Information Security




Supporting policies

Codes of practice

Data protection

  1. Instructions for data protection coordinators 
  2. Medical research - application for inclusion on data protection registration 
  3. Application for inclusion in data protection registration for filing systems and datasets for administrative and research purposes

Guidelines and forms

  1. Information Security Questionnaire (.doc)
  2. Security considerations in outsourced IT management arrangements
  3. Computer Security Incident Reporting Procedures
  4. Operational Criteria for Wireless Access Installations (Wireless Access Point registration)
  5. Use of Email
  6. E-learning Communication Tools
  7. Handling Computer Accounts and Electronic Data of Leavers
  8. Security Considerations in Tendering Processes
  9. Guidelines on Using Skype within UCL
  10. Classification of information held by UCL personnel, for security management purposes - removed and replaced by UCL Information Management Policy
  11. Guidelines on the use of software and general computing resources provided by third parties
  12. Guidelines for using Web 2.0 services for teaching and learning
  13. Information Security Architectural Principles
  14. Classification Tool: https://opinio.ucl.ac.uk/s?s=45808

Monitoring forms

Please ensure completed monitoring forms are encrypted before being sent via email.  Passwords should be shared via an alternate method e.g. telephone.  For guidance on encryption, please see our Knowledge Base article.

ISD Only Policies

The three policies below have been designed to be used by ISD only at this time.

ISD Server Vulnerability Management Policy

ISD Privileged Account Policy

ISD Log Retention Policy

For information

The above policies have been endorsed by the Information Risk Governance Group (IRGG). The roles of IRGG, the Information Risk Management Group (IRMG) and the Security Working Group (SWG) are described in the Information Risk Governance Framework.