We provide advice and guidance to new and on-going initiatives. This includes addressing information security risk and compliance requirements of projects and services.

Risk Assessment Templates
For projects:
For all other application development, hosting and services please use the risk assessment template below:
- Information Risk Assessment Form (.docx)
For Changes:
Supporting documents:
Information Classification
Information classification is the start point for identifying security requirements, and information risk treatment plans. The tool below will help determine information classification for confidentiality, integrity and availability:
https://opinio.ucl.ac.uk/s?s=45808
Risk Treatment Plan
This document describes how risk treatment is handled. In particular it details the approach to treating risk and formulating risk treatment plans.
Information Risk Registers
Faculties and Departments have Information Risk Registers. Information Risk Registers are maintained by Risk Management Champions. All Risk Management Champions are members of the Information Risk Management Group (IRMG). If you know of an information risk that should be on the Information Risk Register, please contact your Risk Management Champion.
- Information Risk Register template with examples (.xlsx)
- Membership of IRMG (including Risk Management Champions)
Project Managers Presentation
This presentation is one that we gave to Project Managers to inform them of what we (ISG) do and what we expect Project Managers to do with regards to information security. If you have any questions regarding the presentation, please contact us.
UCL Risk Management
Information on general risk management at UCL and the UCL Risk Management Policy.