SW03310 - Using Shared Workspace: Controlling Access to Information
Information within Shared Workspace must be protected to ensure that only members witha specific business need and the appropriate authority are able to access the information.
Access to Information is controlled as follows:
- Registration and Enrolment
- Approval to become a member of a Room
HMRC Business Authorising Officers are responsible for authorising the addition of all HMRC Members SW04225 and Customer Members to a Room SW04235.
- Assigning Roles
When a member is added to a Room SW05410 they are assigned a Role SW05610 which controls which areas and information they have access to within a Room.
- Access controls
Shared Workspace is accredited by the Department to hold information that is marked up to and including Official Sensitive SW03150. Information of a higher marking must not be included. See the CSIR Help & Guidance pages for more detail about Government Security Classifications.
When a member adds information to a Room they are responsible for considering and setting Access Controls SW07410 to ensure only appropriate people are able to access it.
- Room Type
Rooms are created for either HMRC Only use SW06140 or for Customer use SW06150. Customer members can never have access to an HMRC Only Room.
- Room Banners
Particular care over access controls must be taken by HMRC members when adding information to a Customer Room. To act as a visual reminder to HMRC members of the type of Room they are working in, different coloured banners are used.