IT policies

Cyber Security Policy: The guidance is particularly useful for those working with confidential and/or personal data.

Information Security Classification Standard: How to classify your data, process, store and transmit it.

The following policies can be found under 'Information Technology' on the Policies and Procedures webpage. 

For a description of each IT policy, please see the index below:

Conditions of Use of IT Facilities at LSE: The conditions everyone must sign up to in order to use LSE IT facilities.

PCI DSS Compliance Policy: LSE has to meet the Payment Card Industry’s Data Security Standard. This policy lays out what levels of PCI DSS compliance we can achieve, and where the risk for non-compliance lies.

Confidentiality Agreement Template for Access to Deceased Staff Account: Please note this form should not be completed unless the Data Protection Officer or Cyber Security & Risk Team have requested it specifically.

Handling Copyright Infringement Notifications: The steps Information Security will take if informed of a copyright infringement that has happened via the LSE network.

Log Duration: How long DTS will keep logs that have been generated.

Non-Standard User Account Expiries: The maximum duration non-standard LSE user accounts will exist and at what point extensions will need to be requested.

Template-Transcriber Non-Disclosure Agreement: Sample agreement for third party transcribers to sign before engaging them to transcribe the audio or video recording files for LSE.

Virus Outbreaks on Campus Public Area Workstations: What we will do if we discover there is a virus outbreak on an LSE machine in the library, or in a computer room.

Encryption Guidelines: A guide on encrypting data and devices.

Encryption Guidelines for Students: A guide on encrypting data and devices for students.

Managing Access in SharePoint/Teams/OneDrive: Step-by-step instructions with screenshots on how to manage access in OneDrive/SharePoint/Teams 

Remote Access and Mobile Working: A guide on how to protect your devices and data when working remotely.

Using 7-Zip to Encrypt and Decrypt Files: A guide on using 7-Zip to encrypt files and make them more secure.

InfoSec Decision Making Tool (ISDMT): A tool developed by DTS to help you assess your confidential data and advice on how to protect it appropriately.

Application to Use IT Facilities at LSE: To be signed by all users.

Checklist for Leavers: A checklist for line managers to help ensure that the right steps are taken when a member of staff leaves LSE.

Data Assurance Form: A form for academics to complete prior to initiating a research project. 

External Suppliers User Accounts: The stipulations external suppliers have to meet before they are provided with user accounts.

Firewall Rule Request Form: A form for Service Owners to complete prior to commissioning or updating a service/system that requires a firewall rule change

Request to Access Someone Else's Data (docx): A form for requesting access to someone else's H: space or email account. 

Privacy Impact Assessment Template (docx): If you are required by a research data provider to fill in a Privacy Impact Assessment, you can use this template to guide you through the process.

Data Management Plans: All research projects should fill in a Data Management Plan. You can find a guide on how to do so here.

Information Security Training Package: If your research data provider requires you to undertake information security training, please contact us: dts.infosec@lse.ac.uk

Using Zoom for Research Interviews

CE plus - Student Records Management

CE plus - Trusted Research Environment