New Zealand
Policy management software for New Zealand organisations
Keep pace with New Zealand’s dynamic regulatory environment — Privacy Act 2020, HSWA, Employment Relations Act and more. Automated, evidenced, and fully inside Microsoft 365.
- Runs natively inside Microsoft 365, SharePoint & Teams — your data never leaves your tenant
- WorkSafe NZ, OPC & FMA aligned workflows
- Live in 2–4 weeks
- Multi-site ready
- Continuously audit-ready
How prepared is your organisation for New Zealand compliance?
WorkSafe NZ, the Privacy Commissioner, the FMA, and the Employment Relations Authority are well-resourced and increasingly active in enforcement. Ask yourself:
Not sure where your gaps are?
Take our free 5-minute compliance risk audit. Get an instant risk score, gap analysis, and sector-specific recommendations — no sign-up required.
Key New Zealand regulations affecting your policy obligations.
New Zealand’s regulatory environment is dynamic, well-enforced, and increasingly aligned with international best practice. Click each regulation to understand your obligations.
Privacy Privacy Act 2020
Strengthened privacy obligations and mandatory breach notification
New Zealand’s Privacy Act 2020 replaced the 1993 Act with a significantly updated framework, aligning closely with international standards including the GDPR. It places clear obligations on how organisations collect, use, store, and share personal information.
- All agencies must have clear, documented, and current privacy policies that reflect actual practice
- Mandatory data breach notification — notify the Privacy Commissioner and affected individuals of serious harm breaches
- Privacy policies must be communicated to relevant staff with evidence of that communication
- The Office of the Privacy Commissioner has broad investigation and enforcement powers, including compliance notices and prosecution referrals
Health & Safety Health & Safety at Work Act 2015 (HSWA)
Primary duty of care and officer due diligence obligations
The HSWA is one of the most significant pieces of workplace legislation in New Zealand’s recent history, placing strong obligations on PCBUs, officers, and workers to actively manage health and safety.
- Every PCBU has a primary duty to ensure worker health and safety — requiring documented, current, and communicated policies
- Officers have a personal due diligence duty — including ensuring appropriate information management practices
- Workers must be informed of, trained on, and acknowledge relevant WHS policies
- WorkSafe NZ expects policies to be actively implemented, reviewed, and enforced — not just documented
- Non-compliance: infringement notices, significant fines, or prosecution
Employment Employment Relations Act 2000
Good faith obligations and employment policy documentation
New Zealand’s employment relations framework creates substantial obligations for employers to document, communicate, and consistently apply employment policies.
- Employers must maintain up-to-date policies on disciplinary procedures, leave entitlements, and workplace expectations
- The duty of good faith requires employers to keep employees informed of policies that affect them
- Employers must retain evidence of employment documentation and policy acknowledgements
- The Employment Relations Authority can scrutinise whether employers met documentation and communication obligations during disputes
Whistleblower Protected Disclosures (Protection of Whistleblowers) Act 2022
Strengthened whistleblower protections and accessible disclosure procedures
New Zealand’s Protected Disclosures Act 2022 significantly strengthened protections for employees and others who report serious wrongdoing.
- Public sector organisations must have accessible, documented internal procedures for protected disclosures
- Best practice for all significant employers — clear whistleblowing policies with how to disclose, what protections apply, and how the organisation will respond
- Whistleblowing procedures must be effectively communicated to all staff
- Retaliation against whistleblowers is unlawful — organisations must evidence preventive measures
Financial Financial Markets Conduct Act 2013 (FMCA)
Governance and compliance obligations for financial services organisations
For financial service providers, fund managers, insurers, and other regulated entities, the FMCA and FMA guidance create specific governance, disclosure, and compliance management obligations.
- Licensed entities must have compliance frameworks, documented internal policies, and systems demonstrating ongoing compliance
- The FMA expects compliance policies to be current, distributed, and actively adhered to
- Directors and senior managers have personal accountability for compliance governance
- The FMA may review compliance documentation at short notice — requiring immediately producible policy records
New Zealand's regulators are well-resourced and increasingly active.
WorkSafe NZ, the Office of the Privacy Commissioner, the FMA, and the Employment Relations Authority all have significant enforcement powers. The consequences of poor policy management are real.
How to meet your New Zealand obligations.
A structured five-step approach — from employee education through to audit-ready evidence that satisfies WorkSafe NZ, the Privacy Commissioner, and the FMA.
Built for New Zealand organisations on Microsoft 365.
Xoralia automates the full policy lifecycle — helping New Zealand organisations distribute policies, track acknowledgements, and maintain the audit evidence that regulators require.
Policy library & Document management
A single, structured, searchable library inside SharePoint. Custom metadata and filtering ensure every employee finds the right, current policy. Automated version control and expiry tracking mean outdated policies are never circulated.
Automated workflows & Approvals
Multi-stage review and approval workflows reflecting your NZ governance requirements. From a simple approval to a complex multi-sign-off framework — Xoralia accommodates it, with escalation for overdue actions.
Targeted distribution & Audience management
Assign policies using Active Directory integration. A HSWA policy for warehouse workers, a privacy policy for customer service staff, an FMCA policy for your investment team — each distributed automatically to exactly the right people.
Employee attestation & Knowledge testing
Every acknowledgement is timestamped and auditable. For safety-critical or regulated roles, built-in knowledge testing verifies comprehension rather than just completion. Manager dashboards show real-time team compliance status.
Audit trail & Compliance reporting
Every policy action logged — creation through to archival. Exportable reports for WorkSafe NZ site visits, Privacy Commissioner inquiries, FMA reviews, and internal audits. Compliance readiness is continuous, not event-driven.
Microsoft 365 native
Runs inside your existing Microsoft 365 environment. Single sign-on through Azure Active Directory. Your data stays within your environment — no new platforms to procure or separate infrastructure to maintain.
Why New Zealand organisations choose Xoralia.
Common questions — New Zealand compliance
Legislative change in Australia continues to reshape compliance requirements. Click each regulation to understand what it means for your policy management obligations.
Which New Zealand regulations does Xoralia support?
Xoralia helps organisations manage obligations under the Privacy Act 2020, Health and Safety at Work Act 2015, Employment Relations Act 2000, Protected Disclosures (Protection of Whistleblowers) Act 2022, and Financial Markets Conduct Act 2013. Xoralia provides the platform infrastructure to manage, distribute, and evidence compliance — it does not provide legal advice.
How does Xoralia support HSWA due diligence obligations?
Xoralia enables you to distribute WHS policies to relevant workers, track and evidence their acknowledgement, schedule regular policy reviews, and maintain a complete audit trail of every policy action — all of which support demonstrable due diligence capability under the HSWA.
Can Xoralia help meet Privacy Act 2020 obligations?
Yes. Xoralia enables organisations to create, version-control, distribute, and evidence acknowledgement of privacy policies and data handling procedures — supporting obligations under the Privacy Act 2020 and demonstrating proactive governance to the Office of the Privacy Commissioner.
How quickly can we implement Xoralia?
Most New Zealand organisations are live within two to four weeks. Our implementation team provides hands-on support throughout the process.
Does Xoralia support multiple New Zealand locations?
Yes. Xoralia supports targeted distribution based on location, role, and department — allowing organisations with offices across New Zealand to manage policies consistently while accommodating any location-specific differences.
Ready to bring order to compliance for your New Zealand organisation?
Automate your policy lifecycle. Evidence every acknowledgement. Stay permanently audit-ready — all inside Microsoft 365.