Information Security: Reporting a Security Breach
While Shared Workspace has been designed and fully tested to meet with HMRC security standards it is still possible that a security breach may occur.
A security breach occurs when someone gains, or is given the potential to gain, access to information without the appropriate business need or authority. For instance, through user error, a malicious attempt to access the system, or the result of a hardware fault.
Any Customer member becoming aware of, or suspecting, a security breach must inform their Customer Nominated Contact (CNC) of the nature of the breach.
The CNC must then contact the HMRC Business Authorising Officer (BAO) giving full details of the breach.
Any HMRC member becoming aware of, or suspecting, a security breach must inform the BAO of the Room as soon as possible with full details of the security breach.
The BAO must take the necessary action to ensure the breach is dealt with immediately. This may include Reviewing the Room Membership SW03620, Locking the Room SW06300 or Reviewing the Access Control of items SW07400.
The BAO must report the incident to Security & Information directorate immediately and details of how you do this are in the S&ID Help & Guidance site