SW03310 - Using Shared Workspace: Controlling Access to Information

Information within Shared Workspace must be protected to ensure that only members witha specific business need and the appropriate authority are able to access the information.

Access to Information is controlled as follows:

1. Registration and Enrolment

• HMRC users must be allocated the service before gaining access to the service SW05210.
• Customers must represent a Customer Organisation accepted into Shared Workspace and be invited by an authorised Customer Nominated Contact before gaining access to the service SW05230.

1. Approval to become a member of a Room

HMRC Business Authorising Officers are responsible for authorising the addition of all HMRC Members SW04225 and Customer Members to a Room SW04235.

1. Assigning Roles

When a member is added to a Room SW05410 they are assigned a Role SW05610 which controls which areas and information they have access to within a Room.

1. Access controls

Shared Workspace is accredited by the Department to hold information that is marked up to and including Official Sensitive SW03150. Information of a higher marking must not be included. See the CSIR Help & Guidance pages for more detail about Government Security Classifications.

When a member adds information to a Room they are responsible for considering and setting Access Controls SW07410 to ensure only appropriate people are able to access it.

1. Room Type

Rooms are created for either HMRC Only use SW06140 or for Customer use SW06150. Customer members can never have access to an HMRC Only Room.

1. Room Banners

Particular care over access controls must be taken by HMRC members when adding information to a Customer Room. To act as a visual reminder to HMRC members of the type of Room they are working in, different coloured banners are used.