Information management and security


Information Management and Security Policy (pdf) - main policy

Supporting Policies

  1. LSHTM Data Protection Policy (pdf)
  2. LSHTM Acceptable Use Policy (pdf)
  3. LSHTM Use of Email (pdf)
  4. LSHTM Network Connection and Management Policy (pdf)
  5. LSHTM Monitoring Computer and Network Use
  6. LSHTM Mobile and Remote Working Policy (pdf)
  7. LSHTM User Management Policy
  8. LSHTM Intellectual Property Policy (pdf)
  9. LSHTM Data Classification and Handling Policy (pdf)


  1. M01 - Request for authorisation of monitoring (doc)
  2. M02 - Request for authorisation of access to stored documents (doc)
  3. Leavers checklist (doc) - related to leavers guidelines

Codes of Practice

  1. Code of Practice for Business and Service Owners (pdf)
  2. Code of Practice for System Infrastructure Managers - to be added soon
  3. Code of Practice for Line Managers, Personal Tutors, Project/PhD Supervisors (pdf)


  1. Use of third party resources - cloud services (pdf)
  2. Leavers guidelines - including form to be completed by all staff leavers (pdf)
  3. Security considerations in outsourced IT management arrangements
  4. Mobile Device Encryption - iOS (pdf)
  5. Mobile Device Encryption - Android (pdf)
  6. Data Storage Options - related to Data Classification and Handling Policy (pdf)

N.B.  The following policies remain in force until they are subsumed into the main policy:

ISO/IEC 27001 Compliance Statement
The School has an Information Management and Security Policy which has been drawn up in line with the ISO requirements. LSHTM policies are updated from time to time as needed to keep up with legal, procedural and technological developments.

For enquiries please contact or +44 (0)20 7958 8396.

Advice and guidance for staff can be found on our information management and compliance intranet pages.