Guidance

Technical Manual: version 12.4

Updated 5 August 2019

Applies to England and Wales

© Crown copyright 2019

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/technical-manual/technical-manual-version-121

1. Introduction

The Technical Manual forms part of the full Network Access Agreement (NAA). It describes the technical and security aspects of, and requirements for, using any of HM Land Registry’s Business e-services (Information Services, Land Charges Services, electronic Document Registration Service, Network Services and Lender Services).

It is necessary to put these technical details in a separate document from the NAA as they affect other e-services as well as Network Services. Also, by their nature, technical and security aspects and requirements will change from time to time. New ways of using the network will develop. Electronic systems, information technology and security measures will evolve, become obsolete and require updating. HM Land Registry will need to make changes to constantly protect the security of the network. We will also wish to improve the system and provide new e-services. This manual will be updated when necessary to reflect such changes.

HM Land Registry may change the provisions of the Technical Manual at any time. Any changes will be made in accordance with the HM Land Registry Code of Practice for changes to the Network Access Agreement and Technical Manual.

2. Systems requirements

2.1 Minimum standard of electronic equipment

E-conveyancing services provided by HM Land Registry require an internet connection. Broadband is recommended.

2.1.1 HM Land Registry portal

If you’ve registered for Business e-services, you can gain access to e-conveyancing services through the HM Land Registry portal. These services are delivered through an internet browser which must be configured to accept cookies from HM Land Registry systems. For administrators’ security tokens there are no additional system requirements.

HM Land Registry follows government guidance on standards and supports the latest versions of the following internet browsers:

  • Microsoft Edge
  • Mozilla FireFox
  • Google Chrome
  • Apple Safari

2.1.2 Business Gateway

Customers who use a case management system may also be able to gain access to e-conveyancing services through Business Gateway (an XML interface that links case management systems to our services).

HM Land Registry Business Gateway uses a certificate-based mutual Secure Socket Layer (SSL) connection. Please contact your case management system (CMS) provider to find out if this service is available to you. If your CMS provider does offer this service and you wish to use it, your responsible person must apply for the necessary technical connections to be made. For more information, please contact Customer Support.

2.2 System security

2.2.1 System/internet

All users of the network should maintain up-to-date system patches, security updates, anti-virus software and other countermeasures to protect their systems.

2.2.2 Information systems acquisition, development and maintenance

This subsection deals with development and deployment of new systems by you, the subscriber, that may interact with HM Land Registry systems.

Any software that could interact with HM Land Registry systems should be thoroughly tested and you must have your own testing procedures and policies in place and apply them rigorously.

Some free/beta programs can contain bugs or viruses, which could pose a threat to HM Land Registry systems. Applications and operating system software should only be implemented in operational systems after extensive and successful testing.

Testing should be done in a secure environment with non-sensitive data. Access to system files and program source code should be controlled.

3. Subscriber security

3.1 General guidance

This section deals with security within your workplace. For information about HM Land Registry security see HM Land Registry security, which contains requirements relating to passwords, and Administrator duties, which contains details of the additional security requirements applicable to administrators.

Annex A: authentication security also gives some background information about additional security adopted by HM Land Registry to protect the network.

Due to the wide range of system configurations connected to the network, HM Land Registry cannot be prescriptive about procedures and standards that would minimise the possibility of unauthorised access, fraud and forgery.

Although there are general guidelines for keeping business IT secure here, more detailed guidance can be obtained from:

  • the UK government sponsored Get Safe Online website
  • commercial providers of security expertise
  • the BS ISO/IEC 27001:2013 Security techniques: Information security management systems and the complementary standard BS ISO/IEC 27002:2013 Information Technology Code of Practice for Information Security Management can be obtained through the British Standards Institute
  • the Law Society has issued a practice note: Information security guidelines for solicitors

3.2 Security policy

You should have an information security policy document, approved by your senior management and reviewed at least annually. It should be published and all your staff made fully aware of it. It should include policies and procedures on the following matters.

3.3 Physical and environmental security

Ensure that your workplace is secure to prevent unauthorised access.

  • physical security to protect IT assets must be appropriate to the risk and access to sensitive areas (eg servers) should be restricted
  • staff should be clear about their organisation’s security policies and HM Land Registry practices for system access
  • users should lock their computer when leaving it unattended and must never share passwords, tokens and other security measures
  • security tokens must be kept in a secure place when active but not in use

In each case, training should include an overview of the reasons why information security is important, including coverage of the threats and risks, eg viruses, hackers, fraudsters and protection of information assets.

