X Close

Risky Business


Tips and tricks for securing information


Policy, Policy, Policy.

By utnvrrv, on 21 February 2017

Policy Definition

Hello, My name is Ravi and I work with the Information Security Group. My role is to refresh all the existing Information Security Policies and make them more current.


According to the Cambridge Dictionary, a policy is “a set of ideas or a plan of what to do in particular situations that has been agreed to officially by a group of people, a business organization, a government or a political party” I’m going to focus on the Information Security Policies and their role in being the guiding posts for UCL. Read on…

Why policies?

The development of security policies has become a critical component in all organisations. UCL recognizes the importance of information security in its day-to-day business. “Information security policies help UCL maintain its ability to prevent security incidents”. In addition to this, these policies help us to respond to security incidents when they do occur. UCL intends to have sound and robust policies. This assures all our stakeholders that their data and information is well protected.

Policies cannot be static and need to change with time. Some common drivers for policy change include:

  • technology upgrade,
  • new business rules coming into play, and,
  • changes in legislation.

It is always a good idea to define a review timeline for a policy, this can be a year at the minimum.

Further reading

If you would like to read the information security policies, please see here: https://www.ucl.ac.uk/informationsecurity/policy/