© Crown copyright 2017
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: email@example.com.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/technical-manual/technical-manual-version-121
The Technical Manual forms part of the full Network Access Agreement (NAA). It describes the technical and security aspects of, and requirements for, using any of HM Land Registry’s Business e-services (Information Services, Land Charges Services, electronic Document Registration Service, Network Services and Lender Services).
It is necessary to put these technical details in a separate document from the NAA since, by their nature, technical and security aspects and requirements will change from time to time. New ways of using the network will develop. Electronic systems, information technology and security measures will evolve, become obsolete and require updating. HM Land Registry will need to make changes to constantly protect the security of the network. We will also wish to improve the system and provide new e-services. This manual will be updated when necessary to reflect such changes.
HM Land Registry may change the provisions of the Technical Manual at any time. Any changes will be made in accordance with the HM Land Registry Code of Practice for changes to the Network Access Agreement and Technical Manual.
2. System requirements
2.1 Minimum standard of electronic equipment
E-conveyancing services provided by HM Land Registry require an internet connection. Broadband is recommended.
2.1.1 HM Land Registry portal
If you’ve registered for Business e-services, you can gain access to e-conveyancing services through the HM Land Registry portal. These services are delivered through an internet browser which must be configured to accept cookies from HM Land Registry systems. For administrators’ security tokens there are no additional system requirements.
HM Land Registry tests for compatibility against, and fully supports, the following internet browsers:
- Microsoft Internet Explorer
- Microsoft Edge
- Mozilla FireFox
- Google Chrome
- Apple Safari
HM Land Registry officially supports the current major version release and the previous major version release.
2.1.2 Business Gateway
Customers who use a case management system may also be able to gain access to e-conveyancing services through Business Gateway (an XML interface that links case management systems to our services).
HM Land Registry Business Gateway uses a certificate-based mutual Secure socket Layer (SSL) connection. Please contact your case management system (CMS) provider to find out if this service is available to you. If your CMS provider does offer this service and you wish to use it, your responsible person must then apply for the necessary technical connections to be made. For more information, please contact Customer Support.
2.2 System security
Messages and documents sent through the network must use a mechanism such as Secure Socket Layer (SSL) or Transport Layer Security (TLS) to secure the communication channel.
All users of the network must maintain up-to-date system patches, security updates, anti-virus software and other countermeasures to protect their systems.
2.2.3 Information systems acquisition, development and maintenance
This subsection deals with development and deployment of new systems by you, the subscriber, that may interact with HM Land Registry systems.
Any software that could interact with HM Land Registry systems should be thoroughly tested and you must have your own testing procedures and policies in place and apply them rigorously.
Some free/beta programs can contain bugs or viruses, which could pose a threat to HM Land Registry systems. Applications and operating system software should only be implemented in operational systems after extensive and successful testing.
Testing should be done in a secure environment with non-sensitive data. Access to system files and program source code should be controlled.
3. Subscriber security
3.1 General guidance
This section deals with security within your workplace. For information about HM Land Registry security see HM Land Registry security, which contains requirements relating to passwords, and Administrator duties, which contains details of the additional security requirements applicable to administrators.
Annex A: authentication security also gives some background information about additional security adopted by HM Land Registry to protect the network.
Due to the wide range of system configurations connected to the network, HM Land Registry cannot be prescriptive about procedures and standards that would minimise the possibility of unauthorised access, fraud and forgery.
Although there are general guidelines for keeping business IT secure here, more detailed guidance can be obtained from:
- the UK government sponsored Get Safe Online website
- commercial providers of security expertise
- the BS ISO/IEC 27001:2013 Security techniques: Information security management systems and the complementary standard BS ISO/IEC 27002:2013 Information Technology Code of Practice for Information Security Management can be obtained through the British Standards Institute
- the Law Society has issued a practice note: Information security guidelines for solicitors
3.2 Security policy
You should have an information security policy document, approved by your senior management and reviewed at least annually. It should be published and all your staff made fully aware of it. It should include policies and procedures on the following matters.
3.3 Physical and environmental security
Ensure that your workplace is secure to prevent unauthorised access.
