COM31050 - Background: Allocation of COTAX and CT Online user roles: system security

As Role Authoriser, you are responsible to the senior responsible officer for ensuring the maintenance of appropriate levels of security for COTAX and CT Online Services within your MUID. See COM31030 for more information.

You are also responsible for ensuring that individual users are aware of the security issues in relation to the COTAX and CT Online Services by issuing a Security Reminder when you authorise a new user role.

The security of data held on the Department’s computer systems must be protected at all times.

The Department must ensure that its IT systems are not abused in order to comply with the requirements of the:

  • Data Protection Act 1998
  • Computer Misuse Act 1990

If you suspect abuse of any computer system, you must immediately inform the senior responsible officer.

The guidance given here does not replace existing instructions regarding conduct and discipline proceedings. Abuse of, or unauthorised access to, any computer system is a matter for action under conduct and discipline rules. You can find further information in HMRC’s Acceptable Use Policy under ‘A’ in the intranet Library A-Z.

As Role Authoriser, you must make COTAX and CT Online Services users aware of their obligations concerning the security of the data held on the computer. You should therefore give a Security Reminder to all COTAX and CT Online Services users as follows:

  • all staff on first being set up as COTAX or CT Online Services users for your MUID
  • all staff allocated a new user role or service in your MUID
  • all COTAX and CT Online Services users in your MUID at approximately annual intervals

Security Reminder 

The following is the wording of the reminder you must issue to *COTAX/CT Online Services users when you authorise a user role request in the Service Request System (SRS). 

The wording should be copied into the ‘Comments to Requester’ field to be sent to the Role Requester when your authority is given: 

  • “Role Requester - Please pass this Security Reminder to the *COTAX/CT Online user for which authorisation is given

  • Security of information held on the *COTAX/CT Online Services system 

  • In order to conform with the provisions of the Data Protection Act 1984, and the Computer Misuse Act 1990, HM Revenue & Customs must ensure that the Department’s computer systems are not to be used unless there is a legitimate business need to do so

  • You must only access a *COTAX/CT Online Services record if this is necessary to undertake your duties for the Department, for example, to work an item of post, or deal with a company’s enquiry

  • You are reminded that abuse of the computer systems, or unauthorised access will be considered a matter for action under conduct and discipline rules Your attention is drawn to the HMRC Acceptable Use Policy 

*Delete as appropriate 

See COM31051 for legislation applying to this subject.