3.4 Responsible person

In your application for Business e-services, you will be asked to nominate a responsible person (RP) in your organisation. You may also nominate as many deputy responsible persons as you need for your organisation. A deputy responsible person (DRP) can cover for the RP when they are not available. They can also be responsible for a particular part of, or group within, your organisation according to your needs. HM Land Registry will create the account for the RP and for the DRP and will provide them with a user ID and temporary password.

HM Land Registry has created the roles of RP and DRP in relation to Business e-services to help organisations and conveyancers to manage their users with the proper supervision of their practices, as required (in the case of conveyancers) by their regulators, by statute (the Legal Services Act 2007, Part 3 and Part 5), and by the NAA.

The RP and DRP will have access to an online HM Land Registry report, which will list actions taken by the administrator. They should not, therefore, normally be the same person as the administrator. It is expected that the RP and DRP will be a solicitor, licensed conveyancer or manager (whereas the administrator may not be legally qualified, but may instead be an IT officer). HM Land Registry recognises that each organisation will have its own arrangements for supervision as appropriate.

The subscriber should establish a procedure for authorising the administrator to perform the tasks that the administrator is permitted to do, such as setting up user accounts and updating user accounts. That may mean that such instructions or authority should come only from the RP and DRP. Alternatively, if someone other than the RP and DRP supervises the administrator, they should be aware of the procedures and policies that are in place.

To facilitate supervision of the use of Business e-services, and to reduce the risk of fraud or misuse, HM Land Registry will record details in the report each time the administrator:

  • creates a user account
  • suspends a user account
  • restores (‘unsuspends’) a user account
  • deletes a user account
  • updates the business role associated with a user account
  • resets a user account

This report will allow the RP and DRP to check that the administrator is acting under proper instructions, and giving access to Business e-services only to authorised persons, at the appropriate level.

The report of each day’s actions by the administrator will be available for up to one calendar month. After one calendar month, that day’s activities will drop off the report. The RP or DRP should, therefore, view the report regularly, and will be able to download or print it as required. Only an RP and DRP will be able to view these reports, see Role based access control (RBAC).

If your organisation has more than one administrator, only the responsible person can allocate or reallocate particular administrators to a specific DRP. This will assist larger organisations that operate with distinct groups, where one person cannot reasonably be responsible for the administrators of all the groups.

The RP and DRP can set the desired parameters for viewing the reports, for instance by date or by administrator. They will also be able to see details of actions taken by the RP and DRP, and search and check all user accounts associated with their HM Land Registry Business e-services account.

In addition, the RP and DRP will be responsible for:

The RP and DRP will also be able to:

  • view variable direct debit (VDD) statement information
  • view services requested today
  • view messages within the message area

We advise you to check the Technical Manual online from time to time for any updates on the responsibilities of the administrator and the role of the RP and DRP.

3.5 Human resources security

It is the subscriber’s responsibility to ensure that employees, contractors and third-party users understand their responsibilities and are suitable for the roles allocated to them. This will reduce the risk of misuse of facilities. You should further ensure that they are aware of information security threats and concerns, their responsibilities and liabilities. See Role based access control (RBAC) to help you decide what level of access each user in your organisation should be given.

3.6 Communications and operations management

Compliance with procedures should be enforced with auditing, which could involve checking computer logs. Management procedures and responsibilities for these processes should be established.

3.7 Access control

Ensure only authorised staff have access to HM Land Registry services.

Access control rules should be supported by formal procedures and clearly defined responsibilities. See Role based access control (RBAC). This should cover access to:

  • Information Services
  • Land Charges Services
  • electronic Document Registration Service
  • Network Services
  • Lender Services

It should also include a formal process for adding and removing access rights for staff. If mobile working or working from home is being used, security processes will need to be in place to ensure secure access.

When employees, contractors and third-party users leave an organisation, or change employment, the subscriber must instruct the administrator to terminate their access to Business e-services. This must be done immediately.

3.8 Information security incident management

Security incidents should be recorded, such as uncontrolled system changes, human errors, non-compliance with policies or guidelines, loss of service, or facilities and system malfunctions or overloads.

Any access violations, loss of equipment, breaches of physical security or theft that could affect HM Land Registry should be reported to HM Land Registry. This should be done as quickly as possible through the administrator, the responsible person or a deputy responsible person.

If the administrator or the responsible person/deputy responsible person thinks that the violation could affect the HM Land Registry Business e-services adversely, they should contact Customer Support.

Staff should be made aware of the procedures for reporting the different types of incident that might have an impact on security.

