ISG work with the Project Management Office on the Project Delivery Framework to help integrate Information Security in the project delivery process. We also facilitate risk assessments of services. The risk assessment document templates can be found below:
For projects, both of:
- Information Risk Assessment - Project Scope (.docx)
- Information Risk Assessment - Project Risks and Treatment (.docx)
For services, both of:
- Information Risk Assessment - Service Scope (.docx)
- Information Risk Assessment - Service Risks and Treatment (.docx)
Information classification is the start point for identifying security requirements, and information risk treatment plans. The tool below will help determine information classification for confidentiality, integrity and availability:
Risk Treatment Plan
This document describes how risk treatment is handled. In particular it details the approach to treating risk and formulating risk treatment plans.
Information Risk Registers
Faculties and Departments have Information Risk Registers. Information Risk Registers are maintained by Risk Management Champions. All Risk Management Champions are members of the Information Risk Management Group (IRMG). If you know of an information risk that should be on the Information Risk Register, please contact your Risk Management Champion.
- Information Risk Register template with examples (.xlsx)
- Membership of IRMG (including Risk Management Champions)
Project Managers Presentation
This presentation is one that we gave to Project Managers to inform them of what we (ISG) do and what we expect Project Managers to do with regards to information security. If you have any questions regarding the presentation, please contact us.
UCL Risk Management
Information on general risk management at UCL and the UCL Risk Management Policy.