- physical security to protect IT assets must be appropriate to the risk and access to sensitive areas (eg servers) should be restricted
- staff should be clear about their organisation’s security policies and HM Land Registry practices for system access
- users should lock their computer when leaving it unattended and must never share passwords, tokens and other security measures
- security tokens must be kept in a secure place both before they have been issued and when active but not in use
In each case, training should include an overview of the reasons why information security is important, including coverage of the threats and risks, eg viruses, hackers, fraudsters and protection of information assets.
3.4 Responsible person
In your application for Business e-services, you will be asked to nominate a responsible person (RP) in your organisation. You may also nominate as many deputy responsible persons as you need for your organisation. A deputy responsible person (DRP) can cover for the RP when they are not available. They can also be responsible for a particular part of, or group within, your organisation according to your needs. HM Land Registry will create the account for the RP and for the DRP and will provide them with a user ID and temporary password.
HM Land Registry has created the roles of RP and DRP in relation to Business e-services to help organisations and conveyancers to manage their users with the proper supervision of their practices, as required (in the case of conveyancers) by their regulators, by statute (the Legal Services Act 2007, Part 3 and Part 5), and by the NAA.
The RP and DRP will have access to an online HM Land Registry report, which will list actions taken by the administrator. They should not, therefore, normally be the same person as the administrator. It is expected that the RP and DRP will be a solicitor, licensed conveyancer or manager (whereas the administrator may not be legally qualified, but may instead be an IT officer). HM Land Registry recognises that each organisation will have its own arrangements for supervision as appropriate.
The subscriber should establish a procedure for authorising the administrator to perform the tasks that the administrator is permitted to do, such as setting up user accounts and updating user accounts. That may mean that such instructions or authority should come only from the RP and DRP. Alternatively, if someone other than the RP and DRP supervises the administrator, they should be aware of the procedures and policies that are in place.
To facilitate supervision of the use of Business e-services, and to reduce the risk of fraud or misuse, HM Land Registry will record details in the report each time the administrator:
- creates a user account
- suspends a user account
- restores (‘unsuspends’) a user account
- deletes a user account
- updates the business role associated with a user account
- resets a user account
This report will allow the RP and DRP to check that the administrator is acting under proper instructions, and giving access to Business e-services only to authorised persons, at the appropriate level.
The report of each day’s actions by the administrator will be available for up to one calendar month. After one calendar month, that day’s activities will drop off the report. The RP or DRP should, therefore, view the report regularly, and will be able to download or print it as required. Only an RP and DRP will be able to view these reports, see Role based access control (RBAC).
If your organisation has more than one administrator, only the responsible person can allocate or reallocate particular administrators to a specific DRP. This will assist larger organisations that operate with distinct groups, where one person cannot reasonably be responsible for the administrators of all the groups.
The RP and DRP can set the desired parameters for viewing the reports, for instance by date or by administrator. They will also be able to see details of actions taken by the RP and DRP, and search and check all user accounts associated with their HM Land Registry Business e-services account.
In addition, the RP and DRP will be responsible for:
- requesting changes to administrator accounts. See Subsequent changes to administrator accounts
- requesting the necessary technical connections to be made so that your organisation can use Business e-services by means of Business Gateway, if required.
The RP and DRP will also be able to:
- view variable direct debit (VDD) statement information
- view services requested today
- view messages within the message area
We advise you to check the Technical Manual online from time to time for any updates on the responsibilities of the administrator and the role of the RP and DRP.
3.5 Human resources security
It is the subscriber’s responsibility to ensure that employees, contractors and third-party users understand their responsibilities and are suitable for the roles allocated to them. This will reduce the risk of misuse of facilities. You should further ensure that they are aware of information security threats and concerns, their responsibilities and liabilities. See Role based access control (RBAC) to help you decide what level of access each user in your organisation should be given.
3.6 Communications and operations management
Compliance with procedures should be enforced with auditing, which could involve checking computer logs. Management procedures and responsibilities for these processes should be established.
3.7 Access control
Ensure only authorised staff have access to HM Land Registry services.
Access control rules should be supported by formal procedures and clearly defined responsibilities. See Role based access control (RBAC). This should cover access to:
- Information Services
- Land Charges Services
- electronic Document Registration Service
- operating systems
- Network Services
- Lender Services
It should also include a formal process for adding and removing access rights for staff. If mobile working or working from home is being used, security processes will need to be in place to ensure secure access.
