Information management and security

All statements relating to the Data Protection Act 1998 in the below documents should be taken to relate also to the GDPR and Data Protection Act 2018.


Supporting policies


  1. M01 - Request for authorisation of monitoring (doc)
  2. M02 - Request for authorisation of access to stored documents (doc)
  3. Leavers checklist (doc) - related to leavers guidelines

Codes of practice

  1. Code of practice for business and service owners (pdf)
  2. Code of practice for system infrastructure managers - to be added soon
  3. Code of practice for line managers, personal tutors, project/PhD supervisors (pdf)


  1. Use of third party resources - cloud services (pdf)
  2. Leavers guidelines - including form to be completed by all staff leavers (pdf)
  3. Security considerations in outsourced IT management arrangements (pdf)
  4. Mobile device encryption - iOS (pdf)
  5. Mobile device encryption - Android (pdf)
  6. Data storage options - related to data classification and handling policy (pdf)

The following policy remain in force until it is subsumed into the main policy:

ISO/IEC 27001 compliance statement

LSHTM has an information security policy which has been drawn up in line with the ISO requirements. Policies are updated from time to time as needed to keep up with legal, procedural and technological developments.

For enquiries please contact or +44 (0)20 7958 8396.

Advice and guidance for staff can be found on our information management and compliance intranet pages.