Information Security: Dealing with Auditing Questions
Access to all information within Shared Workspace is governed by HM Governments ‘Need to Know’ policy which aims to ensure that only people with a business need and the necessary authority have access to information.
Because Shared Workspace is an online service, allowing access to customer information, it is essential that all online activities are recorded for audit purposes. The information recorded enables HMRC to identify when members logged in and the activities in which they were engaged which allows for identification of any fraud and system misuse.
Reports are only taken from the audit records:
- where requested by HMRC Investigators to provide evidence for enquiries into alleged system misuse or fraud
- to assist HMRC when investigating a system fault
Reports are not available for HMRC Management Information purposes or for Customer Organisations.