Information management and security

All statements relating to the Data Protection Act 1998 in the below documents should be taken to relate also to the GDPR and Data Protection Act 2018. The policies will all be reviewed and updated as needed in the next few months.

Information Management and Security Policy (pdf) - main policy

Supporting Policies

  1. LSHTM Data Protection Policy (pdf)
  2. LSHTM Acceptable Use Policy (pdf)
  3. LSHTM Use of Email (pdf)
  4. LSHTM Network Connection and Management Policy (pdf)
  5. LSHTM Monitoring Computer and Network Use
  6. LSHTM Mobile and Remote Working Policy (pdf)
  7. LSHTM User Management Policy
  8. LSHTM Intellectual Property Policy (pdf)
  9. LSHTM Data Classification and Handling Policy (pdf)


  1. M01 - Request for authorisation of monitoring (doc)
  2. M02 - Request for authorisation of access to stored documents (doc)
  3. Leavers checklist (doc) - related to leavers guidelines

Codes of Practice

  1. Code of Practice for Business and Service Owners (pdf)
  2. Code of Practice for System Infrastructure Managers - to be added soon
  3. Code of Practice for Line Managers, Personal Tutors, Project/PhD Supervisors (pdf)


  1. Use of third party resources - cloud services (pdf)
  2. Leavers guidelines - including form to be completed by all staff leavers (pdf)
  3. Security considerations in outsourced IT management arrangements
  4. Mobile Device Encryption - iOS (pdf)
  5. Mobile Device Encryption - Android (pdf)
  6. Data Storage Options - related to Data Classification and Handling Policy (pdf)

N.B.  The following policies remain in force until they are subsumed into the main policy:

ISO/IEC 27001 Compliance Statement
The School has an Information Management and Security Policy which has been drawn up in line with the ISO requirements. LSHTM policies are updated from time to time as needed to keep up with legal, procedural and technological developments.

For enquiries please contact or +44 (0)20 7958 8396.

Advice and guidance for staff can be found on our information management and compliance intranet pages.