanding what's working where, government can make better investment decisions focused on outcomes rather than assumptions, and identify successful approaches that can be scaled across government.  We recognise that this is one piece of a wider picture, which also includes funding and outcomes. 

Which agencies and what types of contracts are included?  

We are collecting social service contracts active between July 2023 and December 2025. The agencies we’re working with are:  

  • Ministry of Social Development,
  • Ministry of Justice,
  • Ministry of Health,
  • Oranga Tamariki,
  • Ministry of Education,
  • Te Puni Kokiri,
  • Ministry for Housing and Urban Development, and
  • The Centre for Family Violence and Sexual Violence Prevention.  

Please note that further agencies may be added to this list and you may hear directly from them.  

How will SIA use this information?  

SIA is using secure AI technology to extract key information: who's funded, what services are being delivered, where, for how much, and what outcomes are being measured. The insights generated from this information will be provided to agencies and Social Investment Fund Ministers.  

Who will have access to this information? 

Individual agency contracts and analysis remain confidential to those agencies. 

Will agencies be able to see other agency contracts with providers?  

Agencies will only have access to their own contracts. SIA will have visibility across all agencies to enable system-level analysis, but this information will not be used for commercial decision-making in isolation.  

Any sector-wide or sub-sector dashboards designed will be done so with commercial sensitivity front and centre. If there is any risk that a data point could reveal commercially sensitive information, it will be excluded from shared views. 

The insights and analysis will be shared with Social Investment Fund Ministers once complete.  

How is commercial information being protected? 

We take confidentiality seriously. The platform we're planning to use will have enterprise-grade security (ISO 27001 certified) and commercial information is protected. Analysis focuses on system-wide patterns, not individual contract details. We've had extensive legal and privacy advice to ensure information is properly protected. There will be no sharing of commercially sensitive data across government agencies.  

What evidence do you have that the portal meets NZISM, NIST or equivalent security standards? 

We can confirm that the proposed solutions will operate under security frameworks and controls aligned with internationally recognised standards. Specifically:  

  • ISO 27001 certified environment: All contract data is hosted within Microsoft Azure’s Australian data centre, which meets ISO/IEC 27001 requirements for information security management.  
  • Key controls in place:   
    • Role-based access controls and multi-factor authentication  
    • Encrypted data transfer and storage  
    • Audit trails for all access and actions  
    • Incident response and breach notification procedures  
  • Additional assurance: SIA has conducted a security risk assessment and is currently conducting a Control Validation Audit of a sub-set of key NZISM-consistent controls identified during the risk assessment. 

Have you considered privacy implications of people named in the contracts? 

Personal information is removed before any analysis begins. Multiple independent experts (including the Privacy Commissioner) have reviewed the approach.  

What privacy and security measures are in place? 

The SIA has undertaken multiple assessments as part of our cautious and comprehensive approach to privacy, security, and data governance. We have strong controls in place to ensure all information is protected and managed in line with required security standards.

From a data‑governance perspective, the project is designed to share only high‑level contract information between Crown agencies such as contract details, value, and service information ensuring that all data handling remains fully compliant with government policies and expectations.

Collectively, these measures demonstrate that the SIA has thoroughly considered and addressed all privacy, data‑governance, and security requirements. We’ve taken extra steps than is standard to ensure the data is safe and secure. In light of recent events, we’re working through a process to ensure even more measures are in place. We expect this work to commence towards the end of February, however, if we need to take more time to ensure the privacy and security of the information, we will do so. 

Are you assessing individual providers? 

No. This work is about understanding government's own contracting patterns, not evaluating individual providers. We're analysing contracts that government agencies already hold to understand the whole picture and deliver insights that could lead to improvements.  

Will this information be used to cut funding? 

This work is about understanding how government contracts for social services, not making individual funding decisions. Agencies will continue to make their own funding decisions based on their priorities and budget.  

Were providers consulted? 

Government agencies are uploading contracts they already hold. This doesn't change provider obligations or require additional work from providers. Providers may be consulted with by individual agencies in some cases.  

Will providers have the opportunity to verify information for accuracy before it will be used for cross agency analysis? 

SIA will not be engaging with providers to verify the information extracted from contracts before it is used for analysis. However, it is important to us that this information is verified by agencies. Any information extracted and represented in dashboards or insights will be validated with representatives from each of the agencies participating. This process will provide the opportunity for agencies to identify any potential issues and ensure these are reviewed and amended prior to any analysis.     

Will this work increase reporting requirements? 

No, there will no new reporting requirements for providers as a result of this work. Providers won't be asked to submit anything as part of this project.  

Where is the data stored and where is it processed? 

The proposed solution hosts data in both New Zealand and Microsoft Azure's Australian data centre with enterprise-grade security. This is the same infrastructure that protects sensitive data for governments and major corporations worldwide. 

Is this connected to the Social Investment Fund?  

This is different from the Social Investment Fund Pathway Two that looks at contract consolidation 

Does this work duplicate work happening between Oranga Tamariki and SIA?  

This project is separate from the work SIA is doing with Oranga Tamariki that some providers may be aware of.  

Will the AI LLMs learn from my data? 

No. The AI models used in the proposed solution will operate under a commercial agreement that ensures your data is not used to train or improve the model. 

What is the definition of "all contracts", is there a differentiation between contracts and funding of one off grants?  

The contracts in scope for upload are all social service contracts with third party social service providers active between 1 July 2023 and 30 December 2025.  This will include grants, sponsorship, payment for services or otherwise. Research grants and capability contracts are not in scope.  

How is personal information protected? 

With the proposed solution, a targeted personal information detection process is run across all contracts. Any detected personal information is reviewed, and where appropriate, documents containing personal information are redacted in accordance with information protection protocols. Unredacted documents containing the personal information are removed, leaving only the redacted copy for onward analysis. 

What if I have questions or concerns?  

Contact your relationship manager at the agency/agencies you work with in the first instance. If there are more technical questions, related to this work, they may pass your query onto SIA.  

What happens next?  

Agencies are expected to begin loading contracts into the system in late February, once SIA has provided the additional assurances detailed above. We expect analysis will be complete by June 2026. After that, Social Investment Fund Ministers will decide whether the analysis is shared more widely.