Technical Manual Part 1 - Version 8.0
Technical Manual Part 1 - Version 8.0 |
|
Release date: Monday 1 March 2010
2.1 Minimum standard of electronic equipment
2.2.3 Information systems acquisition, development and maintenance
3.3 Physical and environmental security
4.1 Creation of administrator accounts for a subscriber
4.4 Token renewal and protection
4.5 Personal identity numbers (PIN)
4.6 Access to administrator services
4.7 Services available to the administrator
5 Role based access control (RBAC)
5.1 Roles and associated privileges for conveyancers under the NAA
6.2 Current roles for citizens
7.1 Description of security measures
8 Availability of the Land Registry system
9 Storage of unregistered e-documents
12 Annex A – Authentication security
The Technical Manual forms part of the full Network Access Agreement (NAA). This is Part 1 of the Technical Manual. It describes the technical and security aspects of, and the requirements for, participating in e-business network services. Part 2 of the Technical Manual, which is published separately, describes how to use the network.
It is necessary to put these technical details in separate documents from the NAA since, by their nature technical and security aspects and requirements will change from time to time. New ways of using the network will also develop. Electronic systems, information technology and security measures will evolve, become obsolete and require updating. Land Registry will need to make changes to constantly protect the security of the network. We will also wish to improve the system and provide new e-services. This manual will be updated when necessary to reflect such changes.
Land Registry may change the provisions of the Technical Manual at any time. Any changes will be made in accordance with the Land Registry Code of Practice for changes to the Network Access Agreement and Technical Manual. Only subscribers who have entered into a NAA may rely on this manual and only in connection with their participation under such agreement.
The e-conveyancing services provided by Land Registry require a connection to the internet.
A broadband connection is recommended.
Customers who have registered for network and/or information services will be able to gain access to network and information services directly through Land Registry portal by selecting the business e-services tab on our website.
Alternatively, those customers who are using a case management system may be able to gain access through an XML interface (Business Gateway) that links their case management system to the services.
Please note it is still possible to utilise the Land Registry portal if you have elected to use the Land Registry Business Gateway.
You should check with your case management system (CMS) provider if and when this service is available through your CMS. If your CMS provider does offer this service and you wish to use it, your responsible person must then apply through Land Registry Customer Support for the necessary technical connections to be made. Customer Support will provide more information and can be contacted as follows:
For Land Registry portal users, the e-conveyancing services are delivered through an internet browser.
The following browsers are officially supported:
Windows:
Apple Mac:
The supported versions of these browsers may be updated from time to time, and will be listed in the Land Registry Internet Browser Support Policy on our website http://www.landregistry.gov.uk/
Click on the “Terms and conditions” link at the bottom of any page on the website, then click on the document you wish to view.
For the specifications of personal computing (PC) devices that run the browser on a particular operating system, the user should refer to their PC supplier.
The browser used to access the e-conveyancing services must be configured to accept cookies from Land Registry systems.
For administrators who use a One Time Password (OTP) security token there are no additional system requirements.
For administrators who use a USB security token, in addition to the above browser requirements, the Sun Java Runtime Environment (JRE) 1.6_10 and a USB 1.1 port is required, on a PC running a Windows 2000 based operating system (including Windows 2000, 2003, XP and Vista variants). If a proxy server is used in your environment and the proxy settings are manually defined in Internet Explorer then the “proxycfg-u” command should be run. For more information on system requirements for administrators using a USB security token see subsection 4.2.
Land Registry Business Gateway uses a certificate-based mutual SSL connection. Please contact your CMS provider to find out if and when this service will be available to you. Once you have established that the service is available through your CMS, your responsible person must contact Customer Support to request that the necessary connections are made. See section 2.1 above.
Messages and documents sent through the network must use a mechanism such as Secure Socket Layer (SSL) or Transport Layer Security (TLS) to secure the communication channel.
All users of the network must maintain up-to-date system patches, security updates, anti-virus software and other countermeasures to protect their systems.
This subsection deals with development and deployment of new systems by you, the subscriber, that may interact with Land Registry systems.
