The electronic security tender was awarded in October, triggering complaints by local firms to the security association. Photo: RNZ
Oranga Tamariki is facing complaints from local businesses it is not playing fair over a new security contract for youth justice facilities and care and protection homes.
The ministry is putting in new electronic and CCTV security controls its residences.
The New Zealand Security Association has written to the ministry twice, complaining the frontrunner to get the job "does not appear to hold a security licence", even though the law demands it.
The "preferred vendor" is understood to be the NTT multinational, which the ministry said had complied with the law, including by having a subcontractor that was licensed "at the time" of the tender.
The ministry said: "We are in the final stages of this process and are unable to discuss details due to commercial sensitivities.
"Oranga Tamariki is undertaking a thorough due diligence process to ensure compliance with all relevant security requirements."
RNZ has not had a response from NTT.
The ministry pushed back in a four-page letter last month against the security association's complaints, which included the claim OT had unfairly shut out local bidders.
The ministry told RNZ Oranga Tamariki had "run a robust procurement process".
'Poorly prepared'
The ministry's assertion about "robust" IT procurement contrasted with last week's report from the Auditor-General, who found longstanding serious flaws in the procurement of services to help children, worth half a billion dollars a year.
The Auditor-General looked into how the ministry slashed many contracts with non-governmental organisations (NGOs) last year, finding poor planning and decision-making - and that the ministry had known for years its procurement and contract management for social services had problems.
It was then [https://www.rnz.co.nz/news/national/561208/divine-connection-the-secret-marriage-that-helped-a-couple-defraud-oranga-tamariki-out-of-2m revealed on Friday that a property manager who worked in the ministry and her husband kept their marriage secret to defraud OT of $2m in 2021-22.
Oranga Tamariki acting chief technology officer Damian Woodhouse said the procurement of IT services was handled by a "completely different department" to the one handling the procurement and management of contracts for social work and intervention services.
"Oranga Tamariki is satisfied its procurement of IT services is proficient," Woodhouse said in a statement.
The electronic security tender was awarded in October, triggering complaints by local firms to the security association.
It questioned the shift to store the data from the new system - such as CCTV footage - offshore in cloud servers.
It has also asked for due diligence around the role in the new system of California security camera firm Verkada, noting regulatory action against it.
Hackers breached Verkada in 2021 and got into more than 150,000 live camera feeds.
The US Federal Trade Commission (FTC) went after Verkada last year, and reached a settlement.
"There was no fine imposed related to the security incident, but we did agree to pay $2.95 million (NZ$5m) to resolve the FTC's claims about our past email marketing practices," Verkada told RNZ in a statement.
It "continues to prioritise strengthening its data security posture", it said.
'Very surprising'
The security association's other complaint was that an initial tender document led local bidders to believe they were required to offer a solution that would fit with OT's existing systems from New Zealand company Gallagher Electronic.
It was "very surprising" when this turned out not to be the case, wrote chief executive Gary Morrison.
The ministry defended itself in a four-page letter in April.
Its tender had insisted on a "cloud-first approach" in a "zero-trust network environment", but did not say the solution must integrate with Gallagher, it said.
Morrison said the letter had only raised yet more questions, and said last week that he was still waiting for an answer to those.
The Children's Ministry's systems are in question in various ways.
Its poor privacy controls allowed mass egregious breaches of people's personal information, with changes to try to improve that since last year.
It was forced to continue its reliance on old and "brittle" information systems for at least a year longer than it should when a key IT project was delayed recently.
The poor procurement of social work and intervention contracts revealed last week, prompted the Taxpayers' Union lobby group to call for accountability. "Despite years of warnings, the agency has refused to fix fundamental weaknesses in how it contracts with service providers," it said.
Separately, after the $2m con was revealed, the ministry said it had acted when concerns were raised in 2022.
"It has strengthened internal control measures to harden the organisation against fraud, increased training in fraud awareness, and improved corporate policies, systems, and procedures," it said.
Also last week, and pre-Budget, the government announced a new $190m Social Investment Fund was being set up to change how many social services are delivered.
