These principles are to be applied on a comply or explain basis.
Information risk management - guiding principles
The top level guiding principles which apply to all information handling across UCL (including project work and day-to-day activities). They are intended to be used to inform and guide University members in their normal work, and to ensure that information is handled in a suitably secure fashion.
Information risk management - secure service provision
An explanation of how to set up, configure and manage services to ensure a base level of information risk management. Originally designed for use by the Information Services Division, but now adapted to apply to any UCL context.
Information risk management - server and application security
Minimum security measures (also known as "controls") to be applied to various categories of IT systems, both during development and when operational. This applies to all systems managed within departments and by ISD.