La lecture en ligne est gratuite
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Télécharger Lire

CAR Audit s17-18 security Bulletin no 1

De
4 pages
CAR Audit Number 1 7 March 2008S17/S18 Returns Bulletin The S17/S18 Bulletins keep Financial Institutions & Local Authorities informed of any new developments relating to the S17/S18 reporting requirements. Please ensure the appropriate people in your organisation read it. We suggest that you keep Bulletins at the front of your copy of the S17 or S18 Magnetic Media Specifications What this Bulletin contains This Bulletin contains articles on - 1 Data Security - 2 S17/S18 Spreadsheet Format - 3 Allowable media types - 4 Completion of Type 3 Records for Non-Individuals (S17 only) Enquiries on this bulletin should be addressed to HM Revenue & Customs CAR Audit Returns Unit St Johns House Merton Road Bootle Liverpool L75 1BB Telephone 0151 472 6129 or 0151 472 6136 1 - Data Protection and security of returns 1.1 Your responsibilities under the Data Protection Act 1998 (DPA) We do not set any particular security standards for data coming to us from businesses but are happy to work with anyone who needs to send us data to help secure it. Under the DPA, you are responsible for the security of personal data until we have received it. We have an ongoing review into the security of our data transfers out. We currently secure outgoing data to businesses in the following ways and we encourage everyone to be this careful when transferring information to us. 1.2 What encryption do HMRC use? We encrypt ...
Voir plus Voir moins
CAR Audit
Number 1
7 March 2008
S17/S18 Returns Bulletin
The S17/S18 Bulletins keep Financial Institutions & Local Authorities informed
of any new developments relating to the S17/S18 reporting requirements.
Please ensure the appropriate people in your organisation read it.
We suggest that you keep Bulletins at the front of your copy of the S17 or S18
Magnetic Media Specifications
What this Bulletin contains
This Bulletin contains articles on
-
1 Data Security
-
2 S17/S18 Spreadsheet Format
-
3 Allowable media types
-
4 Completion of Type 3 Records for Non-Individuals (S17 only)
Enquiries on this bulletin should be addressed to
HM Revenue & Customs
CAR Audit Returns Unit
St Johns House
Merton Road
Bootle
Liverpool
L75 1BB
Telephone
0151 472 6129 or 0151 472 6136
1 - Data Protection and security of returns
1.1 Your responsibilities under the Data Protection Act 1998 (DPA)
We do not set any particular security standards for data coming to us from
businesses but are happy to work with anyone who needs to send us data to
help secure it.
Under the DPA, you are responsible for the security of
personal data until we have received it.
We have an ongoing review into the
security of our data transfers out.
We currently secure outgoing data to
businesses in the following ways and we encourage everyone to be this
careful when transferring information to us.
1.2 What encryption do HMRC use?
We encrypt data to 256-bit standard with a 20 character complex password
onto computer media (normally CD/DVD).
A secure courier transports the
media in secure and tamper evident packaging.
A named individual signs for
it when received.
We send the password separately.
1.3 What encryption can HMRC accept?
You may wish to send us data as password-protected, self-decrypting files on
computer disk or tape.
We can handle any self-decrypting files that run on
Microsoft operating systems.
We encourage you to use complex passwords
of at least 20 characters and arrange a named person to sign for delivery.
If you are unable to use one of the encryption products below, please
contact the tactical Security Control Centre on 01952 233 257 or email
tacticalsecuritycontrolcentre@hmrc.gsi.gov.uk
Self-extracting encryption;
WinZip version 9 or higher; or
PGP self-decrypting files.
Your hardware or software might prevent data encryption.
In such cases,
please contact Eddy Griffin on 0151 472 6041 or email
eddy.griffin@hmrc.gsi.gov.uk
to arrange alternative physical security
measures with us.
1.4 Where should I send the Password for my self-decrypting file?
Please send your password by email to
occ-dcdm@hmrcaspire.com
. Please
title your email with your return type and your return reference number. For
example an email containing a password for a S17 return for A9999 sub
return 01 should be titled :-
S17 A9999/01
1.5 Are other methods going to be available?
We know some businesses already use other methods to secure their data
transfers. Financial Institutions who use Connect Direct Secure Plus should
contact HMRC.
We are working to establish the relevant links for the coming
filing period. We are working with our IT supplier to agree how we will accept
tapes and cartridges containing data encrypted using ZIP390 and DF DSS.
We will be publishing details
of
public keys to be used in asynchronous
encryption via products like PGP.
This will reduce the problems with needing
unique password protection for each item of media.
If any of these are your preferred transfer mechanism, please contact or
email so that you can be included in later announcements
2 - Spreadsheet Return Format
We are currently developing a spreadsheet based reporting format to assist
those Financial Institutions that would normally submit all or part of their return
using Paper Forms.
Only 1 spreadsheet return will be allowed per sub return.
For sub returns that contain data that will not fit onto one spreadsheet you
must report using the standard magnetic media file specifications as
published on the HMRC website.
3 - Allowable Media Types
The following media types are accepted by HMRC for making your return:
-
CD
-
DVD
-
Floppy Disc
-
34/80 or 34/90 Cartridge
-
94/80 Cartridge
-
LTO Tape (1,2 or 3)
-
USB Sticks
-
DLT Tapes
4 - Completion of Type 3 Records For Non Individuals (S17 Only)
HMRC has previously advised all financial institutions making S17 returns that
it will be compulsory for returns submitted in June 2009 to provide at least one
type 3 record for every account. The information required to be provided for
individual account holders is self explanatory and is detailed adequately in the
Magnetic Media Specifications. Some Financial Institutions have requested
clarity on what information is required when completing type 3 records for
accounts belonging to non individuals. I attach below details of the minimum
information required for non individual account holders :-
Entries Required For a Non Individual Type 3 Record
RECORD TYPE - Value ‘3’
(REPORTABLE) PARTICIPANT NAME – Name of non individual
(REPORTABLE) PARTICIPANT TITLE – Space fill
(REPORTABLE) PARTICIPANT FORENAMES/INITIALS – Space fill
(REPORTABLE) PARTICIPANT SURNAME – Space fill
(REPORTABLE) PARTICIPANT ADDRESS – Address of non individual
(REPORTABLE) PARTICIPANT POSTCODE - Non Individual Postcode
BIRTH DATE – Space Fill
R85 GROSS REGISTRATION INDICATOR – Enter ‘N’
R85 ADDRESS SIGNAL – Enter ‘N’
TAX IDENTIFICATION NUMBER – Space Fill
COUNTRY CODE OF BIRTH – Space Fill
PLACE OF BIRTH – Space Fill
SI 3297/03 INDICATOR – Enter ‘N’
PARTICIPANT NAMING CONVENTION – Enter ‘07’
COUNTRY CODE - set to ‘ZZ’.
Un pour Un
Permettre à tous d'accéder à la lecture
Pour chaque accès à la bibliothèque, YouScribe donne un accès à une personne dans le besoin