All statements relating to the Data Protection Act 1998 in the below documents should be taken to relate also to the GDPR and Data Protection Act 2018.
Policy
Supporting policies
- Acceptable use policy (pdf)
- Bring your own device policy (pdf)
- Data classification and handling policy (pdf)
- Data protection policy (pdf)
- End user device policy (pdf)
- Intellectual property policy (pdf)
- Monitoring computer and network use (pdf)
- Network connection and management policy (pdf)
Forms
- M01 - Request for authorisation of monitoring (doc)
- M02 - Request for authorisation of access to stored documents (doc)
- Leavers checklist (doc) - related to leavers guidelines
Codes of practice
- Code of practice for business and service owners (pdf)
- Code of practice for system infrastructure managers - to be added soon
- Code of practice for line managers, personal tutors, project/PhD supervisors (pdf)
Guidelines
- Use of third party resources - cloud services (pdf)
- Leavers guidelines - including form to be completed by all staff leavers (pdf)
- Security considerations in outsourced IT management arrangements (pdf)
- Mobile device encryption - iOS (pdf)
- Mobile device encryption - Android (pdf)
- Data storage options - related to data classification and handling policy (pdf)
The following policy remain in force until it is subsumed into the main policy:
ISO/IEC 27001 compliance statement
LSHTM has an information security policy which has been drawn up in line with the ISO requirements. Policies are updated from time to time as needed to keep up with legal, procedural and technological developments.
For enquiries please contact csirt@lshtm.ac.uk or +44 (0)20 7958 8396.
Advice and guidance for staff can be found on our .