Security Introduction: Security Classification of Data - Government Security Classification System (GSC)
Official and personal information is protected by various pieces of legislation, including the Data Protection Act 1998. Section 182 of the Finance Act 1989 particularly protects the tax affairs of any identifiable person or business.
Protectively marked information held on IT systems must have the same level of protection in the same way as it would if held on paper. Further information about the Government Security Classification (GSC) system, intoduced in 2014, can be found here .
Shared Workspace Service
Shared Workspace is accredited to handle information up to and including Official Sensitive.
Under no circumstances should any information with a higher classification be added to Shared Workspace.
A full definition of Secuirty Classifications is here.
Responsibility for the security of securely classified assets
HMRC Staff have a general duty to protect information. Everyone who has access to classified assets is personally responsible for maintaining the appropriate standards of security.
Always make sure that when you add a file(s) to Shared Workspace it is only made available to those with a genuine business need and authority to know the information it contains SW03310.
If you find information within Shared Workspace that is marked higher than Official-Sensitive then you must immediately
- delete the item SW07440
- report the incident to an HMRC Business Authorising Officer of the Room in which the item was held SW03245.