Information Security Policy

UCL Information Security Policy - main policy

UCL Information Security Policy - main policy

Annex:

Definition of terms used in the policy documentation

Definition of terms used in the policy documentation

• User Guide - web version
  

  User Guide - leaflet

  User Guide - leaflet

Supporting Policies

UCL Computing Regulations (Acceptable Use Policy)

UCL Computing Regulations (Acceptable Use Policy)

UCL Connecting Equipment to the College Network Policy

UCL Connecting Equipment to the College Network Policy

UCL Electronic Mail (e-mail) Policy

UCL Electronic Mail (e-mail) Policy

UCL Monitoring Computer and Network Use Policy

UCL Monitoring Computer and Network Use Policy

UCL Bring Your Own Device Policy

UCL Bring Your Own Device Policy

UCL Data Protection Policy

UCL Data Protection Policy

UCL Freedom of Information Policy

UCL Freedom of Information Policy

UCL Environmental Information Policy

UCL Environmental Information Policy

 

UCL Corporate Digital Data Ownership and Access Policy - public view

UCL Corporate Digital Data Ownership and Access Policy - public view

 

The following are for UCL access only:

UCL Corporate Digital Data Ownership and Access Policy
UCL Authentication Principles
UCL Password Policy and Principles
UCL CCTV Policy
UCL Information Management Policy (aka Classification Policy)

Codes of Practice

Appointment and Role of Custodians of Information Systems
Appointment and Role of Departmental Network Administrators
Information for Heads of Departments and Custodians (including recommendations for system management procedures)
Code of Practice for System Custodians and Network Administrators at UCL

Data Protection

The Legal Services pages provide information and guidance to all UCL staff and students, on how personal data is processed under the General Data Protection Regulation (GDPR). This includes use of your individual rights under data protection legislation (e.g. the right of access to your personal data), and registration of research proposals that involve personal data.

https://www.ucl.ac.uk/legal-services/

Guidelines and Forms

Information Security Questionnaire (.doc)
Security considerations in outsourced IT management arrangements
Computer Security Incident Reporting Procedures
Operational Criteria for Wireless Access Installations (Wireless Access Point registration)
Use of Email
E-learning Communication Tools
Handling Computer Accounts and Electronic Data of Leavers
Security Considerations in Tendering Processes
Classification of information held by UCL personnel, for security management purposes - removed and replaced by UCL Information Managment Policy
Guidelines on the Use of Software and General Computing Resources Provided by Third Parties
Guidelines for Using Web 2.0 Services for Teaching and Learning
Information Security Architectural Principles
Classification Tool: https://opinio.ucl.ac.uk/s?s=45808
Guidance on Travelling Abroad for Research and Meetings

Monitoring Forms

Please ensure completed monitoring forms are encrypted before being sent via email, see our page on encryption.  Passwords should be shared via an alternate method e.g. telephone. 

Form MO1 - Request for Monitoring and Access to Stored Documents and Email relating to Investigations (.doc)
Form MO2 - Request for Access to Stored Documents and Email - long-term absence or staff have left (.doc)
Form MO3 - Request for Authorisation of Routine Monitoring for operational purposes (.doc)
Form MO4 - Request Access to Stored Documents and Email by the suspended UCL user in relation to Disciplinary Proceedings (.doc)
 

Please see the checklist/guidance documents below for details of the MO4 process

• MO4 Checklist and Guidance - Removable Media
• MO4 Checklist and Guidance - OnSite Access

ISD Only Policies

ISD Server Vulnerability Management Policy

ISD Server Vulnerability Management Policy

ISD Privileged Account Policy

ISD Privileged Account Policy

ISD Log Retention Policy

ISD Log Retention Policy