Information Security


Information Risk Management and Compliance

We provide advice and guidance to new and on-going initiatives. This includes addressing information security risk and compliance requirements of projects and services.

Risk Management

Risk Assessment Templates

For projects:

For all other application development, hosting and services please use the risk assessment template below:

For Changes:

Supporting documents:

Information Classification

Information classification is the start point for identifying security requirements, and information risk treatment plans. The tool below will help determine information classification for confidentiality, integrity and availability:


Risk Treatment Plan

This document describes how risk treatment is handled. In particular it details the approach to treating risk and formulating risk treatment plans.

Information Risk Registers

Faculties and Departments have Information Risk Registers. Information Risk Registers are maintained by Risk Management Champions. All Risk Management Champions are members of the Information Risk Management Group (IRMG). If you know of an information risk that should be on the Information Risk Register, please contact your Risk Management Champion.

Project Managers Presentation

This presentation is one that we gave to Project Managers to inform them of what we (ISG) do and what we expect Project Managers to do with regards to information security. If you have any questions regarding the presentation, please contact us.

UCL Risk Management 

Information on general risk management at UCL and the UCL Risk Management Policy.