Back to the top

Technical Manual Part 1 - Version 10.0

Release date: Thursday 1 September 2011

1 Introduction

The Technical Manual forms part of the full Network Access Agreement (NAA). This is Part 1 of the Technical Manual. It describes the technical and security aspects of, and the requirements for, participating in e-business network services. Part 2 of the Technical Manual, which is published separately, describes how to use the network.

It is necessary to put these technical details in separate documents from the NAA since, by their nature, technical and security aspects and requirements will change from time to time. New ways of using the network will also develop. Electronic systems, information technology and security measures will evolve, become obsolete and require updating. Land Registry will need to make changes to constantly protect the security of the network. We will also wish to improve the system and provide new e-services. This manual will be updated when necessary to reflect such changes.

Land Registry may change the provisions of the Technical Manual at any time. Any changes will be made in accordance with the Land Registry Code of Practice for changes to the Network Access Agreement and Technical Manual. Only subscribers who have entered into a NAA may rely on this manual and only in connection with their participation under such agreement.

2 System requirements

2.1 Minimum standard of electronic equipment

The e-conveyancing services provided by Land Registry require a connection to the internet.

A broadband connection is recommended.

Customers who have registered for network and/or information services will be able to gain access to network and information services directly through Land Registry portal by selecting the business e-services tab on our website.

Alternatively, those customers who are using a case management system may be able to gain access through an XML interface (Business Gateway) that links their case management system to the services.

Please note it is still possible to utilise the Land Registry portal if you have elected to use Business Gateway.

You should check with your case management system (CMS) provider if and when this service is available through your CMS. If your CMS provider does offer this service and you wish to use it, your responsible person (RP) must then apply through Land Registry Customer Support for the necessary technical connections to be made. Customer Support will provide more information and can be contacted as follows:

email: customersupport@landregistry.gsi.gov.uk
phone: 0844 892 1111.

2.1.1 Land Registry portal

For Land Registry portal users, the e-conveyancing services are delivered through an internet browser.

The following browsers are officially supported:

Windows:

Internet Explorer
Mozilla Firefox

Apple Mac:

Apple Safari

The supported versions of these browsers may be updated from time to time, and will be listed in the Land Registry Internet Browser Support Policy on our website www.landregistry.gov.uk

Click on the 'Terms and conditions' link at the bottom of any page on the website, then click on the document you wish to view.

For the specifications of personal computing (PC) devices that run the browser on a particular operating system, the user should refer to their PC supplier.

The browser used to access the e-conveyancing services must be configured to accept cookies from Land Registry systems.

For administrators' security tokens there are no additional system requirements.

2.1.2 Business Gateway

Land Registry Business Gateway uses a certificate-based mutual SSL connection. Please contact your CMS provider to find out if and when this service will be available to you. Once you have established that the service is available through your CMS, your RP must contact Customer Support to request that the necessary connections are made. See section 2.1 above.

2.2 System security

2.2.1 Network

Messages and documents sent through the network must use a mechanism such as Secure Socket Layer (SSL) or Transport Layer Security (TLS) to secure the communication channel.

2.2.2 System/internet

All users of the network must maintain up-to-date system patches, security updates, anti-virus software and other countermeasures to protect their systems.

2.2.3 Information systems acquisition, development and maintenance

This subsection deals with development and deployment of new systems by you, the subscriber, that may interact with Land Registry systems.

Any software that could interact with Land Registry systems should be thoroughly tested and you must have your own testing procedures and policies in place and apply them rigorously.

Some free/beta programs can contain bugs or viruses, which could pose a threat to Land Registry systems. Applications and operating system software should only be implemented in operational systems after extensive and successful testing.

Testing should be done in a secure environment with non-sensitive data. Access to system files and program source code should be controlled.

3 Subscriber security

3.1 General guidance

This section deals with security within your workplace. For information about Land Registry security see section 7 Land Registry security, which contains requirements relating to passwords, and section 4 Administrator duties, which contains details of the additional security requirements applicable to administrators.

Annex A – Authentication security also gives some background information about additional security adopted by Land Registry to protect the network.

Due to the wide range of system configurations connected to the network, Land Registry cannot be prescriptive about procedures and standards that would minimise the possibility of unauthorised access, fraud and forgery.