Any software that could interact with Land Registry systems should be thoroughly tested and you must have your own testing procedures and policies in place and apply them rigorously.
Some free/beta programs can contain bugs or viruses, which could pose a threat to Land Registry systems. Applications and operating system software should only be implemented in operational systems after extensive and successful testing.
Testing should be done in a secure environment with non-sensitive data. Access to system files and program source code should be controlled.
This section deals with security within your workplace. For information about Land Registry security see section 7 Land Registry security, which contains requirements relating to passwords and PINs, and section 4 Administrator duties, which contains details of the additional security requirements applicable to administrators.
Annex A – Authentication security also gives some background information about additional security adopted by Land Registry to protect the network.
Due to the wide range of system configurations connected to the network, Land Registry cannot be prescriptive about procedures and standards that would minimise the possibility of unauthorised access, fraud and forgery.
Although there are general guidelines for keeping business IT secure here, more detailed guidance can be obtained from:
You should have an information security policy document, approved by your senior management and reviewed at least annually. It should be published and all your staff made fully aware of it. It should include policies and procedures on the following matters.
Ensure that your workplace is secure to prevent unauthorised access.
In each case, training should include an overview of the reasons why information security is important, including coverage of the threats and risks, eg viruses, hackers, fraudsters and protection of information assets.
In your application for a NAA, you will be asked to nominate a responsible person in your organisation. Land Registry will create the account for the responsible person and will provide them with a user ID and temporary password.
Land Registry has created the role of responsible person in relation to the NAA to assist conveyancers with the proper supervision of their practices, as required by their regulators and by statute (the Solicitors’ Code of Conduct, the Licensed Conveyancers’ Conduct Rules, section 22 of the Solicitors Act 1974, and section 11 of the Administration of Justice Act 1985 as appropriate, and in due course, the Legal Services Act 2007, Part 3, section 91 and Schedule 2 Part 5).
The subscriber should establish a procedure for authorising the administrator to perform the tasks that the administrator is able to do, such as setting up user accounts and updating user accounts. That may mean that such instructions or authority should come only from the responsible person. Alternatively, if someone other than the responsible person supervises the administrator, the responsible person should be aware of the procedures and policies that are in place.
The responsible person will have access to an online Land Registry report, which will list actions taken by the administrator therefore the responsible person should not normally be the same person as the administrator. It is expected that the responsible person will be a solicitor or licensed conveyancer (whereas the administrator may not be legally qualified, but may instead be an IT officer). Land Registry recognises that each organisation will have its own arrangements for supervision as appropriate.
To facilitate supervision of the use of the network, and to reduce the risk of fraud or misuse, Land Registry will record details in the report each time the administrator does any of the following:
This report will allow the responsible person to check that the administrator is acting under proper instructions, given by means of established procedures, in accordance with the subscriber’s policy.
The report of each day’s actions by the administrator will be available for up to one calendar month. After one calendar month that day’s activities will drop off the report. The responsible person should therefore view the report regularly, and will be able to download or print it as required. Only a person given the responsible person role will be able to view these reports, see section 5 Role based access control.
In addition, the responsible person will be responsible for:
We advise you to check the Technical Manual online from time to time for any updates on the responsibilities of the administrator and the role of the responsible person.
It is the subscriber’s responsibility to ensure that employees, contractors and third-party users understand their responsibilities and are suitable for the roles allocated to them. This will reduce the risk of misuse of facilities. You should further ensure that they are aware of information security threats and concerns, their responsibilities and liabilities. See section 5 Role based access control (RBAC) to help you decide what level of access each user in your organisation should be given.
Compliance with procedures should be enforced with auditing, which could involve checking computer logs. Management procedures and responsibilities for these processes should be established.
Ensure only authorised staff have access to Land Registry services.
Access control rules should be supported by formal procedures and clearly defined responsibilities. See section 5 Role based access control (RBAC). This should cover access to:
It should also include a formal process for adding and removing access rights for staff. If mobile working or working from home is being used, security processes will need to be in place to ensure secure access.
