ISG work with the Project Management Office on the Project Delivery Framework to help integrate Information Security in the project delivery process. The risk assessment document templates can be found below:
For projects:
For all other application development, hosting and services please use the risk assessment template below:
- Information Risk Assessment Form (.docx)
For Changes:
Supporting documents:
Information Classification
Information classification is the start point for identifying security requirements, and information risk treatment plans. The tool below will help determine information classification for confidentiality, integrity and availability:
https://opinio.ucl.ac.uk/s?s=45808
Risk Treatment Plan
This document describes how risk treatment is handled. In particular it details the approach to treating risk and formulating risk treatment plans.
Information Risk Registers
Faculties and Departments have Information Risk Registers. Information Risk Registers are maintained by Risk Management Champions. All Risk Management Champions are members of the Information Risk Management Group (IRMG). If you know of an information risk that should be on the Information Risk Register, please contact your Risk Management Champion.
- Information Risk Register template with examples (.xlsx)
- Membership of IRMG (including Risk Management Champions)
Project Managers Presentation
This presentation is one that we gave to Project Managers to inform them of what we (ISG) do and what we expect Project Managers to do with regards to information security. If you have any questions regarding the presentation, please contact us.
UCL Risk Management
Information on general risk management at UCL and the UCL Risk Management Policy.