Information Security


Bring Your Own Device Policy

The purpose of the Bring Your Own Device policy is to facilitate secure and lawful access of UCL information assets and methods to reduce UCL’s exposure to risks.


This policy applies to all personal electronic devices which are used to access UCL systems or to store, process or transmit UCL information. The use of such devices to create and process University information and data creates issues in the area of information security. UCL must ensure that it remains in control of the data for which it is responsible.

The fundamental requirement is that UCL information and systems are protected from unauthorised access. The level of risk should drive what is acceptable for using a personal device to access information on UCL systems. This guidance describes the key security aspects to consider in order to maximise the business benefits of BYOD whilst minimising the risks. UCL intends to allow access to its information by its users, but also must meet its legal, contractual and duty of care obligations.

Contents include

  • Personal Device Security
  • Use and Maintenance
  • Data Governance
  • Actions on discovering device loss or unauthorised access

Who should read this policy

  • All staff
  • Contractors
  • Temporary staff
  • Students
  • Visitors
  • Managers
  • Teaching staff
  • Student support staff
  • Researchers



Last updated: Wednesday, April 10, 2019