When employees, contractors and third-party users leave an organisation, or change employment, the subscriber must instruct the administrator to terminate their access to the network. This must be done immediately.
Security incidents should be recorded, such as uncontrolled system changes, human errors, non-compliance with policies or guidelines, loss of service, or facilities and system malfunctions or overloads.
Any access violations, loss of equipment, breaches of physical security or theft, that could affect Land Registry, should be reported to Land Registry. This should be done as quickly as possible through the administrator or the responsible person.
If the administrator or the responsible person thinks that the violation could affect the Land Registry network adversely, they should contact Land Registry Customer Support by one of the following methods:
Staff should be made aware of the procedures for reporting the different types of incident that might have an impact on security.
The role of an administrator is to administer system access for the individual users existing within each subscriber. Administrators will also be provided with permissions that enable them to manage the account of the subscriber. The subscriber must therefore provide the administrator with the appropriate instructions and authority to carry out this role.
When applying for network access, subscribers must supply details of at least one individual who is capable of carrying out the duties associated with the administrator role. Land Registry will create the account for the administrator and will provide them with a user ID, temporary password and a security token. If the security token is a USB device then a temporary PIN will also be issued. A security token is required to authenticate at a higher level to access the Land Registry system, details of this process can be found in subsections 4.2 to 4.4 below. The administrator will also be expected to undertake an online training package before commencing their duties.
It is the responsibility of the subscriber to plan its own business contingencies to cover the situation where its administrator is unavailable. It is therefore important that each subscriber appoints a sufficient number of administrators. On application each subscriber will need to appoint a primary administrator who will act as the main point of contact for Land Registry queries. If only one administrator is requested they will be appointed as the primary administrator by default.
ActivIdentity ActivKey USB tokens are designed to securely store an individual’s digital identity. They are durable against normal wear and tear, with a typical lifespan of approximately 10 years.
These portable tokens plug into a computer’s USB port either directly or using a USB extension cable. When administrators attempt to log on to the Land Registry network via the portal, they will be prompted to enter their unique PIN. If the entered PIN matches the PIN within the USB token, the appropriate digital credentials are passed to the network and access is granted.
The token is therefore a vital part of the security of the network, since it permits the administrator to perform the actions allocated to administrators under role based access control, see section 5.
For further security
The minimum system requirement for using a token is a PC running a Windows 2000 based operating system (including Windows 2000, 2003, XP and Vista variants) and running Internet Explorer 6.0. In addition, the Sun Java Runtime Environment (JRE) 1.6_10 and a USB 1.1 port are required.
There is also software that needs to be installed (or enabled) by the administrator with administrative rights to the system, to allow the token management system to operate. The Actividentity Card Management System provides a token management interface for administrators to initialise, allocate and maintain tokens. This software is provided by Land Registry once an organisation has obtained a NAA. This software should only be installed using the default settings and no changes should be made to the install script. The install script contains the following components.
The necessary downloads will be provided by Land Registry.
The Entrust IdentityGuard Mini Token is a high-quality, OTP device designed to help provide strong, versatile authentication to enterprises, governments and consumers. The token is durable against normal wear and tear with an expected battery life between 6 and 8 years.
When administrators attempt to log on to the Land Registry network via the portal, they will be prompted to enter a OTP generated by the token. If the entered password is correct they are granted access to the system.
No additional software needs to be installed to support the use of OTP tokens.
Administrators will receive their tokens as part of the process when their organisation signs up for the Land Registry service. Additional tokens for deputy administrators can be requested from Land Registry as required.
Tokens have sensitive information stored on them. They are valuable assets that should be stored securely. They should be treated similarly to bankcards. Administrators:
PINs are used to secure the use of the USB tokens. When a token is issued to an administrator, a temporary PIN will also be issued by separate enclosure. The administrator will be prompted to change the PIN to one of their choosing on first use of the token.
