Security Introduction: One Customer Organisation in a Room Principle
Business Units must adhere to the policy of allowing only ‘One Customer Organisation in a Room’. Failure to conform to this policy, other than under the special circumstance below, may put the protection of information security at risk SW03205.
Shared Workspace policy states that there should only be one Customer Organisation in a Room. However, there may be a business need for multiple Customer Organisations to share a single Room.
Before creating a Room with multiple Customer Organisations the BAO must:
- Identify the business need
- Obtain confirmation from all Customer Organisations participating in the Room that they agree to share all the data within the Room. The BAO must keep a copy of that agreement
- Obtain formal approval from the Shared Workspace Business Sponsor. That approval must contain:
- The name of the SW Business Sponsor
- The name of the Customer Organisations that will share the Shared Workspace Room
- The purpose of the Room that will be shared
- keep a permanent record of their SW Business Sponsor’s approval to have more than one Customer organisation in a Room
If the criteria to create a Room with multiple Customer Organisation are not met the BAO should consider creating a separate Room(s) with the relevant Customer Organisation(s).
Note, Business Units are responsible for the security of customer information within a Room.