4. Administrator duties

4.1 Creation of administrator accounts for a subscriber

The role of an administrator is to administer system access for the individual users within each subscriber. Administrators will also be provided with permissions that enable them to manage the account of the subscriber. The subscriber must, therefore, provide the administrator with the appropriate instructions and authority to carry out this role.

When applying for Business e-services, subscribers must supply details of at least one individual who is capable of carrying out the duties associated with the administrator role. HM Land Registry will create the account for the administrator and will provide them with a user ID, temporary password and a security token. A security token is required to authenticate at a higher level to access the HM Land Registry system, details of this process can be found in subsections 4.2 to 4.5 below. Online training and guidance modules for administrators are available on the HM Land Registry website.

It is the responsibility of the subscriber to plan its own business contingencies to cover the situation where its administrator is unavailable. It is, therefore, important that each subscriber appoints a sufficient number of administrators. On application, each subscriber will need to appoint a primary administrator who will act as the main point of contact for HM Land Registry queries. If only one administrator is requested they will be appointed as the primary administrator by default.

4.2 Security tokens

The Entrust IdentityGuard Mini Token is a high-quality, one-time password (OTP) device designed to help provide strong, versatile authentication to enterprises, governments and consumers. The security token provides an additional level of security, over and above the administrator’s user ID and password. A different unique PIN number is generated by the token each time the administrator presses the button (hence “one time”). For a limited period of time, that PIN number is synchronised with the PIN number for that token in HM Land Registry’s credential database in its hardware security module.

When administrators attempt to log on to Business e-services via the portal, they are prompted to enter the PIN number generated by the token. If the entered PIN number is correct they are granted access to the system. The token is durable against normal wear and tear with an expected battery life between 6 and 8 years.

No additional software needs to be installed to support the use of one-time password tokens.

4.3 Token renewal and protection

Administrators will receive their security tokens as part of the process when their organisation signs up for the HM Land Registry service. Additional tokens for deputy administrators can be requested from HM Land Registry as required.

Security tokens should be considered as valuable assets and stored securely. They should be treated similarly to bankcards. Administrators:

  • must not share their token and must prevent others from using it
  • should not leave the token unattended at any time
  • should return the token when requested to do so by HM Land Registry
  • must notify HM Land Registry if the token has been lost

4.4 Access to administrator services

In order to access the services that the administrator requires, he or she will need to follow authentication processes when they log in to the HM Land Registry system. First-time access to administrator services will be granted as follows.

4.5 Administrator authentication

  1. Administrator enters their username and temporary password
  2. Administrator is prompted to change their password
  3. Administrator changes their password
  4. Administrator is required to create shared secrets for their account
  5. Administrator is prompted to enter their token number
  6. Administrator presses the button on their security token and enters their token (PIN) number displayed on the token
  7. Administrator is provided with menu of administrator services

Subsequent access to administrator services will be granted as follows.

  1. Administrator enters their username and password
  2. Administrator is prompted to enter their token number
  3. Administrator enters their token number shown on the OTP token
  4. Administrator is provided with menu of administrator services

4.6 Services available to the administrator

When the administrator accesses the system, the available services will be displayed on a menu. The available services are listed in subsections 4.6.1 and 4.6.2, and in our guidance How to use portal.

4.6.1 Managing subscriber account

The administrator will be responsible for managing the subscriber account. All administration will be conducted via the portal (it cannot be done through HM Land Registry Business Gateway). The services available to the administrator for the management of subscriber accounts include:

  • find subscriber account
  • view subscriber account
  • update subscriber account details
  • create group
  • update group
  • delete group

4.6.2 Managing user accounts

The services that allow the administrator to manage the accounts of individual users include:

  • create user account
  • find user account
  • view user account
  • update user account
    • change role
    • change group
    • change address
    • contact details (telephone number, email address)
    • VDD account key number
  • suspend user account
  • restore (‘unsuspend’) user account
  • delete user account
  • reset user account

The name of a user cannot be changed. An administrator should create a new user account in the new name and delete the one in the ‘old’ name. PDF Downloads for the deleted account will be available from the Business Unit downloads or another user’s downloads.

4.7 Subsequent changes to administrator accounts

The procedure for making changes to administrator accounts is the same whether an account is being reset, suspended, restored or deleted. All changes must be requested by the responsible person or deputy responsible persons within the subscriber organisation.

