XClose

Information Security

Menu

Individual Responsibility for Security

This page supports policy statement 6.7 in the new Information Security Policy

Introduction 

Information security is the responsibility of all users. Effective security depends on individuals acting responsibly, following policies, standards, and guidelines, while maintaining awareness of risks. 

Security must be embedded into day-to-day activities across UCL. 

Summary of Policy Requirements 

  • Users must only perform actions for which they are authorised and trained.  
  • Staff must not share credentials, try to circumvent controls, or use systems beyond their authorised purpose. 
  • Heads of Department must ensure staff are aware of their responsibilities and that appropriate training is provided. 

How to Comply 

  • Complete mandatory security awareness training. 
  • Protect information from unauthorised access or disclosure. 
  • Follow all relevant University security policies, standards, and guidelines. 
  • Act responsibly and professionally when using University information and systems. 
  • Use secure authentication practices, including strong passwords and MFA where required. 
  • Keep systems, software, and devices up to date. 
  • Lock devices when unattended and keep them physically secure, particularly in public places. 
  • Take reasonable steps to prevent unauthorised viewing of information (e.g. shoulder‑surfing). 
  • Store, transport, and dispose of paper records securely in line with University guidance. 
  • Check how to stay secure and UCL’s Security Newsletter for further guidance. 
  • Access only information required for your role.  
  • Report incidents immediately through the appropriate channel: Report an Incident.  
  • Seek guidance if unsure about responsibilities. 

Further questions 

If you have any questions that haven't been answered by the information on this page, please don’t hesitate to ask the Information Security Group.  

Policy statement 

Users with access to UCL’s information and information systems are responsible for maintaining appropriate security levels as outlined in the supporting standards. 

Support documents