When employees, contractors and third-party users leave an organisation, or change employment, the subscriber must instruct the administrator to terminate their access to Business e-services. This must be done immediately.
3.8 Information security incident management
Security incidents should be recorded, such as uncontrolled system changes, human errors, non-compliance with policies or guidelines, loss of service, or facilities and system malfunctions or overloads.
Any access violations, loss of equipment, breaches of physical security or theft that could affect HM Land Registry should be reported to HM Land Registry. This should be done as quickly as possible through the administrator, the responsible person or a deputy responsible person.
If the administrator or the responsible person/deputy responsible person thinks that the violation could affect the HM Land Registry Business e-services adversely, they should contact Customer Support.
Staff should be made aware of the procedures for reporting the different types of incident that might have an impact on security.
4. Administrator duties
4.1 Creation of administrator accounts for a subscriber
The role of an administrator is to administer system access for the individual users within each subscriber. Administrators will also be provided with permissions that enable them to manage the account of the subscriber. The subscriber must, therefore, provide the administrator with the appropriate instructions and authority to carry out this role.
When applying for Business e-services, subscribers must supply details of at least one individual who is capable of carrying out the duties associated with the administrator role. HM Land Registry will create the account for the administrator and will provide them with a user ID, temporary password and a security token. A security token is required to authenticate at a higher level to access the HM Land Registry system, details of this process can be found in subsections 4.2 to 4.5 below. Several online training and guidance modules for administrators are available on the HM Land Registry website.
It is the responsibility of the subscriber to plan its own business contingencies to cover the situation where its administrator is unavailable. It is, therefore, important that each subscriber appoints a sufficient number of administrators. On application, each subscriber will need to appoint a primary administrator who will act as the main point of contact for HM Land Registry queries. If only one administrator is requested they will be appointed as the primary administrator by default.
4.2 Security tokens
The Entrust IdentityGuard Mini Token is a high-quality, one-time password (OTP) device designed to help provide strong, versatile authentication to enterprises, governments and consumers. The security token provides an additional level of security, over and above the administrator’s user ID and password. A different unique PIN number is generated by the token each time the administrator presses the button (hence “one time”). For a limited period of time, that PIN number is synchronised with the PIN number for that token in HM Land Registry’s credential database in its hardware security module.
When administrators attempt to log on to Business e-services via the portal, they are prompted to enter the PIN number generated by the token. If the entered PIN number is correct they are granted access to the system. The token is durable against normal wear and tear with an expected battery life between 6 and 8 years.
No additional software needs to be installed to support the use of one-time password tokens.
4.3 Token renewal and protection
Administrators will receive their security tokens as part of the process when their organisation signs up for the HM Land Registry service. Additional tokens for deputy administrators can be requested from HM Land Registry as required.
Security tokens should be considered as valuable assets and stored securely. They should be treated similarly to bankcards. Administrators:
- must not share their token and must prevent others from using it
- should not leave the token unattended at any time
- should return the token when requested to do so by HM Land Registry
- must notify HM Land Registry if the token has been lost
4.4 Access to administrator services
In order to access the services that the administrator requires, he or she will need to follow authentication processes when they log in to the HM Land Registry system. First-time access to administrator services will be granted as follows.
4.5 Administrator authentication
- Administrator enters their username and temporary password
- Administrator is prompted to change their password
- Administrator changes their password
- Administrator is required to create shared secrets for their account
- Administrator is prompted to enter their token number
- Administrator presses the button on their security token and enters their token (PIN) number displayed on the token
- Administrator is provided with menu of administrator services
Subsequent access to administrator services will be granted as follows.
- Administrator enters their username and password
- Administrator is prompted to enter their token number
- Administrator enters their token number shown on the OTP token
- Administrator is provided with menu of administrator services
4.6 Services available to the administrator
When the administrator accesses the system, the available services will be displayed on a menu. The available services are listed in subsections 4.6.1 and 4.6.2, and in our guidance How to use portal.