The requests can be made online when the responsible person (RP) or deputy responsible person (DRP) is logged in to the system. Alternatively, requests can be made on headed paper, signed by the responsible person or deputy responsible person and sent to Customer Support. On receipt, HM Land Registry will check the provenance of the request and, if satisfied, will make the necessary change.

An RP or DRP can apply for administrator accounts. Application should be made using form AFS4a.

Only the responsible person can:

  • request that the primary administrator is changed to another administrator
  • allocate or reallocate administrators to a specific DRP

5. Role-based access control (RBAC)

Role-based access control (RBAC) provides an efficient mechanism for allowing the subscriber and HM Land Registry to provide each user with access to a set of services appropriate to their work and experience. The administrator, responsible person and deputy responsible person roles will be set up and managed by HM Land Registry. In the case of other users, it will be the responsibility of the subscriber to allocate one of a number of predefined roles to each user and to instruct the administrator accordingly, so that they can create an appropriate account for that user. The allocated role will dictate the services that the user has permission to access when they log on and can only be changed by an administrator.

The roles created are provided for the benefit of subscribers to assist them in fulfilling their obligations under their regulatory Codes of Conduct, and the Legal Services Act 2007.

They are designed to assist subscribers in ensuring that their users are given access to the HM Land Registry Business e-services at a level commensurate with their ability, experience and qualifications, and so that their work can be properly supervised by a qualified conveyancer if necessary.

The following section is a list of the current roles that a subscriber can allocate to its users, that is to say, all members of staff within the firm who require access to Business e-services. As the services made available via the HM Land Registry portal increase, so too will the number of roles available.

5.1 Administrative roles for all Business e-services customers

Business Unit Administrator (BUA) – an administrator who can create and update users (see Administrator duties above).

Responsible person (RP) – a person who can access to reports documenting the activities of any DRPs and all administrators, and access to all VDD account reports for VDD accounts used to pay for e-services. They can also allocate responsibility for the management of administrators to DRPs and change the primary administrator (see Responsible person above).

Deputy responsible person (DRP) – a person who can access reports documenting the activities of the responsible person, any deputy responsible persons and all administrators, and access to all or designated VDD account reports for VDD accounts used to pay for e-services. They can also allocate responsibility for the management of administrators to the responsible person or another deputy responsible person (see Responsible person above).

Financial administrator (F1) – a person who can access online VDD account reports for all or designated VDD accounts used to pay fees for e-services.

5.2 Authorised user roles available for all Business e-services customers who certify their agreement to the Conditions of Use

  • General Access (Z1) – access to Information Services only (preliminary services such as register view, official copies, official searches, land charges services)
  • General Access and eDRS (Z2) – access to Information Services and the electronic Document Registration Service

The following roles are available for organisations who can also access services through Business Gateway and are subject to Conditions of Use and Register Extract Service Terms and Conditions.

  • General Access and Register Extract (WM2) – access to Information Services and the Register Extract Service (allowing an organisation to have register data files imported into their Case Management System)
  • General Access, Register Extract and eDRS (WM5) – access to Information Services, the electronic Document Registration Service and the Register Extract Service

The following role is available for organisations who can also access services through Business Gateway and are subject to Conditions of Use and Online Ownership Verification Service Terms and Conditions.

  • General Access and Verification Services (VS1) – access to Information Services and the Online Ownership Verification Service

The following role is available for organisations who can also access services through Business Gateway and are subject to Conditions of Use, Register Extract Service Terms and Conditions and Online Ownership Verification Service Terms and Conditions.

  • General Access, Register Extract and Verification Services (VS2) – access to Information Services, the Register Extract Service and Online Ownership Verification Service

5.3 Additional roles and associated privileges for conveyancers who have also signed a Network Access Agreement

  • eConveyancer, Edit and Submit and e-DRS (C4) – access to Information Services, the electronic Document Registration Service and Network Services

The following role is also available for organisations who can also access services through Business Gateway and are subject to the Network Access Agreement and Register Extract Service Terms and Conditions.

  • eConveyancer, Edit and Submit, Register Extract and e-DRS (WM1) – access to Information Services, the Register Extract Service, the electronic Document Registration Service and Network Services

5.4 Additional roles for lenders or their agents under a Memorandum of Understanding

Customers with one of the three lender arrangements can give users one of the roles listed under them.

  • Lender with e-DS1 (L1) for lenders with a Memorandum of Understanding to discharge charges using e-DS1s – access to Information Services and e-DS1
  • Lender with EDs (L2) for lenders with an agreement with HM Land Registry to discharge charges by means of EDs – access to Information Services and EDs
  • Lender with e-DS1 and EDs (L3) for lenders discharging charges by means of both e-DS1s and EDs – access to information Services, e-DS1 and EDs

Find a Property role

PSU – Find a Property services only. This service is subject to registration of an account and the Find a Property terms and conditions.

