SW03605 - Mandatory HMRC Business Authorising Officer Reviews: Mandatory Room Reviews
This is a mandatory set of reviews for the HMRC Business Authorising Officer (BAO) and should be carried out at 6 monthly intervals (or as required).
It is the responsibility of the BAO to ensure that each of their Rooms is managed effectively.
The reviews and subsequent completion of the BAO Certificate of Assurance should be done at no more than 6 monthly intervals. But, for some types of Room, or type of content within a Room it will be necessary for BAOs to carry out their mandatory reviews at more frequent intervals. Note: with SIBP permission, a record is to be kept, the review period between reviews may be extended to 12 months with good reason. It must be done no less than on an annual basis.
It is for the BAO to consider, both when the Room is created and during its lifecycle, whether these reviews should be carried out more frequently and if so to put in place the appropriate process(es) to ensure this is done.
The BAO will complete and send a BAO Certificate of Assurance to the Shared Workspace Business Sponsor after each set of reviews, once satisfied that any issues have been resolved.
It is important that the use of the Room does not change over time and continues to remain within the scope of the original agreed purpose. The BAO must enter the purpose of the Room onto the BAO Certificate of Assurance. For most Rooms, the purpose can be found within the Room as follows
- Select the ‘Edit’ button on the home page of the Room
-
Select ‘Name & Description’ from the left-hand menu list.
Note: if the Room purpose is not shown the BAO should enter the purpose onto SW, referring to the original application form as necessary.The BAO Certificate of Assurance confirms that a BAO for each Room has conducted the following mandatory 6 monthly reviews for all their Rooms whilst also considering the purpose of the Room
- Review Room Membership SW03620.
- Review Room Content & GSC Markings
-
Room content complies with HMRC’s obligations under current Data Protection legislation SW03625.
and, where the Room is for collaboration with Customer Organisations,
-
Review the number of Organisations per Room SW03615.
The purpose of the reviews is to ensure that,
- only members of Shared Workspace with a business need and the appropriate authority have access to a Room
- the Room content is appropriate & that data has the right GSC
- the room is compliant with legal obligations under GDPR & Data Protection Act 2018
-
the correct number of Organisations are in a Room.For a copy of the BAO Certificate of Assurance please click here.
Non-Compliant Room
Where the Room does not comply with SW and HMRC policies the BAO must take immediate corrective action. Until all issues are resolved, the Certificate of Assurance must not be completed and the BAO should consider locking the Room, where appropriate SW06300.
Further guidance is available in the BAO learning on Kalidus (link is external) (prospectus item code 0010372.