Although there are general guidelines for keeping business IT secure here, more detailed guidance can be obtained from:

the UK government sponsored Get Safe Online website
commercial providers of security expertise
the BS ISO/IEC 27001:2005 Security techniques: Information security management systems and the complementary standard BS ISO/IEC 27002:2005 (BS 7799-1:2005) Information Technology Code of Practice for Information Security Management can be obtained through the British Standards Institute - http://shop.bsigroup.com/en/Browse-By-Subject/ICT/Information-security-standards-and-publications/
the Law Society has issued a practice note: Information security guidelines for solicitors - www.lawsociety.org.uk/productsandservices/practicenotes/infosecurity/1246.article

3.2 Security policy

You should have an information security policy document, approved by your senior management and reviewed at least annually. It should be published and all your staff made fully aware of it. It should include policies and procedures on the following matters.

3.3 Physical and environmental security

Ensure that your workplace is secure to prevent unauthorised access.

Physical security to protect IT assets must be appropriate to the risk and access to sensitive areas (eg servers) should be restricted.
Staff should be clear about their organisation's security policies and Land Registry practices for system access.
Users should lock their computer when leaving it unattended and must never share passwords, tokens and other security measures.
Security tokens must be kept in a secure place both before they have been issued and when active but not in use.

In each case, training should include an overview of the reasons why information security is important, including coverage of the threats and risks, eg viruses, hackers, fraudsters and protection of information assets.

3.4 Responsible person

In your application for a NAA, you will be asked to nominate a responsible person (RP) in your organisation. You may also nominate deputy responsible persons (DRP), as many as you need for your organisation. The DRP can cover for the RP when they are not available. They can also be responsible for a particular part of, or group within, your organisation according to your needs. Land Registry will create the account for the RP and for the DRP and will provide them with a user ID and temporary password.

Land Registry has created the role of RP and DRP in relation to the NAA to assist conveyancers with the proper supervision of their practices, as required by their regulators, by statute (the Legal Services Act 2007, Part 3, and in due course Part 5), and by the NAA.

The RP and DRP will have access to an online Land Registry report, which will list actions taken by the administrator. They should not, therefore, normally be the same person as the administrator. It is expected that the RP and DRP will be a solicitor, licensed conveyancer or manager (whereas the administrator may not be legally qualified, but may instead be an IT officer). Land Registry recognises that each organisation will have its own arrangements for supervision as appropriate.

The subscriber should establish a procedure for authorising the administrator to perform the tasks that the administrator is permitted to do, such as setting up user accounts and updating user accounts. That may mean that such instructions or authority should come only from the RP or DRP. Alternatively, if someone other than the RP or DRP supervises the administrator, they should be aware of the procedures and policies that are in place.

To facilitate supervision of the use of the network, and to reduce the risk of fraud or misuse, Land Registry will record details in the report each time the administrator:

creates a user account
suspends a user account
restores ('unsuspends') a user account
deletes a user account
updates the business role associated with a user account
resets a user account.

This report will allow the RP and DRP to check that the administrator is acting under proper instructions, and giving network access only to authorised persons, at the appropriate level.

The report of each day's actions by the administrator will be available for up to one calendar month. After one calendar month that day's activities will drop off the report. The RP or DRP should therefore view the report regularly, and will be able to download or print it as required. Only a RP or DRP will be able to view these reports, see section 5 Role based access control (RBAC).

If your organisation has more than one administrator, only the responsible person can allocate or re-allocate particular administrators to specified DRP. This will assist larger organisations that operate with distinct groups, where one person cannot reasonably be responsible for the administrators of all the groups.

The RP and DRP can set the desired parameters for viewing the reports, for instance by date or by administrator. They will also be able to see details of actions taken by the RP and DRP, and search and check all user accounts associated with their Land Registry business e-services account.

In addition, the RP and DRP will be responsible for:

requesting changes to administrator accounts. See section 4.7 Subsequent changes to administrator accounts
requesting the necessary technical connections to be made so that your organisation can use network services by means of Business Gateway if required. See section 2.1.2 Business Gateway

The RP and DRP will also be able to:

view variable direct debit (VDD) statement information
view services requested today
view messages within the message area.

We advise you to check the Technical Manual online from time to time for any updates on the responsibilities of the administrator and the role of the RP and DRP.