Whatever access level a person has, if they are using services that are available under the Portal Conditions of Use or Business Gateway Conditions of Use, those Conditions of Use will apply. If the services are available only in Network Services, the Network Access Agreement will apply.

6. Digital mortgage service

6.1 General conditions

HM Land Registry’s digital mortgage service allows a mortgage deed to be created, signed, completed and registered entirely online. The service is initially for use only for existing registered proprietors, not for new buyers. The conditions are set out in the notice issued by the registrar under rule 54C of the Land Registration Rules 2003. Briefly—

a) The lender must be a member of a counter-fraud network or organisation that has been notified to, and approved by, HM Land Registry.

b) A digital mortgage may only be granted where it charges the whole of the registered estate in a single registered title.

c) A digital mortgage cannot be granted by a body corporate, whether it is the borrower or a joint borrower.

d) The digital mortgage must, at the points it is created and made effective, be intended by the parties to be—

i. a re-mortgage of a property where there is an existing charge that will be discharged as part of the same transaction, and

ii. a first charge, not a second or subsequent charge.

e) The borrower(s) must be the registered proprietor(s) of the registered estate when the digital mortgage is created and authenticated.

6.2 Creation of the digital mortgage

A lender and HM Land Registry must first agree the template for their digital mortgage. The template uses GOV.UK Digital Service Standards, based on user needs and user research. It combines the need for simplicity for the borrower with the legal needs of the lender, and is in an accessible format. The essential parts of the mortgage are common to all digital mortgage templates, but the lender can add their own additional information if they wish to, for example to confirm the edition of the mortgage terms and conditions.

Once agreed, the digital mortgage will have an eMD reference to identify it. The data for creating the lender’s digital mortgage then sits in HM Land Registry’s system, and the template will be created when the eMD reference is used.

The purely clerical functions of infilling the blanks in a prior-approved digital mortgage template and sending a link to the borrowers to access the “Sign my mortgage deed” service can be done by someone without a Network Access Agreement. This means that the initial step of creating the digital mortgage can be done by either a conveyancer or a mortgage intermediary.

A conveyancer or mortgage intermediary who wishes to use the digital mortgage service must—

a) use HM Land Registry’s Business Gateway,

b) integrate and use the Digital Mortgage Application Programming Interface (API) into their IT systems, and

c) be a lender which has, or be instructed by a lender to act for them using, a digital mortgage which has an eMD reference,

to be able to interact with the digital mortgage.

If you use a case management system to access Business Gateway, rather than a direct link, the case management system must be enabled to use the digital mortgage API.

The system will require the conveyancer or intermediary to input the following information about the borrower(s)—

  • full names as entered in the register of title
  • address(es) for service
  • date(s) of birth
  • mobile phone number(s) (a separate number is required for each borrower).

Any discrepancy between the name of a borrower in the register and their name in the mortgage instructions must be resolved before the digital mortgage is created (for instance where a person has changed their name on marriage, or a middle name is missing). The digital mortgage can only be created where the names of the borrowers match those on the register.

6.3 Identity assurance by a conveyancer

Before the digital mortgage can be electronically signed by the borrowers, a conveyancer must confirm that they have carried out identity assurance checks on the borrower in accordance with their statutory and regulatory duties. This can only be done by a conveyancer who is a person authorised to carry out reserved instrument activities for the purposes of the Legal Services Act 2007.

6.4 Access by borrowers

The digital mortgage service provides access for borrowers to view their digital mortgage deed and sign it with a digital signature. Once the digital mortgage is created, a link and reference number is provided for the conveyancer to give to the borrower so they can enter the service.

Once in the service, the borrower must go through the GOV.UK One Login identity assurance process, which is a secure way to prove identity for access to government services.

If the borrower successfully confirms their identity through One Login they will be allocated a digital signature which includes a digital certificate from HM Land Registry confirming the identity of the signer. The borrower can then view the mortgage document and request the confirmation code that enables them to digitally sign the deed. The confirmation code is sent to them by means of a text message to their mobile phone. The confirmation code allows the digital signature to be applied. The signing takes place within a secure HM Land Registry Hardware Security Module.

