Information Security




Supporting policies

Codes of practice

Data protection

  1. Instructions for data protection coordinators 
  2. Medical research - application for inclusion on data protection registration 
  3. Application for inclusion in data protection registration for filing systems and datasets for administrative and research purposes

Guidelines and forms

  1. Information Security Questionnaire (.doc)
  2. Security considerations in outsourced IT management arrangements
  3. Computer Security Incident Reporting Procedures
  4. Operational Criteria for Wireless Access Installations (Wireless Access Point registration)
  5. Use of Email
  6. E-learning Communication Tools
  7. Handling Computer Accounts and Electronic Data of Leavers
  8. Security Considerations in Tendering Processes
  9. Guidelines on Using Skype within UCL
  10. Classification of information held by UCL personnel, for security management purposes (.doc)

    1. (pdf version of the above) (under review May 2013)
  11. Guidelines on the use of software and general computing resources provided by third parties
  12. Guidelines for using Web 2.0 services for teaching and learning
  13. Procedure for handling requests under the Freedom of Information Act 2000
  14. Procedure for handling requests under the Environmental Information Regulations 2004
  15. Information Security Architectural Principles

Monitoring forms

Please ensure completed monitoring forms are encrypted before being sent via email.  Passwords should be shared via an alternate method e.g. telephone.  For guidance on encryption, please see our Knowledge Base article.

For information

The above polices have been endorsed by the Information Services Governance Committee (ISGC). The Security Working Group makes recommendations on information security and reports to the Infrastructure & Common Shared IT Services Group (IISG), which then reports to the Information Services Governance Committee.