4.6.1 Managing subscriber account
The administrator will be responsible for managing the subscriber account. All administration will be conducted via the portal (it cannot be done through HM Land Registry Business Gateway). The services available to the administrator for the management of subscriber accounts include:
- find subscriber account
- view subscriber account
- update subscriber account details
- create group
- update group
- delete group
4.6.2 Managing user accounts
The services that allow the administrator to manage the accounts of individual users include:
- create user account
- find user account
- view user account
- update user account
- suspend user account
- restore (‘unsuspend’) user account
- delete user account
- reset user account
4.7 Subsequent changes to administrator accounts
The procedure for making changes to administrator accounts is the same whether an account is being reset, suspended, restored or deleted. All changes must be requested by the responsible person or deputy responsible persons within the subscriber organisation.
The requests can be made online when the responsible person (RP) or deputy responsible person (DRP) is logged in to the system. Alternatively, requests can be made on headed paper, signed by the responsible person or deputy responsible person and sent to Customer Support. On receipt, HM Land Registry will check the provenance of the request and, if satisfied, will make the necessary change.
An RP or DRP can apply for administrator accounts. Application should be made using form AFS4a.
Only the responsible person can:
- request that the primary administrator is changed to another administrator
- allocate or reallocate administrators to a specific DRP
5. Role-based access control (RBAC)
Role-based access control (RBAC) provides an efficient mechanism for allowing the subscriber and HM Land Registry to provide each user with access to a set of services appropriate to their work and experience. The administrator, responsible person and deputy responsible person roles will be set up and managed by HM Land Registry. In the case of other users, it will be the responsibility of the subscriber to allocate one of a number of predefined roles to each user and to instruct the administrator accordingly, so that they can create an appropriate account for that user. The allocated role will dictate the services that the user has permission to access when they log on and can only be changed by an administrator.
The roles created are provided for the benefit of subscribers to assist them in fulfilling their obligations under their regulatory Codes of Conduct, and the Legal Services Act 2007.
They are designed to assist subscribers in ensuring that their users are given access to the HM Land Registry Business e-services at a level commensurate with their ability, experience and qualifications, and so that their work can be properly supervised by a qualified conveyancer if necessary.
The following section is a list of the current roles that a subscriber can allocate to its users, that is to say, all members of staff within the firm who require access to Business e-services. As the services made available via the HM Land Registry portal increase, so too will the number of roles available.
5.1 Administrative roles for all Business e-services customers
Business Unit Administrator (BUA) – an administrator who can create and update users (see Administrator duties above).
Responsible person (RP) – a person who can access to reports documenting the activities of any DRPs and all administrators, and access to all VDD account reports for VDD accounts used to pay for e-services. They can also allocate responsibility for the management of administrators to DRPs and change the primary administrator (see Responsible person above).
Deputy responsible person (DRP) – a person who can access reports documenting the activities of the responsible person, any deputy responsible persons and all administrators, and access to all or designated VDD account reports for VDD accounts used to pay for e-services. They can also allocate responsibility for the management of administrators to the responsible person or another deputy responsible person (see Responsible person above).
Financial administrator (F1) – a person who can access online VDD account reports for all or designated VDD accounts used to pay fees for e-services.
5.2 Authorised user roles available for all Business e-services customers who certify their agreement to the Conditions of Use
General Access (Z1) – access to Information Services only (preliminary services such as register view, official copies, official searches, land charges services)
General Access and eDRS (Z2) – access to Information Services and the electronic Document Registration Service
The following roles are available for organisations who can also access services through Business Gateway and are subject to Conditions of Use and Register Extract Service Terms and Conditions.
General Access and Register Extract (WM2) – access to Information Services and the Register Extract Service (allowing an organisation to have register data files imported into their Case Management System)
General Access, Register Extract and eDRS (WM5) – access to Information Services, the electronic Document Registration Service and the Register Extract Service
The following role is available for organisations who can also access services through Business Gateway and are subject to Conditions of Use and Online Ownership Verification Service Terms and Conditions.
- General Access and Verification Services (VS1) – access to Information Services and the Online Ownership Verification Service
The following role is available for organisations who can also access services through Business Gateway and are subject to Conditions of Use, Register Extract Service Terms and Conditions and Online Ownership Verification Service Terms and Conditions.
