Information Services Division


Approved Information Governance documents

These documents have been approved by the Information Governance Steering Group.

NHS Digital Data Sharing Framework Contract - DSFC

NameDescriptionAvailable for


NHS Digital DSFC with UCL (PDF)

NHS Digital: Data Sharing Framework Contract. This applies to all data supplied to UCL by NHS Digital.

Recently updated (March 2022)

NameDescriptionAvailable for
UCL-IG16Training Policy (PDF)Analysis of training needs, mapping appropriate elements of the DSP Toolkit training to roles

Policy, planning and procedure

NameDescriptionAvailable for
SLMS-IG03Research Information Governance Policy (PDF)Information Governance Policy    
SLMS-IG03bData Safe Haven Acceptable Use Statement (PDF)Acceptable Use Statement, required for access to the Data Safe Haven
SLMS-IG09a   Confidentiality Audit Procedure (PDF)Confidentiality audit guidelines    
SLMS-IG15   Incident reporting procedure (PDF)Process describing how information incidents are reported to the IGSG and other bodies 
UCL-IG16   Training Policy (PDF)Analysis of training needs, mapping appropriate elements of the DSP Toolkit training to roles 
SLMS-IG18Communications Plan (PDF)Communications plan for the SLMS IG Framework

Updates to the UCL Information Security Policy (PDF)

See section 2.9

Contractual clauses covering IG requirements and confidentiality linked to disciplinary procedures and action plan to ensure new contracts have requisite compliance 
UCL-IG21UCL-IG21 Offsite Working Policy and Procedure (PDF)Policy and procedure for offsite working
UCL-IG36Data Safe Haven Access Control Policy (PDF)Policy for Access Control within the Data Safe Haven


NameDescriptionAvailable for
SLMS-IG04a   Data Handling Guidance (PDF)Guidance on confidential data handling and secure transfer
SLMS-IG14  Anonymisation GuidanceGuidance for implementing pseudonymisation within the SLMS    

Templates and tools

NameDescriptionAvailable for
SLMS-IG09bConfidentiality Audit Template (Excel)Template for spot check on processes when using Personally Identifiable Data
SLMS-IG11Information Risk Tool (SharePoint)Spreadsheet used to capture information assets and assess risks associated with data transfer 
SLMS-IG13Risk Assessment for physical security (SharePoint)Spreadsheet used to assess physical security and to produce an action plan    
SLMS-IG20Non-disclosure Agreement for IndividualsA generic non-disclosure agreement / confidentiality agreement
Draft - work in progressJoiners, movers and leavers checklistTemplate joiners, movers and leavers checklist

Roles and responsibilities

NameDescriptionAvailable for
SLMS-IG01IG Steering Group ToR  (PDF)Terms of Reference for the SLMS Information Governance Steering Group (IGSG) 
SLMS-IG02   SIRO Role (PDF)Role description for the SLMS Senior Information Risk Owner (SIRO)    
SLMS-IG05   IG Lead Role (PDF)Role description for the SLMS Information Governance Lead    
SLMS-IG07   IG Officer Role (PDF)Role description for the SLMS IG Officer    
UCL-IG31Data Safe Haven Scope (PDF)Scope document for the Data Safe Haven Information Security Management System (ISMS)
SLMS-IG32SLMS IG Framework - roles and responsibilities (PDF)Details roles and responsibilities within the SLMS IG Framework 
SLMS-IG35SLMS ISMS Operational Group ToR (PDF)Terms of Reference for the ISMS Operational Group