3.5 Human resources security

It is the subscriber's responsibility to ensure that employees, contractors and third-party users understand their responsibilities and are suitable for the roles allocated to them. This will reduce the risk of misuse of facilities. You should further ensure that they are aware of information security threats and concerns, their responsibilities and liabilities. See section 5 Role based access control (RBAC) to help you decide what level of access each user in your organisation should be given.

3.6 Communications and operations management

Compliance with procedures should be enforced with auditing, which could involve checking computer logs. Management procedures and responsibilities for these processes should be established.

3.7 Access control

Ensure only authorised staff have access to Land Registry services.

Access control rules should be supported by formal procedures and clearly defined responsibilities. See section 5 Role based access control (RBAC). This should cover access to:

information services
operating systems
network services.

It should also include a formal process for adding and removing access rights for staff. If mobile working or working from home is being used, security processes will need to be in place to ensure secure access.

When employees, contractors and third-party users leave an organisation, or change employment, the subscriber must instruct the administrator to terminate their access to the network. This must be done immediately.

3.8 Information security incident management

Security incidents should be recorded, such as uncontrolled system changes, human errors, non-compliance with policies or guidelines, loss of service, or facilities and system malfunctions or overloads.

Any access violations, loss of equipment, breaches of physical security or theft that could affect Land Registry should be reported to Land Registry. This should be done as quickly as possible through the administrator, the responsible person or a deputy responsible person.

If the administrator or the responsible person/deputy responsible person thinks that the violation could affect the Land Registry network adversely, they should contact Land Registry Customer Support by:

email: customersupport@landregistry.gsi.gov.uk
phone: 0844 892 1111.

Staff should be made aware of the procedures for reporting the different types of incident that might have an impact on security.

4 Administrator duties

4.1 Creation of administrator accounts for a subscriber

The role of an administrator is to administer system access for the individual users existing within each subscriber. Administrators will also be provided with permissions that enable them to manage the account of the subscriber. The subscriber must therefore provide the administrator with the appropriate instructions and authority to carry out this role.

When applying for network access, subscribers must supply details of at least one individual who is capable of carrying out the duties associated with the administrator role. Land Registry will create the account for the administrator and will provide them with a user ID, temporary password and a security token. A security token is required to authenticate at a higher level to access the Land Registry system, details of this process can be found in subsections 4.2 to 4.5 below. The administrator will also be expected to undertake an online training package before commencing their duties.

It is the responsibility of the subscriber to plan its own business contingencies to cover the situation where its administrator is unavailable. It is therefore important that each subscriber appoints a sufficient number of administrators. On application each subscriber will need to appoint a primary administrator who will act as the main point of contact for Land Registry queries. If only one administrator is requested they will be appointed as the primary administrator by default.

4.2 Security tokens

The Entrust IdentityGuard Mini Token is a high-quality, one time password (OTP) device designed to help provide strong, versatile authentication to enterprises, governments and consumers. The security token provides an additional level of security, over and above the administrator's user ID and password. A different unique PIN number is generated by the token each time the administrator presses the button (hence “one time”). For a limited period of time, that PIN number is synchronised with the PIN number for that token in Land Registry's credential database in its hardware security module.

When administrators attempt to log on to the Land Registry network via the portal, they are prompted to enter the PIN number generated by the token. If the entered PIN number is correct they are granted access to the system. The token is durable against normal wear and tear with an expected battery life between six and eight years.

No additional software needs to be installed to support the use of OTP tokens.

4.3 Token renewal and protection

Administrators will receive their security tokens as part of the process when their organisation signs up for the Land Registry service. Additional tokens for deputy administrators can be requested from Land Registry as required.

Security tokens should be considered as valuable assets and stored securely. They should be treated similarly to bankcards. Administrators:

must not share their token and must prevent others from using it
should not leave the token unattended at any time
should return the token when requested to do so by Land Registry
must notify their issuer if the token has been lost.

4.4 Access to administrator services

In order to access the services that the administrator requires, he or she will need to follow authentication processes when they log in to the Land Registry system. First time access to administrator services will be granted as follows.