A digital signature does not need to be witnessed, but it must be certified (section 91 Land Registration Act 2002). The identity assurance process and the digital certificate take the place of witnessing. They effectively provide a form of notarial service in the online environment. The certificate included with the signature gives assurance to anyone relying on the signature, in accordance with section 91 of the Land Registration Act 2002 and the eIDAS Regulation – EU Regulation 910/2014 on electronic identification and trust services for electronic transactions. The EU Regulation is directly applicable in the UK so long as we remain in the EU, and will be incorporated into UK law when we leave, by section 3 of the European Union (Withdrawal) Act 2018. HM Land Registry is the trust service provider for the purposes of the eIDAS Regulation, providing an advanced electronic signature.

6.5 Nature of the digital signature

Electronic signing technology is a set of technologies that provide functions to use cryptographic keys and certificates to create advanced electronic signatures. These keys and certificates are sometimes referred to as Public Key Infrastructure (PKI).

HM Land Registry as a Certificate Authority provides cryptographic keys and digital trust certificates for advanced electronic signatures.

Online signing relies on being able to trust that the person applying the e-signature is the person entitled to sign the document. Trust certificates provide a hierarchy of trust for people who certify identities. Their use introduces a form of notarial system into the online environment. The trust certificate issued with an e-signature certifies the identity of the signer.

The technology to create and validate e-signatures, in the form of private keys and public keys, are part of the digital trust certificate. The private key is unique to and controlled by the signer. When used to sign a digital document, it creates a data string using mathematical algorithms, called a “hash”, from all the data contained in the e-document.

The hash is sometimes compared to a fingerprint. It represents the entire data of the document, but it is a standard length digital string that is attached to the document as the signature.

No two private keys will produce the same data string. The signature is unique to the document and unique to the signer. The public key issued with the digital signature is uniquely linked to the private key, and uses algorithms to decrypt the hash. Because the value of the hash is unique for each document, any tampering or corruption of the document will be detectable.

More detail about HM Land Registry’s digital signature and trust service can be found in the Certificate Policy, Certification Statement, and Public Key Infrastructure disclosure statement on our website. Some more detail about PKI is in Annex A.

6.6 Completing and registering a digital mortgage

When all the borrowers have signed the digital mortgage, and all the conveyancer’s and lender’s preparations are ready, a nominated conveyancer uses the service to make the digital mortgage effective (completion). After completion, the conveyancer can either apply for registration immediately, or do so later.

Completion (making effective) and registration can only be carried out by a conveyancer (see Glossary for definition). The conveyancer must—

(a) have a current full network access agreement,

(b) integrate and use the API built by HM Land Registry for the purpose of creating and registering digital mortgages, and

(c) be the lender, or be nominated by the lender or its agent as the specified person who will make the digital mortgage effective.

An application to register the digital mortgage is made through the eDocument Registration Service system by the conveyancer. A digital mortgage will appear in the register in exactly the same way as a legal charge created and lodged in paper form.

7. HM Land Registry security

HM Land Registry security is based upon user certificates and provides appropriate user authentication and role based access control. For more information, please see:

7.1 Description of security measures

The method of user authentication required for system access is based on the level of access required. HM Land Registry uses a variety of mechanisms to secure its systems.

7.1.1 User ID and password

When an administrator creates an account for a new user, the system generates a user ID (also known as a username) and a temporary password. The temporary password is used on initial login, then the user is asked to create a new password of their own choosing within permitted rules after successfully logging in. This single sign-on will allow access to the services associated with the authorised user’s role (referred to in Section 5).

If a responsible person, deputy responsible person or administrator also needs an authorised user role, an administrator must set up an additional account for them. For example, if a responsible person or administrator within a firm is also an authorised user they will have two separate user IDs and passwords, one for each role.

7.1.2 Password construction

The password should represent an effective balance between strength of security and usability. All passwords must:

  • be a minimum of eight characters
  • be a maximum of 20 characters
  • include a mixture of alpha and numeric characters
  • include at least two numbers
  • not include the characters £, €, , or ¬
  • be case sensitive.

It may also help to remember more complex passwords if users use a password based on a mnemonic pass phrase, eg ‘I like to walk my dog 12 times each day’. By taking the first letter of each word, they would create the password ‘ILTWMD12TED’.

The general password rules are as follows.

  • do not employ any password structure or characteristic that results in a password that is predictable or easily guessed
  • passwords must be kept confidential. They must never be shared or revealed to anyone
  • passwords must not be written down unless they have been effectively concealed in seemingly unrelated characters or by using a coding system. Any written form of password must also be stored in a secure location, such as a locked drawer. Also, the coding system used to conceal the password should not be written down. If the password is lost, or there is suspicion that someone has accessed it, it must be assumed that it has been compromised
  • do not use the same password for different systems, ie never use any HM Land Registry password for personal use, such as internet banking or shopping accounts
  • do not re-use a password that has been used before
  • passwords will not expire automatically, but may be changed at any time
  • passwords must be changed immediately if compromise is suspected or known.

