Information Security


Risk Management and Compliance

ISG work with the Project Management Office on the Project Delivery Framework to help integrate Information Security in the project delivery process. The risk assessment document templates can be found below:

For projects:

For all other application development, hosting and services please use the risk assessment template below:

For Changes:

Supporting documents:

Information Classification

Information classification is the start point for identifying security requirements, and information risk treatment plans. The tool below will help determine information classification for confidentiality, integrity and availability:


Risk Treatment Plan

This document describes how risk treatment is handled. In particular it details the approach to treating risk and formulating risk treatment plans.

Information Risk Registers

Faculties and Departments have Information Risk Registers. Information Risk Registers are maintained by Risk Management Champions. All Risk Management Champions are members of the Information Risk Management Group (IRMG). If you know of an information risk that should be on the Information Risk Register, please contact your Risk Management Champion.

Project Managers Presentation

This presentation is one that we gave to Project Managers to inform them of what we (ISG) do and what we expect Project Managers to do with regards to information security. If you have any questions regarding the presentation, please contact us.

UCL Risk Management 

Information on general risk management at UCL and the UCL Risk Management Policy.