Background: Allocation of COTAX and CT Online user roles: introduction
COTAX and CT Online roles are requested for users and allocated to them using the Service Request System (SRS).
Anyone with line management responsibility, or their appointed delegate, can request a user role on behalf of their staff. This person is known as the Role Requester and is responsible for:
- ensuring their staff only have the roles allocated that they need to do their current job
- using SRS to request only appropriate user roles
- using SRS to delete user roles that are no longer required by their staff
- advising the Role Authoriser that they have removed user roles that are no longer needed.
A Role Authoriser is appointed within each Management Unit in which COTAX or CT Online roles are available. A list of Role Authorisers and the MUID for which they are responsible for can be found on the CT Process intranet site from the ‘User Roles’ link.
The Role Authoriser is responsible for:
- setting up and maintaining a list of COTAX and CT Online users
- approval of user role requests, including COTAX roles and CT Online Services roles.
The Role Authoriser also has responsibility for:
- local security of COTAX
- maintenance of the Authorised User Registered File, containing full details of the COTAX and CT Online Services users for their MUID.
The Role Authoriser receives all applications for COTAX or CT Online roles to be allocated within the MUID for which they are responsible.
To ensure continuity of operations, we recommend that there is at least one deputy to the nominated Role Authoriser. We also recommend that, wherever possible, the appointed Role Authoriser is an experienced officer of HO grade.
It is a Departmental security requirement that the following three activities are carried out by different members of staff whenever possible.
- Approving access to COTAX and CT Online roles (Role Authoriser).
- Using COTAX to generate repayments (Technical Caseworker, CT Co-ordinator, Clerical Caseworker and Clerical Support roles).
- Carrying out security checks on repayments and reallocations (Repayments and Reallocations Authoriser).
This applies even if the roles are held in different MUIDs.
If office constraints mean that you cannot readily achieve the required segregation of roles, you must obtain a written dispensation from your Data Guardian. The application for dispensation must be in writing, must outline the reasons for being unable to fully comply with the security requirements, and provide details of the arrangements that you are able to put in place. This dispensation must be renewed every six months. You must provide a copy of the dispensation to the SRS Administrator.
Where dispensation is in place, local management are responsible for monitoring the additional risks.