- General Access, Register Extract and Verification Services (VS2) – access to Information Services, the Register Extract Service and Online Ownership Verification Service
5.3 Additional roles and associated privileges for conveyancers who have also signed a Network Access Agreement
- eConveyancer, Edit and Submit and e-DRS (C4) – access to Information Services, the electronic Document Registration Service and Network Services
The following role is also available for organisations who can also access services through Business Gateway and are subject to the Network Access Agreement and Register Extract Service Terms and Conditions.
- eConveyancer, Edit and Submit, Register Extract and e-DRS (WM1) – access to Information Services, the Register Extract Service, the electronic Document Registration Service and Network Services
5.4 Additional roles for lenders or their agents under a Memorandum of Understanding
Customers with one of the three lender arrangements can give users one of the roles listed under them.
Lender with e-DS1 (L1) for lenders with a Memorandum of Understanding to discharge charges using e-DS1s – access to Information Services and e-DS1
Lender with EDs (L2) for lenders with an agreement with HM Land Registry to discharge charges by means of EDs – access to Information Services and EDs
Lender with e-DS1 and EDs (L3) for lenders discharging charges by means of both e-DS1s and EDs – access to information Services, e-DS1 and EDs
Find a Property role
PSU – Find a Property services only. This service is subject to registration of an account and the Find a Property terms and conditions.
Whatever access level a person has, if they are using services that are available under the Portal Conditions of Use or Business Gateway Conditions of Use, those Conditions of Use will apply. If the services are available only in Network Services, the Network Access Agreement will apply.
6. HM Land Registry security
HM Land Registry security is based upon user certificates and provides appropriate user authentication and role based access control. For more information, please see:
6.1 Description of security measures
The method of user authentication required for system access is based on the level of access required. HM Land Registry uses a variety of mechanisms to secure its systems.
6.1.1 User ID and password
As the administrator creates an account for each new user, the system will generate a user ID. In addition to a user ID, a password must be created. Initial login will be achieved using a temporary password that is issued by the system. The user will then be asked to create a new password of their own choosing within permitted rules on the first occasion that they have successfully logged in.
This single sign-on will allow access to all services for which the user has the associated permissions. In addition to this, those with the role of administrator will be set up with an additional account for their administrator role to ensure separation of duties. Therefore, if a user within a firm is also an administrator they will possess two separate user IDs and passwords.
6.1.2 Password construction
The password should represent an effective balance between strength of security and usability. All passwords must:
- be a minimum of eight characters
- be a maximum of 20 characters
- include a mixture of alpha and numeric characters
- include at least two numbers
- not include the characters £, €, , or ¬
- be case sensitive
It may also help to remember more complex passwords if users use a password based on a mnemonic pass phrase, eg ‘I like to walk my dog 12 times each day’. By taking the first letter of each word, they would create the password ‘ILTWMD12TED’
The general password rules are as follows.
- do not employ any password structure or characteristic that results in a password that is predictable or easily guessed
- passwords must be kept confidential. They must never be shared or revealed to anyone
- passwords must not be written down unless they have been effectively concealed in seemingly unrelated characters or by using a coding system. Any written form of password must also be stored in a secure location, such as a locked drawer. Also, the coding system used to conceal the password should not be written down. If the password is lost, or there is suspicion that someone has accessed it, it must be assumed that it has been compromised
- do not use the same password for different systems, ie never use any HM Land Registry password for personal use, such as internet banking or shopping accounts
- do not re-use a password that has been used before
- passwords will not expire automatically, but may be changed at any time
- passwords must be changed immediately if compromise is suspected or known
6.1.3 Shared secrets
Shared secrets are commonly used by businesses for providing access to confidential information. A shared secret is something known only to the user and the system that they are interacting with. In the case of the HM Land Registry portal, following the first successful log in by a user, they will be given a choice of five questions pre-determined by HM Land Registry, and will be asked to provide answers that are memorable to them for three of the five questions. Once these answers have been stored, the questions will be used by the system if the user is required to verify their identity.
6.1.4 Password reset
If a user has forgotten their password, or has been locked out of the system because they have entered it incorrectly five times consecutively, there will be a self-service menu option available, allowing the user to verify their identity and reset their password. This makes use of their pre-set shared secrets as referred to in subsection 6.1.3.