7.1.3 Shared secrets

Shared secrets are commonly used by businesses for providing access to confidential information. A shared secret is something known only to the user and the system that they are interacting with. In the case of the HM Land Registry portal, following the first successful log in by a user, they will be given a choice of five questions pre-determined by HM Land Registry, and will be asked to provide answers that are memorable to them for three of the five questions. Once these answers have been stored, the questions will be used by the system if the user is required to verify their identity.

7.1.4 Password reset

If a user has forgotten their password, or has been locked out of the system because they have entered it incorrectly five times consecutively, there will be a self-service menu option available, allowing the user to verify their identity and reset their password. This makes use of their pre-set shared secrets as referred to in subsection 7.1.3.

The user will be asked to answer two of their three shared secret questions and if they answer correctly they will be allowed to re-access the system and choose a new password. However, if they answer either of the two questions incorrectly five times they will be locked out of the system and their account itself will need to be reset by an administrator, or in the case of an administrator it will need to be reset by HM Land Registry.

8. Availability of HM Land Registry system

The services will normally operate in accordance with the following daily timetable.

Service Hours of operation Notes
Digital e-documents prepare, and submit 06.30 to 23.00 every day  
Business e-services day list capture 06.30 to 23.00 Monday to Friday Excluding national holidays
Information Services and electronic Document Registration Service 06.30 to 23.00 every day  
Land Charges 06.30 to 23.00 every day  
Business Gateway Hours as for the various services listed above See below*
Customer support 08.00 to 17.00 Monday to Friday Excluding national holidays. The telephone number for customer support is 0300 006 0411
*If your Case Management System (CMS) submits an application through Business Gateway during HM Land Registry business hours you should receive an immediate result. If the application is received out of HM Land Registry business hours, you should receive an acknowledgment, with a time when a result should be available. Your CMS provider should give you guidance on how to operate Network Services through Business Gateway.    

By granting the right of access to Business e-services, HM Land Registry does not warrant that the network will always be accessible to subscribers during the hours of operation as published.

Access to the network could be interrupted through circumstances beyond the control of HM Land Registry. If Business e-services are not available during the published hours of operation, and the matter is too urgent to wait until Business e-services are available (as to which, see Annex B – Operational service continuity), you should use other available means to continue your conveyancing. See HM Land Registry system not available.

There may be some circumstances when HM Land Registry needs to alter the daily timetable, or suspend a particular system function or security, without any prior notice where the circumstances justify doing so. Such changes may only have effect for short periods of time or, in some circumstances, may apply for longer periods. It is not possible to predict all the possible circumstances that might arise but they could include:

  • extending the end of the business day, where there has been a material disruption to Business e-services during the day
  • suspending all Business e-services or individual functions, subscribers or users, where there has been a material breach of the services’ security
  • making any change, where HM Land Registry is complying with a court order

HM Land Registry will notify subscribers of changes to the daily timetable by means of an electronic message or other appropriate methods of publicity at the earliest practical opportunity.

9. Storage of unregistered e-documents

If electronic documents are created in the e-conveyancing network and committed for registration, but for some reason they cannot be registered, HM Land Registry will electronically store them.

10. Business continuity

It will be the responsibility of the subscriber to provide business continuity in respect of their own systems. HM Land Registry will reissue tokens as quickly as possible for any subscriber that has suffered a critical business failure for reasons such as theft, flood or fire. You will need to tell us which tokens have been lost so we can cancel them, otherwise we will cancel everything that has been assigned to you.

11. HM Land Registry system not available

If you cannot gain access to our services and you think it is a problem with the HM Land Registry system rather than with your own hardware or software, please check our:

Use these options to check whether there is already a message with information about the nature of the problem and when it is likely to be fixed. If there is no message, contact Customer Support on 0300 006 0411 to report it.

If Business e-services are not available, the following procedures should be followed.

  • Information Services (searches, official copies)
    • wait until the service is restored (likely to be within minutes)
    • use paper forms
  • Document Registration Service
    • wait until the service is restored (likely to be within minutes)
    • revert to paper
  • Network Services (digital mortgage and e-documents)
    • if possible, delay preparation and/or lodging until the services are available (likely to be within minutes)
    • revert to paper

12. Glossary

Administrator: The person appointed by the subscriber as the administrator under the Conditions of Use or the Network Access Agreement.

