Information Security


ISO/IEC 27001 Compliance Statement

Statements concerning Information Security Policies at UCL and compliance with ISO/IEC 27001.

We are receiving queries about UCL Information (or Data) Security Policies and the ISO/IEC 27000 series of information security standards. If you are responding to a body such as The Office for National Statistics who ask about this, then the following statement should suffice.

"UCL has an Information Security Policy which has been in operation since 2002 and was drawn up in line with the BS7799 requirements.  Since then, the requirements have been formalised into the ISO/IEC 27000 series and the UCL policies have been updated from time to time as needed to keep up with legal, procedural and technological developments."

If you need to send a copy of such a policy, then we recommend you send a copy of the top-level statement at http://www.silva-sandbox.ucl.ac.uk/informationsecurity/policy/public-policy/Policy