The user will be asked to answer two of their three shared secret questions and if they answer correctly they will be allowed to re-access the system and choose a new password. However, if they answer either of the two questions incorrectly five times they will be locked out of the system and their account itself will need to be reset by an administrator, or in the case of an administrator it will need to be reset by HM Land Registry.
7. Availability of HM Land Registry system
The services will normally operate in accordance with the following daily timetable.
|Service||Hours of operation||Notes|
|Digital e-documents prepare, and submit||06.30 – 23.00 Every day|
|Business e-services day list capture||06.30 – 23.00 Monday to Friday||Excluding national holidays|
|Information Services and electronic Document Registration Service||06.30 – 23.00 Every day|
|Land Charges||06.30 – 23.00 Every day|
|Business Gateway||Hours as for the various services listed above||See below*|
|Non-technical support||08.00 – 18.00 Monday to Friday||Excluding national holidays. The telephone number for non-technical support is 0300 006 0411|
|Technical support||07.00 – 18.00 Monday to Friday||Excluding national holidays. The telephone number for technical support is 0300 006 0411|
|*If your Case Management System (CMS) submits an application through Business Gateway during HM Land Registry business hours you should receive an immediate result. If the application is received out of HM Land Registry business hours, you should receive an acknowledgment, with a time when a result should be available. Your CMS provider should give you guidance on how to operate Network Services through Business Gateway.|
By granting the right of access to Business e-services, HM Land Registry does not warrant that the network will always be accessible to subscribers during the hours of operation as published.
Access to the network could be interrupted through circumstances beyond the control of HM Land Registry. If Business e-services are not available during the published hours of operation, and the matter is too urgent to wait until Business e-services are available (as to which, see Annex B – Operational service continuity), you should use other available means to continue your conveyancing. See HM Land Registry system not available.
There may be some circumstances when HM Land Registry needs to alter the daily timetable, or suspend a particular system function or security, without any prior notice where the circumstances justify doing so. Such changes may only have effect for short periods of time or, in some circumstances, may apply for longer periods.
It is not possible to predict all the possible circumstances that might arise but they could include:
- extending the end of the business day, where there has been a material disruption to Business e-services during the day
- suspending all Business e-services or individual functions, subscribers or users, where there has been a material breach of the services’ security
- making any change, where HM Land Registry is complying with a court order
HM Land Registry will notify subscribers of changes to the daily timetable by means of an electronic message or other appropriate methods of publicity at the earliest practical opportunity.
8. Storage of unregistered e-documents
If electronic documents are created in the e-conveyancing network and committed for registration, but for some reason they cannot be registered, HM Land Registry will electronically store them.
9. Business continuity
It will be the responsibility of the subscriber to provide business continuity in respect of their own systems. HM Land Registry will reissue tokens as quickly as possible for any subscriber that has suffered a critical business failure for reasons such as theft, flood or fire. You will need to tell us which tokens have been lost so we can cancel them, otherwise, we will cancel everything that has been assigned to you.
10. HM Land Registry system not available
If you cannot gain access to our services and you think it is a problem with the HM Land Registry system rather than with your own hardware or software, please either:
- check our technical twitter feed for service status updates @LRTechSupport
- check the ‘Latest Update’ area of our online support forum
Use these options to check whether there is already a message with information about the nature of the problem and when it is likely to be fixed. If there is no message, contact the Customer Support telephone number below which will give the option to report the issue to our IT Service Desk.
- telephone Customer Support on 0300 006 0411
If Business e-services are not available, the following procedures should be followed.
- Information Services (searches, official copies)
- wait until the service is restored (likely to be within minutes)
- use paper forms
- Network Services (e-charges and documents)
- if possible, delay preparation and/or lodging until the services are available
- revert to paper (using an outline application made by telephone to protect the interest if appropriate – see rule 54 of the Land Registration Rules 2003) and practice guide 12: official searches and outline applications
Administrator: The person appointed by the subscriber as the administrator under the Conditions of Use or the Network Access Agreement.
Certificate: An electronic file that is issued to a user and also published in a repository available to persons who need to rely on the certificate. It is the link between a person’s real-world identity and their digital identity.
Certificate Authority (CA): A body that is responsible for the issue and management of certificates.
Conveyancer: As defined in rule 217A Land Registration Rules 2003 (as amended).