To ensure that the PIN is sufficiently secure the following rules apply to the choice of PIN by an Administrator. The PIN must:
If the administrator forgets the PIN then they will need to reset it. This can be achieved through a self-service process. The administrator will be asked to answer two of their three shared secret questions and, if they answer correctly, they will be allowed to re-access the system and choose a new PIN. However, if they answer either of the two questions incorrectly five times they will be locked out of the system and their account itself will need to be reset by a Land Registry administrator, contacted through Customer Support.
In order to access the services that the administrator requires, he or she will need to follow authentication processes when they log in to the Land Registry system. First time access to administrator services will be granted as follows.
Subsequent access to administrator services will be granted as follows:
Subsequent access to administrator services will be granted as follows.
When the administrator accesses the system, the available services will be displayed on a menu. Details of how the administrator will use these services are contained in part 2 of the Technical Manual. However, the available services are listed in subsections 4.7.1 and 4.7.2 below.
The administrator will be responsible for managing the subscriber account. All administration will be conducted via the portal (it cannot be done through Land Registry Business Gateway). The following services are available to the administrator for the management of subscriber accounts:
The following services allow the administrator to manage the accounts of individual users:
The procedure for making changes to administrator accounts is the same whether an account is being added, deleted or updated. All changes must be requested by the responsible person within the subscriber organisation. The request must be made on headed paper, signed by the responsible person and sent to Customer Support. On receipt, Land Registry will check the provenance of the request and, if satisfied, will make the necessary change.
Role based access control (RBAC) provides an efficient mechanism for allowing the subscriber and Land Registry to provide each user with access to a set of services appropriate to their job function. The administrators and the responsible person roles will be set up and managed by Land Registry. In the case of other users, it will be the responsibility of the subscriber to allocate one of a number of predefined roles to each user and to instruct the administrator accordingly, so that they can create an appropriate account for that user. The allocated role will dictate the services that the user has permission to access when they log on and can only be changed by an administrator.
The roles created are provided for the benefit of subscribers to assist them in fulfilling their obligations under their regulatory Codes of Conduct, section 22 of the Solicitors Act 1974 and section 9(4), 11(4), 32(5) Administration of Justice Act 1985 (and in due course, Part 3 and Schedule 2 part 5 of the Legal Services Act 2007).
They are designed to assist subscribers in ensuring that their users are given access to the Land Registry network at a level commensurate with their ability, experience and qualifications, and so that their work can be properly supervised by a qualified conveyancer if necessary.
The following section is a list of the current roles that a subscriber can allocate to its users, that is to say, all members of staff within the firm who require access to the network. As the services made available via the Land Registry portal increase, so too will the number of roles available.
The roles and associated privileges for conveyancers under the NAA are currently are listed below.
C4 – Conveyancer who can create and lodge electronic documents, and have general access, as in Z1 below. This role therefore allows the use of both Information Services and Network Services.
BUA – Administrator who can create and update users (see sections 4.4 and 4.5 above).
Z1 – Information Services only (preliminary services such as register view, official copies, official searches, land charges services).
RP – Responsible person who will have access to reports documenting the activities of administrators (see section 3.4 above).
F1 – Financial administrator who will have access to online VDD account reports for all or designated VDD accounts used to pay fees for e-services.
Once the user has been allocated a role and has logged on, the services available to that role will appear on, or be accessible from, their home page. For a detailed list of functions available with each service please see the Portal Guidance Notes on our website.
The number of roles will expand as new services are introduced.
For information, other roles available, for which a NAA is not required, are as follows.
Z1 – Information Services (preliminary services such as register view, official copies, official searches, land charges services, non e-conveyancing services). This service is subject to Conditions of Use.
However, you are reminded that if you have a NAA, all users with Z1 general access will be using the network under the terms of the NAA, not under the Conditions of Use.
L1 – For lenders with a Memorandum of Understanding to discharge charges using e-DS1s.
L2 – For lenders with an agreement with Land Registry to discharge charges by means of EDs.
L3 – For lenders discharging charges by means of both e-DS1s and EDs.
The citizen will have their account created for them by a conveyancer within the subscriber who has been allocated a role that is capable of doing so (C4 role).
Following creation of the citizen’s account, the citizen will be sent a user ID and temporary password to enable them to logon and access the system.