4.5 Administrator authentication

1. Administrator enters their username and temporary password.

2. Administrator is prompted to change their password.

3. Administrator changes their password.

4. Administrator is required to create shared secrets for their account.

5. Administrator is prompted to enter their token number.

6. Administrator presses the button on their security token and enters their token (PIN) number displayed on the token.

7. Administrator is provided with menu of administrator services.

Subsequent access to administrator services will be granted as follows.

1. Administrator enters their username and password.

2. Administrator is prompted to enter their token number.

3. Administrator enters their token number shown on the OTP token.

4. Administrator is provided with menu of administrator services.

4.6 Services available to the administrator

When the administrator accesses the system, the available services will be displayed on a menu. Details of how the administrator will use these services are contained in part 2 of the Technical Manual. However, the available services are listed in subsections 4.6.1 and 4.6.2 below.

4.6.1 Managing subscriber account

The administrator will be responsible for managing the subscriber account. All administration will be conducted via the portal (it cannot be done through Land Registry Business Gateway). The services available to the administrator for the management of subscriber accounts include:

find subscriber account
view subscriber account
update subscriber account details
create group
update group
delete group.

4.6.2 Managing user accounts

The services that allow the administrator to manage the accounts of individual users include:

create user account
find user account
view user account
update user account
suspend user account
restore ('unsuspend') user account
delete user account
reset user account.

4.7 Subsequent changes to administrator accounts

The procedure for making changes to administrator accounts is the same whether an account is being reset, suspended, restored or deleted. All changes must be requested by the responsible person or deputy responsible persons within the subscriber organisation.

The requests can be made online when the responsible person (RP) or deputy responsible person (DRP) is logged in to the system. Alternatively, requests can be made on headed paper, signed by the RP or DRP and sent to Customer Support. On receipt, Land Registry will check the provenance of the request and, if satisfied, will make the necessary change.

Only the RP can:

request that the primary administrator is changed to another administrator
allocate or reallocate administrators to specific DRPs.

5 Role based access control (RBAC)

Role based access control (RBAC) provides an efficient mechanism for allowing the subscriber and Land Registry to provide each user with access to a set of services appropriate to their job function. The administrator, responsible person and deputy responsible person roles will be set up and managed by Land Registry. In the case of other users, it will be the responsibility of the subscriber to allocate one of a number of predefined roles to each user and to instruct the administrator accordingly, so that they can create an appropriate account for that user. The allocated role will dictate the services that the user has permission to access when they log on and can only be changed by an administrator.

The roles created are provided for the benefit of subscribers to assist them in fulfilling their obligations under their regulatory Codes of Conduct, and the Legal Services Act 2007.

They are designed to assist subscribers in ensuring that their users are given access to the Land Registry network at a level commensurate with their ability, experience and qualifications, and so that their work can be properly supervised by a qualified conveyancer if necessary.

The following section is a list of the current roles that a subscriber can allocate to its users, that is to say, all members of staff within the firm who require access to the network. As the services made available via the Land Registry portal increase, so too will the number of roles available.

5.1 Roles and associated privileges for conveyancers under the NAA

The roles and associated privileges for conveyancers under the NAA are currently are listed below.

C4 – Conveyancer who can create and lodge electronic documents, and have general access, as in Z1 below. This role therefore allows the use of both Information Services and Network Services.

BUA – Administrator who can create and update users (see section 4 above).

Z1 – Information Services only (preliminary services such as register view, official copies, official searches, land charges services).

RP – Responsible person who will have access to reports documenting the activities of any deputy responsible persons and all administrators, and access to all VDD account reports for VDD accounts used to pay for e-services. They can also allocate responsibility for the management of administrators to deputy responsible persons and change the primary administrator (see section 3.4 above).

DRP - Deputy responsible person who will have access to reports documenting the activities of the responsible person, any deputy responsible persons and all administrators; and access to all or designated VDD account reports for all VDD accounts used to pay for e-services. They can also allocate responsibility for the management of administrators to the responsible person or another deputy responsible person (see section 3.4 above).

F1 – Financial administrator who will have access to online VDD account reports for all or designated VDD accounts used to pay fees for e-services.

The roles and associated privileges for conveyancers under the NAA, who have also signed a Register Extract Agreement, are listed below.

WM1- Conveyancer who can create and lodge electronic documents, has general access, as in Z1 above; and has register data files imported into their Case Management System. This role therefore allows the use of Information Services, Network Services and Register Extract Services.

