Mandatory HMRC Business Authorising Officer Reviews: Review of Organisations Per Room
This is a mandatory review for the HMRC Business Authorising Officer (BAO) andmust be carried out at 6 monthly intervals (or more frequent where required) beforesigning the BAO Certificate of Assurance SW03605.
The review only needs to be carried out for Customer Member Rooms.
The BAO is responsible for ensuring that their Room(s) only contain the Organisation(s)agreed during the Customer Engagement process SW09100.
For Rooms with one Customer Organisation, where access controls have been set on an item SW07410, the BAO must check that it is hidden from view to excludedmembers.
Where multiple Organisations are allowed to share a Room SW09150the BAO must check that
- no customer data is held in the Room
- no access controls are set on any information held in the room.
Where the Room does not comply with SW and HMRC policies the BAO must take immediatecorrective action. Until all issues are resolved, the Certificate of Assurance must not becompleted and the BAO should consider locking the Room, where appropriate SW06300.