Certificate: An electronic file that is issued to a user and also published in a repository available to persons who need to rely on the certificate. It is the link between a person’s real-world identity and their digital identity.

Certificate Authority (CA): A body that is responsible for the issue and management of certificates. Conveyancer: As defined in rule 217A Land Registration Rules 2003 (as amended).

Cryptography: The science of protecting information from unauthorised access through the use of numeric keys and special mathematical functions.

Portal: Single web interface. A website that is a gateway to lots of different types of information and services.

Role: A grouping of ‘permissions’ to use particular functionality that may be allocated to an individual.

Role-based access control (RBAC): A mechanism for allowing each user access to a set of services appropriate to their job function. The role allocated to each user will dictate the services that the user has permission to access when they log on.

Subscriber: An organisation that has applied for and been granted a Network Access Agreement.

User: As defined in the Network Access Agreement.

13. Annex A: authentication security

This annex is intended to give users a description of some aspects of the security used in HM Land Registry Business e-services.

13.1 Public key cryptography

Public key infrastructure (PKI) is used for two main purposes by HM Land Registry.

  1. Identity authentication – for assurance of identity when an administrator logs on to register new users and modify their permissions.

  2. Digital signatures – to enable a borrower in a digital mortgage transaction to electronically sign the mortgage.

Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys – a public key and a private key. The private key is kept secret, while the public key may be distributed to those who need to check the identity of the signer. The keys are related mathematically, but the private key cannot be practically derived from the public key: a message encrypted with the private key can be decrypted only with the corresponding public key (and vice versa).

When implemented as part of a public key infrastructure (PKI), the key pairs are linked to real world entities in a publicly available certificate: a person has a private key that can be used for identity in the electronic world and the certificate can verify the link between the individual and the key pair.

As a Certificate Authority (CA), HM Land Registry will issue certificates to a subscriber’s administrator and to those signing digital documents based on information supplied to us by the subscriber. In the case of signing digital mortgages, the certificate will be issued after the borrower has successfully had their identity assured through GOV.UK One Login.

The certificate is the link between a person’s real-world identity and their digital identity. It will contain the individual’s name (as the rightful holder of a private key) and the public key associated with that private key.

For more information about identity authentication and electronic signing please see HM Land Registry’s Certification Practice Statement.

13.2 Audit

It is critical that HM Land Registry audit processes are unambiguous, easily interpreted and tamperproof. It is a direct requirement for all public bodies to conform to the provisions of BSI’s BIP 0008 – Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically. The code provides comprehensive guidance on the requirements for record keeping and record protection.

All business and IT operations will be monitored and logged securely. Therefore:

  1. the access control solution will log all authentication attempts
  2. the CA management system will keep a complete trail of certificate events

14. Annex B: operational service continuity

HM Land Registry has adopted the ITIL model (Information Technology Infrastructure Library) to facilitate best practice in Service Management. (A set of best practice guidance for IT service management. ITIL consists of a series of publications giving guidance on the provision of quality IT Services, and on the processes and facilities needed to support them.) The associated Service Management system is certified to the International Standard BS ISO/IEC 20000.

Day to day operational management of the underpinning IT infrastructure is supported by 24/7 data centre operations and a service desk. The service desk co-ordinates and monitors IT related customer issues that cannot be resolved by customer support centre staff. It is supported by trained second and third level technical engineers, providing guaranteed support between 08.00 – 16.30 Monday to Friday, supplemented by 24/7 out of hours on-call support at all other times.

The central and extranet infrastructures by design mean we have considerable resilience and capacity, using the latest technologies so that the organisation’s continuous service capability is assured.

We operate strict controls around how changes to this infrastructure are managed, risk assessed and acceptance tested prior to deployment.

The integrity and availability of corporate data is paramount. Three copies of this data are continuously mirrored. Additionally, a fourth copy (a snapshot) is made once a day. We also have full backups of our systems on tape and retain logs of all changes that occur during the day.

We are well prepared to deal with the impact of a major incident or disaster on the business. In the event of a disaster, our recovery time will vary depending on the incident. Our objective is to have business critical internal services available within 2 hours, and all other services available within 5 hours. Routine testing of our plans is undertaken.

A culture of continual service improvement is prevalent and there will always be a number of service improvement initiatives ongoing.

15. Contact us

If you need more information, please contact Customer Support by:

  • sending a message using our contact form
  • phone: 0300 006 0411
Back to top