When a conveyancer creates an account for a citizen, the citizen is given the role:
CZ1 – Citizen with Signature NAA, which enables them to view and sign e-documents (currently restricted to the Electronic Charge in Standard Form e-CSF).
In addition to a user ID and temporary password, to provide stronger security when signing an e-document the user will be provided with a second form of physical authentication. This will be done by way of an authentication grid, which will be sent to them through the post.
The citizen can access the system and view their document from any PC with an internet connection. The authentication grid can then be used by the citizen to electronically sign their document.
The authentication grid provides each citizen with a unique assortment of characters printed in a grid format. When authentication is required (eg at the point of signing an e-document) the system will prompt the citizen for information from the grid to demonstrate that they are in possession of their personal authentication grid, as shown in the following example.
Example grid
|
|
A |
B |
C |
D |
E |
F |
G |
H |
I |
|
1 |
T |
M |
E |
T |
6 |
4 |
7 |
M |
1 |
|
2 |
I |
1 |
N |
X |
E |
8 |
3 |
C |
D |
|
3 |
4 |
3 |
E |
V |
K |
7 |
J |
8 |
K |
|
4 |
V |
H |
6 |
H |
R |
X |
V |
C |
Y |
|
5 |
T |
0 |
R |
Q |
X |
R |
5 |
5 |
Y |
|
6 |
C |
8 |
8 |
M |
3 |
D |
7 |
E |
1 |
|
7 |
Y |
M |
C |
2 |
K |
2 |
2 |
X |
N |
|
8 |
M |
J |
H |
T |
H |
5 |
N |
T |
G |
|
9 |
R |
M |
Z |
E |
Y |
K |
K |
3 |
1 |
Instructions:
To apply your e-signature, you will need to supply the letter or number that appears in the selected squares from the grid. If you were asked for the corresponding letter or number for squares A2, C4 and D1, you would enter the letter or number in the text box as shown below:
A2 |
|
|
C4 |
|
|
D1 |
|
If the user enters the information correctly this activates their private key stored on the central server, allowing them to apply their e-signature.
Once an authentication grid has been issued to an individual, it should be treated similarly to a bankcard. The user should:
The citizen will be locked out of the system after a pre-set number of unsuccessful attempts are made in responding to the information prompt.
The use of the digital signature process is described further in Annex A.
Once the document has been signed by the citizen, and made effective by registration at Land Registry, the citizen signing account is no longer required. The system will then automatically delete the citizen account.
The citizen account will also be automatically deleted if the document to be signed has not been made effective by registration within six months of being created.
Land Registry security is based upon user certificates and provides appropriate user authentication and role based access control. For more information, please see:
The method of user authentication required for system access is based on the level of access required. Land Registry uses a variety of mechanisms to secure its systems.
As the administrator creates an account for each new user, the system will generate a user ID. In addition to a user ID, a password must be created. Initial login will be achieved using a temporary password that is issued by the system. The user will then be asked to create a new password of their own choosing within permitted rules on the first occasion that they have successfully logged in.
This single sign-on will allow access to all services for which the user has the associated permissions. In addition to this, those with the role of administrator will be set up with an additional account for their administrator role to ensure separation of duties. Therefore, if a user within a firm is also an administrator they will possess two separate user IDs and passwords.
The password should represent an effective balance between strength of security and usability. All passwords must:
It may also help to remember more complex passwords if users use a password based on a mnemonic pass phrase, eg ‘I like to walk my dog 12 times each day’. By taking the first letter of each word, they would create the password ‘ILTWMD12TED’
The general password rules are as follows.
Shared secrets are commonly used by businesses for providing access to confidential information. A shared secret is something known only to the user and the system that they are interacting with. In the case of Land Registry portal, following the first successful log in by a user, they will be given a choice of five questions pre-determined by Land Registry, and will be asked to provide answers that are memorable to them for three of the five questions. Once these answers have been stored, the questions will be used by the system if the user is required to verify their identity.
