SW03310 - Using Shared Workspace: Controlling Access to Information

Information within Shared Workspace must be protected to ensure that only members with a specific business need and the appropriate authority are able to access the information.

Access to Information is controlled as follows:

1. Registration and Enrolment

• • HMRC users must be allocated the service before gaining access to the service SW05210.
  • SW05230.

1. Approval to become a member of a Room

• • HMRC Business Authorising Officers are responsible for authorising the addition of all HMRC Members SW04225 and Customer Members to a Room SW04235.
    

1. Assigning Roles

• • When a member is added to a Room SW05410 they are assigned a Role SW05610 which controls which areas and information they have access to within a Room.
    

1. Access controls

• • Shared Workspace is accredited by the Department to hold information that is marked up to and including restricted SW03150. Information marked confidential and above must not be included.
    

• • When a member adds information to a Room they are responsible for considering and setting Access Controls SW07410 to ensure only appropriate people are able to access it.
    

1. Room Type

• • Rooms are created for either HMRC Only use SW06140 or for Customer use SW06150. Customer members can never have access to an HMRC Only Room.
    

1. Room Banners

• • Particular care over access controls must be taken by HMRC members when adding information to a Customer Room. To act as a visual reminder to HMRC members of the type of Room they are working in, different coloured banners are used.