XClose

Information Security

Home
Menu

Frequently Asked Questions

Below are a list of Information Security FAQs.

I am considering buying a license for an email encryption software which allows sending emails securely. 

The encryption solution within the UCL email system is being trialled prior to rollout. There is currently no visibility when this will be deployed. Please check with ISG before purchasing a solution by sending an email to isg@ucl.ac.uk.

I intend to build a hybrid cloud between resources on-premise and a department-controlled account in Amazon Web Services (AWS). 

You should not set up your own agreement, as UCL does have AWS which can be found on the Software Data Base accessible following this link: (https://swdb.ucl.ac.uk).

Currently, this can only be used for non-confidential and non-sensitive data. We recommend that you use the opinio survey (https://opinio.ucl.ac.uk/s?s=45808) to determine the information classification. 

 

More details on information classification can be found in the Information Classification Policy which can be accessed following this link:  

https://liveuclac.sharepoint.com/sites/ISD.InformationSecurityGroup/Team%20Documents/Policy/Information-Management-Policy-IRGG-20170912.pdf

I would like to develop or have developed an application which I intend to launch. 

Use the opinio survey to determine the information classification. If the classification of the data processed is confidential or above, you will be required to complete a Risk Assessment. If the application processes Personally-Identifiable Information (PII), use the Data Protection Impact Assessment (DPIA) Screener Questions (https://www.ucl.ac.uk/data-protection/data-protection-impact-assessment-dpia-screener) to determine whether you need to complete the DPIA. Additionally, a penetration test may also be required which will need expert testers and will require a budget code. If the application is to have UCL branding, please discuss with UCL Communications, digital and marketing (https://www.ucl.ac.uk/staff/communications-digital-and-marketing). 

I would like to use a transcription software for my research. 

We recommend using Word Dictate that is part of our O365 package.

This can be accessed from Word and instructions can be found here - https://support.microsoft.com/en-us/office/dictate-your-documents-in-word-3876e05f-3fcc-418f-b8ab-db7ce0d11d3c

I am planning on doing some incremental work on an existing service/platform, what documentation should I complete?  

Review the existing DPIA for any changes to the information flows or personal information that may be affected.  

Review the existing Risk Assessment and check if any new risks are being introduced as result of the proposed changes. Modify controls to mitigate any risks. Consult with ISG. 

As part of UCL’s agreement with a third party, I have been asked to complete an information security questionnaire. Who do I direct the questions to? 

All questions should be directed to the Information Security Group. Please send an email to isg@ucl.ac.uk. 

How do I securely exchange large quantities of digitised personal information (recordings, images and text) for my research? 

Please use the Data Safe Haven. Link: https://www.ucl.ac.uk/isd/services/file-storage-sharing/data-safe-haven-dsh.

If you think a topic needs to be included in the FAQs, please email us to let us know: isg@ucl.ac.uk.