Thread: 24 June 2023

Originally Posted by T.FOYE

Sorry if I'm repeating anyone's question here, but what the hell is an "Arms item"????

Is a Beretta hat one of these? A reloading die? Where is the line I wonder. I couldn't find a definition on their strangely developed website (that looks copy/pasted from some other unfortunate country)

In the case of the registration part, only, it is a different definition.
An arm item in that case is the main part of the firearm with its serial number. As talked to with Nicolas Taylor the barrister last week.

Originally Posted by No.3

Done ISO a few times in the past, wow is all I can say. The accreditation process for some companies is akin to watching a blockbuster movie, and they keep it up for about as long once a year. It's a bit of a waffle and does in no way make your product or service fit for purpose. The company culture and leadership (with a helping of shareholder and financial performance) is the main thing that dictates the performance on the road.

From memory the company in question has done multiple ISOs, IRAP, and a few others. There are all good indicators of good security practices. And if Police follow standard procedures there will be pen testing and a C&A memo written to highlight any outstanding risks and remediation's required before the website goes live. Culture and leadership mean jack shit when it comes to information security.

https://www.firearmssafetyauthority....earms-registry

Says at the link what a major part is.

Originally Posted by vulcannz

From memory the company in question has done multiple ISOs, IRAP, and a few others. There are all good indicators of good security practices. And if Police follow standard procedures there will be pen testing and a C&A memo written to highlight any outstanding risks and remediation's required before the website goes live. Culture and leadership mean jack shit when it comes to information security.

You are correct about culture and leadership meaning jack shit regarding info security, but that is a two-sided coin. Poor culture and leadership allow people to breach any system regardless of intent and design. That's largely what happened in the recent leak of the documents from the US from what we can see on reporting, the person that did it was reported to have been pulled up multiple times about the practices of document security but it was never followed up by the people that should have. That is the weak link in any system...

Originally Posted by hakka_ranger

Just hope we won't see the "firearm registry leaked!" headline news someday. This privacy leak would potentially give the law biding owners' location to the crims.

Whoever came up with this registry idea should bear that responsibility if it happened.

Yes, all those involved in this registry need to be accountable for any and all leaks and breaches. Years ago while having his gun safe inspected, a general manager I worked with was told by the OA a cop in Wellington had recently been caught selling FAL details to gang members. Sounds like FAL details and registry data is only as safe as those who hold this data are honest?