If a user has forgotten their password, or has been locked out of the system because they have entered it incorrectly five times consecutively, there will be a self-service menu option available, allowing the user to verify their identity and reset their password. This makes use of their pre-set shared secrets as referred to in subsection 7.1.3.
The user will be asked to answer two of their three shared secret questions and if they answer correctly they will be allowed to re-access the system and choose a new password. However, if they answer either of the two questions incorrectly five times they will be locked out of the system and their account itself will need to be reset by an administrator, or in the case of an administrator it will need to be reset by Land Registry.
The network will normally operate in accordance with the following daily timetable.
|
Service |
Hours of operation |
Notes |
|
E-documents prepare, print and submit. |
06.30 – 22.00 Monday to Friday 07.00 – 17.00 Saturday |
Excluding national holidays |
|
E-documents day list capture and registration processing. |
06.00 – 22.00 Monday to Friday |
Excluding national holidays |
|
Information Services. |
06.30 – 22.00 Monday to Friday 07.00 – 17.00 Saturday. |
Excluding national holidays |
|
Land Charges. |
06.30 – 22.00 Monday to Friday 07.00 – 17.00 Saturday. |
Excluding national holidays |
|
Business Gateway |
Hours as for the various services listed above. |
See below* |
|
|
||
|
Non-technical support. |
08.00 – 18.00 Monday to Friday |
Excluding national holidays. The telephone number for non-technical support is 0844 892 1111. |
|
Technical support. |
07.00 – 22.00 Monday to Friday |
Excluding national holidays. The telephone number for technical support is 0844 892 1111. |
|
*If your Case Management System (CMS) submits an application through Business Gateway during Land Registry business hours you should receive an immediate result. If the application is received out of Land Registry business hours, you should receive an acknowledgment, with a time when a result should be available. Your CMS provider should give you guidance on how to operate network services through Business Gateway. |
||
By granting the right of access to the network, Land Registry does not warrant that the network will always be accessible to subscribers during the hours of operation as published.
Access to the network could be interrupted through circumstances beyond the control of Land Registry. If the network is not available during the published hours of operation, and the matter is too urgent to wait until the network is available (as to which, see Annex B – Operational service continuity), you should use other available means to continue your conveyancing. See section 10 Business continuity.
There may be some circumstances when Land Registry needs to alter the daily timetable, or suspend a particular system function or security, without any prior notice where, the circumstances justify doing so. Such changes may only have effect for short periods of time or, in some circumstances, may apply for longer periods.
It is not possible to predict all the possible circumstances that might arise but they could include:
Land Registry will notify subscribers of changes to the daily timetable by means of an electronic message or other appropriate methods of publicity at the earliest practical opportunity.
If electronic documents are created in the e-conveyancing network and committed for registration, but for some reason they cannot be registered, Land Registry will electronically store them.
It will be the responsibility of the subscriber to provide business continuity in respect of their own systems. Land Registry will reissue tokens as quickly as possible for any subscriber that has suffered a critical business failure for reasons such as theft, flood or fire. You will need to tell us which tokens have been lost so we can cancel them, otherwise we will cancel everything that has been assigned to you.
If you cannot gain access to the network and you think it is a problem with the network rather than a problem with your own hardware or software, first telephone:
Use this to check whether there is already a message with information about the nature of the problem and when it is likely to be fixed. This message will be updated regularly (and will state when it was last updated). If there is no message, contact:
Use this service to explain the problem. If it appears that the problem lies with Land Registry, the information will be passed on to our IT services desk. They will ascertain what the problem is and how long it is likely to take to fix. A message will be put on the Land Registry status line providing as much information as possible.
If the network is not available, the following procedures should be followed.
Administrator
The person appointed by the subscriber as the administrator under the Network Access Agreement.
Authentication grid
A type of security measure used in applying digital signatures, as explained in section 6.
Certificate
An electronic file that is issued to a user and also published in a repository available to persons who need to rely on the certificate. It is the link between a person’s real-world identity and their digital identity.
Certificate Authority (CA)
A body that is responsible for the issue and management of certificates.
Conveyancer
As defined in rule 217 Land Registration Rules 2003 (as amended).
