SW03625 - Mandatory HMRC Business Authorising Officer Reviews: Review Room Content & Government Security Classifications
This is a mandatory set of reviews for the HMRC Business Authorising Officer (BAO) and should be carried out at 6 monthly intervals (or as required) before signing the BAO Certificate of Assurance SW03605.
The aim of the ‘Room Content’ review is to ensure that
- all items are stored in the right place, with the correct access controls and relate to the agreed business purpose
- all items have a Government Security Classification of Official - Sensitive or below. Advice on GSC’s is in the Securing our Information intranet pages.
- all room content complies with HMRC’s obligations under the current data protection legislation, GDPR & DPA 2018. DPA guidance pages
The extent of the Review
Depending on the amount of content in a Room it may not be practical for the BAO to review all content that has been added to the Room since the last review.
But all reviews must be of a sufficient level to satisfy the BAO that items contained in the Room comply with Shared Workspace, HMRC policies including DPA.
As a minimum standard, the BAO must review a sample of items that have been added during each month since the last review. Each monthly sample must include items that have been
- added by HMRC Members
- added by Customer Members (for Customer Rooms)
- added to all types of items (including folders, documents, discussions, calendars, databases etc.).
The BAO will need to consider the complexity, frequency of use, membership and purpose of the Room in determining the extent of the review.
The BAO should contact the HMRC Members’ manager or Customer Nominated Contact where any learning requirements have been identified by the review.
Room Content Incorrect
Where the Room does not comply with SW and HMRC policies the BAO must take immediate corrective action. Until all issues are resolved, the Certificate of Assurance must not be completed and the BAO should consider locking the Room, where appropriate SW06300.
Further guidance is available in the HMRC BAO Online Learning Package available on Kalidus (link is external)(0010372) or search term Shared Workspace.