WM2 - Conveyancer who can have register data files imported into their Case Management System, and has general access, as in Z1 above. This role therefore allows the use of Information Services and Register Extract Services.

Once the user has been allocated a role and has logged on, the services available to that role will appear on, or be accessible from, their home page. For a detailed list of functions available with each service please see the Portal Guidance Notes on our website.

The number of roles will expand as new services are introduced.

For information, other roles available, for which a NAA is not required, are as follows.

Z1 – Information Services (preliminary services such as register view, official copies, official searches, land charges services, non e-conveyancing services). This service is subject to Conditions of Use.

WM2 - Conveyancer who can have register data files imported into their Case Management System, and Information Services (preliminary services such as register view, official copies, official searches, land charges services, non e-conveyancing services). This service is subject to Conditions of Use and Register Extract Agreement.

However, you are reminded that if you have a NAA, all users with Z1 general access or WM2 workflow manager and general access will be using the network under the terms of the NAA, not under the Conditions of Use.

L1 – For lenders with a Memorandum of Understanding to discharge charges using e-DS1s.

L2 – For lenders with an agreement with Land Registry to discharge charges by means of EDs.

L3 – For lenders discharging charges by means of both e-DS1s and EDs.

PSU - Find a Property services only. This service is subject to registration of an account and the Find a Property terms and conditions.

6 Citizen accounts

6.1 Access by citizens

The citizen will have their account created for them by a conveyancer within the subscriber who has been allocated a role that is capable of doing so (C4 role).

Following creation of the citizen's account, the citizen will be sent a user ID and temporary password to enable them to logon and access the system.

6.2 Current roles for citizens

When a conveyancer creates an account for a citizen, the citizen is given the role:

CZ1 – Citizen with Signature NAA, which enables them to view and sign e-documents (currently restricted to the Electronic Charge in Standard Form e-CSF).

6.3 Signing by citizens

In addition to a user ID and temporary password, to provide stronger security when signing an e-document the user will be provided with a second form of physical authentication. This will be done by way of an authentication grid, which will be sent to them through the post.

The citizen can access the system and view their document from any PC with an internet connection. The authentication grid can then be used by the citizen to electronically sign their document.

6.4 Authentication grids

The authentication grid provides each citizen with a unique assortment of characters printed in a grid format. When authentication is required (eg at the point of signing an e-document) the system will prompt the citizen for information from the grid to demonstrate that they are in possession of their personal authentication grid, as shown in the following example.

Example grid

	A	B	C	D	E	F	G	H	I
1	T	M	E	T	6	4	7	M	1
2	I	1	N	X	E	8	3	C	D
3	4	3	E	V	K	7	J	8	K
4	V	H	6	H	R	X	V	C	Y
5	T	0	R	Q	X	R	5	5	Y
6	C	8	8	M	3	D	7	E	1
7	Y	M	C	2	K	2	2	X	N
8	M	J	H	T	H	5	N	T	G
9	R	M	Z	E	Y	K	K	3	1

Instructions:

To apply your e-signature, you will need to supply the letter or number that appears in the selected squares from the grid. If you were asked for the corresponding letter or number for squares A2, C4 and D1, you would enter the letter or number in the text box as shown below:

If the user enters the information correctly this activates their private key stored on the central server, allowing them to apply their e-signature.

6.5 Authentication grid security

Once an authentication grid has been issued to an individual, it should be treated similarly to a bankcard. The user should:

not share their grid and must prevent others from using or accessing it
not leave the grid unattended at any time
notify Land Registry and their conveyancer if the grid has been lost.

The citizen will be locked out of the system after a pre-set number of unsuccessful attempts are made in responding to the information prompt.

The use of the digital signature process is described further in Annex A.

6.6 Delete a citizen account

Once the document has been signed by the citizen, and made effective by registration at Land Registry, the citizen signing account is no longer required. The system will then automatically delete the citizen account.

The citizen account will also be automatically deleted if the document to be signed has not been made effective by registration within six months of being created.

7 Land Registry security

Land Registry security is based upon user certificates and provides appropriate user authentication and role based access control. For more information, please see:

Section 5 Role based access control (RBAC)
Annex A – Authentication security.