Cryptography: The science of protecting information from unauthorised access through the use of numeric keys and special mathematical functions.
Portal: Single web interface. A website that is a gateway to lots of different types of information and services.
Role: A grouping of ‘permissions’ to use particular functionality that may be allocated to an individual.
Role-based access control (RBAC): A mechanism for allowing each user access to a set of services appropriate to their job function. The role allocated to each user will dictate the services that the user has permission to access when they log on.
Subscriber: An organisation that has applied for and been granted a Network Access Agreement.
User: As defined in the Network Access Agreement.
12. Annex A: authentication security
This annex is intended to give users a description of some aspects of the security used in HM Land Registry Business e-services.
12.1 Public key cryptography
Public key infrastructure (PKI) is used for two main purposes.
- Identity authentication – for assurance of identity when an administrator logs on to register new users and modify their permissions.
- Digital signatures – to enable any party within a conveyancing transaction to electronically sign e-documents. Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys – a public key and a private key. The private key is kept secret, while the public key may be distributed to those who need to check the identity of an administrator. The keys are related mathematically, but the private key cannot be practically derived from the public key: a message encrypted with the private key can be decrypted only with the corresponding public key (and vice versa).
When implemented as part of a public key infrastructure (PKI), the key pairs are linked to real world entities in a publicly available certificate: a person has a private key that can be used for identity in the electronic world and the certificate can verify the link between the individual and the key pair.
As a Certificate Authority (CA), HM Land Registry will issue certificates based on information supplied to them by the subscriber.
The certificate is the link between a person’s real-world identity and their digital identity. It will contain the individual’s name (as the rightful holder of a private key) and the public key associated with that private key.
For more information about identity authentication and electronic signing please see HM Land Registry’s Certification Practice Statement.
It is critical that HM Land Registry audit processes are unambiguous, easily interpreted and tamperproof. It is a direct requirement for all public bodies to conform to the provisions of BSI’s BIP 0008 – Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically (2nd edition). The code provides comprehensive guidance on the requirements for record keeping and record protection.
All business and IT operations will be monitored and logged securely. Therefore:
- the access control solution will log all authentication attempts
- the CA management system will keep a complete trail of certificate events
13. Annex B: operational service continuity
HM Land Registry has adopted the ITIL model (Information Technology Infrastructure Library) to facilitate best practice in Service Management. (A set of best practice guidance for IT service management. ITIL consists of a series of publications giving guidance on the provision of quality IT Services, and on the processes and facilities needed to support them.) The associated Service Management system is certified to the International Standard BS ISO/IEC 20000-1:2011. Day to day operational management of the underpinning IT infrastructure is supported by 24/7 data centre operations and a service desk acting as a central point of contact for all IT related customer calls. This is staffed from 07.00 – 18.00 Monday to Friday and is supported by trained second and third level technical engineers, providing guaranteed support between 08.00 – 16.30 Monday to Friday, supplemented by 24/7 out of hours on-call support at all other times.
The central and extranet infrastructures by design have considerable resilience and spare capacity (redundancy) built in, which use the latest Geographically Dispersed Parallel Sysplex technologies, so that the organisation’s continuous service capability is assured even in the event of the loss or unavailability of one of these data centres.
We operate strict controls around how changes to this infrastructure are managed, risk assessed and acceptance tested prior to deployment.
The integrity and availability of corporate data is paramount. Three copies of this data are continuously mirrored. Additionally, a fourth copy (a snapshot) is made once a day. We also have full backups of our systems on tape and retain logs of all changes that occur during the day.
We are both well prepared and vigilant with regard to our arrangements to deal with the impact of a major incident or disaster on the business.
Automated monitoring takes the place of business-critical business services and a process to manage major service incidents is deployed. This integrates with our business continuity procedures.
In the event of a disaster, our recovery time will always vary depending upon the nature of the incident. Our objective is to make business critical internal services available within two hours of the business decision to invoke the disaster recovery plan, with all services available within five hours. Routine testing of our plans is undertaken and we proactively seek to improve upon our recovery time objectives where possible.
A culture of continual service improvement is prevalent and there will always be a number of service improvement initiatives ongoing.
14. Contact us
If you need more information, please contact Customer Support:
- Use our online contact form
- Phone: 0300 006 0411