CIS security

Security of DWP and HMRC data:

Security and the Memorandum of Understanding

Protection of customer information is of paramount importance to DWP. The Memorandum of Understanding (MoU) all local authorities (LAs) have signed sets out the framework through which permits access to DWP and HMRC data using CIS and the DTA.

• Memorandum of Understanding (114KB)

The MoU previously related solely to CIS access. However, it now includes any ‘RESTRICTED’ Impact Level 3 (IL3) information either electronically transmitted by DWP or hard copy. As examples this includes:

• information accessed and taken from CIS and stored, on document imaging systems
• documents received from DWP via the Data Transport Appliance (DTA) server.

LAs must ensure DWP data is securely handled. Access can only be for the purpose of administering HB/CTB and LAs must comply with legislation and guidance issued by DWP.

The MoU requires that before prospective users are granted access to ‘RESTRICTED’ IL3 information they successfully complete appropriate data protection training. It is a specific requirement that before any person accesses CIS they must successfully complete the technical and security training. Copies of the training packs are available from LASST.

Any access to CIS must be made in the knowledge the information remains the property of DWP. Any detected misuse of CIS will lead to disciplinary action, with the possibility of dismissal and potentially prosecution.

• G-Bulletin 3/2011 (58KB) contains full details.

It should be noted that both DWP (LASST) and HMRC continually carry out covert and CIS management test checks to identify unauthorised access to DWP data and system abuse.

Homeworkers

DWP understands the benefit of employing home workers but recognises they do represent additional risk. LAs need to set down a clear policy on working from home and educate staff appropriately. Appendix B of the MoU and the LA CIS Guide covers the subject in more detail.