7.1 Description of security measures

The method of user authentication required for system access is based on the level of access required. Land Registry uses a variety of mechanisms to secure its systems.

7.1.1 User ID and password

As the administrator creates an account for each new user, the system will generate a user ID. In addition to a user ID, a password must be created. Initial login will be achieved using a temporary password that is issued by the system. The user will then be asked to create a new password of their own choosing within permitted rules on the first occasion that they have successfully logged in.

This single sign-on will allow access to all services for which the user has the associated permissions. In addition to this, those with the role of administrator will be set up with an additional account for their administrator role to ensure separation of duties. Therefore, if a user within a firm is also an administrator they will possess two separate user IDs and passwords.

7.1.2 Password construction

The password should represent an effective balance between strength of security and usability. All passwords must:

be a minimum of eight characters
be a maximum of 20 characters
include a mixture of alpha and numeric characters
include at least two numbers
not include the characters £, €, , or ¬
be case sensitive.

It may also help to remember more complex passwords if users use a password based on a mnemonic pass phrase, eg 'I like to walk my dog 12 times each day'. By taking the first letter of each word, they would create the password 'ILTWMD12TED'

The general password rules are as follows.

Do not employ any password structure or characteristic that results in a password that is predictable or easily guessed.
Passwords must be kept confidential. They must never be shared or revealed to anyone.
Passwords must not be written down unless they have been effectively concealed in seemingly unrelated characters or by using a coding system. Any written form of password must also be stored in a secure location, such as a locked drawer. Also, the coding system used to conceal the password should not be written down. If the password is lost, or there is suspicion that someone has accessed it, it must be assumed that it has been compromised.
Do not use the same password for different systems, ie never use any Land Registry password for personal use, such as internet banking or shopping accounts.
Do not re-use a password that has been used before.
Passwords will not expire automatically, but may be changed at any time.
Passwords must be changed immediately if compromise is suspected or known.

7.1.3 Shared secrets

Shared secrets are commonly used by businesses for providing access to confidential information. A shared secret is something known only to the user and the system that they are interacting with. In the case of the Land Registry portal, following the first successful log in by a user, they will be given a choice of five questions pre-determined by Land Registry, and will be asked to provide answers that are memorable to them for three of the five questions. Once these answers have been stored, the questions will be used by the system if the user is required to verify their identity.

7.1.4 Password reset

If a user has forgotten their password, or has been locked out of the system because they have entered it incorrectly five times consecutively, there will be a self-service menu option available, allowing the user to verify their identity and reset their password. This makes use of their pre-set shared secrets as referred to in subsection 7.1.3.

The user will be asked to answer two of their three shared secret questions and if they answer correctly they will be allowed to re-access the system and choose a new password. However, if they answer either of the two questions incorrectly five times they will be locked out of the system and their account itself will need to be reset by an administrator, or in the case of an administrator it will need to be reset by Land Registry.

8 Availability of the Land Registry system

The network will normally operate in accordance with the following daily timetable.

Service	Hours of operation	Notes
E-documents prepare, print and submit.	06.30 – 23.00 Every day	Excluding national holidays
E-documents day list capture and registration processing.	06.00 – 22.00 Monday to Friday	Excluding national holidays
Information Services.	06.30 – 23.00 Every day	Excluding national holidays
Land Charges.	06.30 – 23.00 Every day	Excluding national holidays
Business Gateway.	Hours as for the various services listed above.	See below*

Non-technical support.	08.00 – 18.00 Monday to Friday	Excluding national holidays. The telephone number for non-technical support is 0844 892 1111.
Technical support.	07.00 – 18.00 Monday to Friday	Excluding national holidays. The telephone number for technical support is 0844 892 1111.
*If your Case Management System (CMS) submits an application through Business Gateway during Land Registry business hours you should receive an immediate result. If the application is received out of Land Registry business hours, you should receive an acknowledgment, with a time when a result should be available. Your CMS provider should give you guidance on how to operate network services through Business Gateway.

By granting the right of access to the network, Land Registry does not warrant that the network will always be accessible to subscribers during the hours of operation as published.

Access to the network could be interrupted through circumstances beyond the control of Land Registry. If the network is not available during the published hours of operation, and the matter is too urgent to wait until the network is available (as to which, see Annex B – Operational service continuity), you should use other available means to continue your conveyancing. See section 10 Business continuity.

