Information Security


UCL Information Security Policy


User Guide - web version

Supporting Policies

Codes of Practice
Data Protection

The Legal Services pages provide information and guidance to all UCL staff and students, on how personal data is processed under the General Data Protection Regulation (GDPR). This includes use of your individual rights under data protection legislation (e.g. the right of access to your personal data), and registration of research proposals that involve personal data.

Guidelines and Forms
  1. Information Security Questionnaire (.doc)
  2. Security considerations in outsourced IT management arrangements
  3. Computer Security Incident Reporting Procedures 
  4. Operational Criteria for Wireless Access Installations (Wireless Access Point registration
  5. Use of Email 
  6. E-learning Communication Tools
  7. Handling Computer Accounts and Electronic Data of Leavers
  8. Security Considerations in Tendering Processes
  9. Guidelines on Using Skype within UCL
  10. Classification of information held by UCL personnel, for security management purposes - removed and replaced by information-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdfinformation-management.pdf
  11. Guidelines on the Use of Software and General Computing Resources Provided by Third Parties
  12. Guidelines for Using Web 2.0 Services for Teaching and Learning
  13. Information Security Architectural Principles
  14. Classification Tool: https://opinio.ucl.ac.uk/s?s=45808
  15. Guidance on Travelling Abroad for Research and Meetings
Monitoring Forms

Please ensure completed monitoring forms are encrypted before being sent via email, see our page on encryption.  Passwords should be shared via an alternate method e.g. telephone. 

  • Form MO1 - Request for Monitoring and Access to Stored Documents and Email relating to Investigations (.doc)
  • Form MO2 - Request for Access to Stored Documents and Email - long-term absence or staff have left (.doc)
  • Form MO3 - Request for Authorization of Routine Monitoring for operational purposes (.doc)
  • Form MO4 - Request Access to Stored Documents and Email by the suspended UCL user in relation to Disciplinary Proceedings (.doc)
  • Please see the checklist/guidance documents below for details of the MO4 process

ISD Only Policies


For Information

The above policies have been endorsed by the Information Risk Governance Group (IRGG). The roles of IRGG, the Information Risk Management Group (IRMG) and the Security Working Group (SWG) are described in the Information Risk Governance Framework.