Cryptography
The science of protecting information from unauthorised access through the use of numeric keys and special mathematical functions.
Portal
Single web interface. A website that is a gateway to lots of different types of information and services.
Role
A grouping of ‘permissions’ to use particular functionality that may be allocated to an individual.
Role based access control (RBAC)
A mechanism for allowing each user access to a set of services appropriate to their job function. The role allocated to each user will dictate the services that the user has permission to access when they log on.
Subscriber
An organisation that has applied for and been granted a Network Access Agreement.
User
As defined in the Network Access Agreement.
This annex is intended to give users a description of some aspects of the security used in the Land Registry network.
Public key infrastructure (PKI) is used for two main purposes.
1. Identity authentication – for assurance of identity when an administrator logs on to register new users and modify their permissions.
2. Digital signatures – to enable any party within a conveyancing transaction to electronically sign e-documents. Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys – a public key and a private key. The private key is kept secret, while the public key may be distributed to those who need to check the identity of an administrator. The keys are related mathematically, but the private key cannot be practically derived from the public key: a message encrypted with the private key can be decrypted only with the corresponding public key (and vice versa).
When implemented as part of a public key infrastructure (PKI), the key pairs are linked to real world entities in a publicly available certificate: a person has a private key that can be used for identity in the electronic world and the certificate can verify the link between the individual and the key pair.
As a Certificate Authority (CA), Land Registry will issue certificates based on information supplied to them by the subscriber.
The certificate is the link between a person’s real-world identity and their digital identity. It will contain the individual’s name (as the rightful holder of a private key) and the public key associated with that private key.
For more information about identity authentication and electronic signing please see Land Registry’s Certification Practice Statement on our website.
It is critical that Land Registry audit processes are unambiguous, easily interpreted and tamperproof. It is a direct requirement for all public bodies to conform to the provisions of BSI’s BIP 0008 – Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically (2nd edition). The code provides comprehensive guidance on the requirements for record keeping and record protection.
All business and IT operations will be monitored and logged securely. Therefore:
Land Registry has adopted the ITIL1 model to facilitate best practice in Service Management. Day to day operational management of the underpinning IT infrastructure is supported by 24/7 data centre operations and a service desk acting as a central point of contact for all IT related customer calls. This is staffed from 07.00 – 22.00 Monday to Friday and is supported by trained second and third level technical engineers, providing guaranteed support between 08.00 – 16.30 Monday to Friday, supplemented by 24/7 out-of-hours on call support at all other times.
The central and extranet infrastructures by design have considerable resilience and spare capacity (redundancy) built in, which use the latest Geographically Dispersed Parallel Sysplex technologies, so that the organisation’s continuous service capability is assured even in the event of the loss or unavailability of one of these data centres.
We operate strict controls around how changes to this infrastructure are managed, risk assessed and acceptance tested prior to deployment.
The integrity and availability of corporate data is paramount. Three copies of this data are continuously mirrored. Additionally a fourth copy (a snapshot) is made once a day. We also have full backups of our systems on tape and retain logs of all changes that occur during the day.
We are both well prepared and vigilant with regard to our arrangements to deal with the impact of a major incident or disaster on the business.
Automated monitoring takes the place of business-critical business services and a process to manage major service incidents is deployed. This integrates with our business continuity procedures.
In the event of a disaster, our recovery time will always vary depending upon the nature of the incident. Our objective is to make business critical internal services available within two hours of the business decision to invoke the disaster recovery plan, with all services available within five hours. Routine testing of our plans is undertaken and we proactively seek to improve upon our recovery time objectives where possible.
A culture of continual service improvement is prevalent and there will always be a number of service improvement initiatives ongoing.
For alternative formats please contact Customer Support on
0844 892 1111
Issued by Land Registry Corporate Marketing Services March 2010
© Crown copyright 2010 Land Registry
1 A set of best practice guidance for IT service management. ITIL is owned by the OGC and consists of a series of publications giving guidance on the provision of quality IT Services, and on the processes and facilities needed to support them.