There may be some circumstances when Land Registry needs to alter the daily timetable, or suspend a particular system function or security, without any prior notice where, the circumstances justify doing so. Such changes may only have effect for short periods of time or, in some circumstances, may apply for longer periods.

It is not possible to predict all the possible circumstances that might arise but they could include:

extending the end of the business day, where there has been a material disruption of the network during the day
suspending the whole network or individual functions, subscribers or users, where there has been a material breach of the network's security
making any change, where Land Registry is complying with a court order.

Land Registry will notify subscribers of changes to the daily timetable by means of an electronic message or other appropriate methods of publicity at the earliest practical opportunity.

9 Storage of unregistered e-documents

If electronic documents are created in the e-conveyancing network and committed for registration, but for some reason they cannot be registered, Land Registry will electronically store them.

10 Business continuity

It will be the responsibility of the subscriber to provide business continuity in respect of their own systems. Land Registry will reissue tokens as quickly as possible for any subscriber that has suffered a critical business failure for reasons such as theft, flood or fire. You will need to tell us which tokens have been lost so we can cancel them, otherwise we will cancel everything that has been assigned to you.

10.1 Procedures for services when system not available

If you cannot gain access to the network and you think it is a problem with the network rather than a problem with your own hardware or software, first telephone:

Land Registry status line on 0844 892 0391.

Use this to check whether there is already a message with information about the nature of the problem and when it is likely to be fixed. This message will be updated regularly (and will state when it was last updated). If there is no message, contact:

Customer Support on 0844 892 1111.

Use this service to explain the problem. If it appears that the problem lies with Land Registry, the information will be passed on to our IT services desk. They will ascertain what the problem is and how long it is likely to take to fix. A message will be put on the Land Registry status line providing as much information as possible.

If the network is not available, the following procedures should be followed.

Information Services (searches, official copies)
- Use telephone services.
- Use paper forms.
Network Services (e-charges and documents)
- If possible, delay preparation and/or lodging until the network is available.
- Revert to paper (using an outline application made by telephone to protect the interest if appropriate – see rule 54 Land Registration Rules 2003) and Practice Guide 12 – Official searches and outline applications.

11 Glossary

Administrator

The person appointed by the subscriber as the administrator under the Network Access Agreement.

Authentication grid

A type of security measure used in applying digital signatures, as explained in section 6.

Certificate

An electronic file that is issued to a user and also published in a repository available to persons who need to rely on the certificate. It is the link between a person's real-world identity and their digital identity.

Certificate Authority (CA)

A body that is responsible for the issue and management of certificates.

Conveyancer

As defined in rule 217 Land Registration Rules 2003 (as amended).

Cryptography

The science of protecting information from unauthorised access through the use of numeric keys and special mathematical functions.

Portal

Single web interface. A website that is a gateway to lots of different types of information and services.

Role

A grouping of 'permissions' to use particular functionality that may be allocated to an individual.

Role based access control (RBAC)

A mechanism for allowing each user access to a set of services appropriate to their job function. The role allocated to each user will dictate the services that the user has permission to access when they log on.

Subscriber

An organisation that has applied for and been granted a Network Access Agreement.

User

As defined in the Network Access Agreement.

12 Annex A – Authentication security

This annex is intended to give users a description of some aspects of the security used in the Land Registry network.

12.1 Public key cryptography

Public key infrastructure (PKI) is used for two main purposes.

1. Identity authentication – for assurance of identity when an administrator logs on to register new users and modify their permissions.

2. Digital signatures – to enable any party within a conveyancing transaction to electronically sign e-documents. Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys – a public key and a private key. The private key is kept secret, while the public key may be distributed to those who need to check the identity of an administrator. The keys are related mathematically, but the private key cannot be practically derived from the public key: a message encrypted with the private key can be decrypted only with the corresponding public key (and vice versa).

When implemented as part of a public key infrastructure (PKI), the key pairs are linked to real world entities in a publicly available certificate: a person has a private key that can be used for identity in the electronic world and the certificate can verify the link between the individual and the key pair.

As a Certificate Authority (CA), Land Registry will issue certificates based on information supplied to them by the subscriber.

The certificate is the link between a person's real-world identity and their digital identity. It will contain the individual's name (as the rightful holder of a private key) and the public key associated with that private key.

For more information about identity authentication and electronic signing please see Land Registry's Certification Practice Statement on our website.

12.2 Audit

It is critical that Land Registry audit processes are unambiguous, easily interpreted and tamperproof. It is a direct requirement for all public bodies to conform to the provisions of BSI's BIP 0008 – Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically (2nd edition). The code provides comprehensive guidance on the requirements for record keeping and record protection.

All business and IT operations will be monitored and logged securely. Therefore:

the access control solution will log all authentication attempts
the CA management system will keep a complete trail of certificate events.

13 Annex B – Operational service continuity

Land Registry has adopted the ITIL¹ model to facilitate best practice in Service Management. The associated Service Management system is certified to the International Standard BS ISO/IEC 20000-1:2011. Day to day operational management of the underpinning IT infrastructure is supported by 24/7 data centre operations and a service desk acting as a central point of contact for all IT related customer calls. This is staffed from 07.00 – 18.00 Monday to Friday and is supported by trained second and third level technical engineers, providing guaranteed support between 08.00 – 16.30 Monday to Friday, supplemented by 24/7 out-of-hours on call support at all other times.

The central and extranet infrastructures by design have considerable resilience and spare capacity (redundancy) built in, which use the latest Geographically Dispersed Parallel Sysplex technologies, so that the organisation's continuous service capability is assured even in the event of the loss or unavailability of one of these data centres.

We operate strict controls around how changes to this infrastructure are managed, risk assessed and acceptance tested prior to deployment.

The integrity and availability of corporate data is paramount. Three copies of this data are continuously mirrored. Additionally a fourth copy (a snapshot) is made once a day. We also have full backups of our systems on tape and retain logs of all changes that occur during the day.

We are both well prepared and vigilant with regard to our arrangements to deal with the impact of a major incident or disaster on the business.

Automated monitoring takes the place of business-critical business services and a process to manage major service incidents is deployed. This integrates with our business continuity procedures.

In the event of a disaster, our recovery time will always vary depending upon the nature of the incident. Our objective is to make business critical internal services available within two hours of the business decision to invoke the disaster recovery plan, with all services available within five hours. Routine testing of our plans is undertaken and we proactively seek to improve upon our recovery time objectives where possible.

A culture of continual service improvement is prevalent and there will always be a number of service improvement initiatives ongoing.

For alternative formats please contact Customer Support on 0844 892 1111

Issued by Land Registry Corporate Marketing Services November 2010

¹ A set of best practice guidance for IT service management. ITIL is owned by the OGC and consists of a series of publications giving guidance on the provision of quality IT Services, and on the processes and facilities needed to support them.

	A	B	C	D	E	F	G	H	I
1	T	M	E	T	6	4	7	M	1
2	I	1	N	X	E	8	3	C	D
3	4	3	E	V	K	7	J	8	K
4	V	H	6	H	R	X	V	C	Y
5	T	0	R	Q	X	R	5	5	Y
6	C	8	8	M	3	D	7	E	1
7	Y	M	C	2	K	2	2	X	N
8	M	J	H	T	H	5	N	T	G
9	R	M	Z	E	Y	K	K	3	1

	A	B	C	D	E	F	G	H	I
1	T	M	E	T	6	4	7	M	1
2	I	1	N	X	E	8	3	C	D
3	4	3	E	V	K	7	J	8	K
4	V	H	6	H	R	X	V	C	Y
5	T	0	R	Q	X	R	5	5	Y
6	C	8	8	M	3	D	7	E	1
7	Y	M	C	2	K	2	2	X	N
8	M	J	H	T	H	5	N	T	G
9	R	M	Z	E	Y	K	K	3	1

	A	B	C	D	E	F	G	H	I
1	T	M	E	T	6	4	7	M	1
2	I	1	N	X	E	8	3	C	D
3	4	3	E	V	K	7	J	8	K
4	V	H	6	H	R	X	V	C	Y
5	T	0	R	Q	X	R	5	5	Y
6	C	8	8	M	3	D	7	E	1
7	Y	M	C	2	K	2	2	X	N
8	M	J	H	T	H	5	N	T	G
9	R	M	Z	E	Y	K	K	3	1