How to contact us




Phone: +44 (0) 20 7107 5000


Extension: 5000


Location: ALD.3.01, 3rd Floor, Aldwych House

Information Security Policies, Procedures and Guidelines

There are a number of policies and processes that apply across LSE.These policies are critical for providing assurance to funders, regulators, auditors and governments that LSE takes seriously the confidentiality, integrity and availability of data placed in its care. There are also a number of guidelines that you may find useful, especially if you are working with confidential and/or personal data.

Information Security Policy and Information Classification

Policies and Regulations

  • Access Control Policy (pdf) - IMT's approach to controlling access to IT resources.
  • Application Control Policy (pdf) - LSE's approach to the use of applications on its network.
  • Antivirus Policy (pdf) - Antivirus must be installed on LSE-owned computers, and personally-owned devices without antivirus may be blocked from accessing the network for the safety of all other connected devices.
  • Asset Management Policy  (pdf) - Everyone's responsibilities in regards to IT assets such as workstations or laptops.
  • Associates Policy (pdf) - When and how non-LSE members are provided with access to LSE IT resources.
  • Comms Room Policy (pdf) - Comms Rooms are a key part of LSE’s IT infrastructure, with specific requirements about how they must be set up and maintained.
  • Conditions of use of IT facilities at LSE (pdf) - The conditions everyone must sign up to in order to use LSE IT facilities.
  • Conditions of use of the Residences network (pdf) - Additional conditions for those using network connections at halls of residence.
  • Confidential Information Transfer Policy (pdf) - How to approach the any requirements to move confidential information, either to or from external parties, or within LSE.
  • Electronic Messaging Policy (pdf) - Rules and considerations governing the use of LSE's email systems, including the sending of confidential data and the privacy of people's email accounts.
  • Email Address Conventions Policy (pdf) - Information about the format of LSE email addresses.
  • Encrypted Authentication Policy (pdf) - All LSE applications (whether developed by us or developed or hosted by a third party) that perform user authentication must encrypt the username and password during transmission.
  • Hosting Non-Standard Websites and Internet-facing Services - What replacement IMT will provide for servers currently situated outside LSE datacentres.
  • IT User Accounts Policy (pdf) - What types of user accounts we provide, what they give access to and when they expire.
  • Monitoring and Logging Policy (pdf) - How and Why we monitor and log traffic and activities across our systems and networks.
  • Network Connection Policy (pdf) - The responsibilities concerning who can connect things to our network distribution layer, and how we respond to any system on our network that poses the potential threat, or is actually causing damage, to other systems. 
  • Passwords - How to keep your password safe and how to choose a good password.
  • Password Policy (pdf) - What passwords should contain and when they expire. 
  • Patch Management Policy (pdf) - Stipulations around the patching of LSE systems.
  • Payment Card Gateway Policy (pdf) - All services that take card payments must integrate with LSE’s provided Payment Card Gateway. 
  • PCI DSS Compliance Policy (pdf) - LSE has to meet the Payment Card Industry’s Data Security Standard. This policy lays out what levels of PCI DSS compliance we can achieve, and where the risk for non-compliance lies.
  • PCI DSS Information Security Policy (pdf) - Information Security Policy that is specific to LSE’s PCI DSS environments.
  • Remote Access Policy (pdf) - What systems are available for use remotely and what considerations to make when using them.
  • Sharepoint Team Sites Provision Policy (pdf) - Outlines the conditions under which SharePoint Team Sites will be allocated, monitored and deallocated.




Resources for Research

  • Privacy Impact Assessment Template (docx) - If you are required by a research data provider to fill in a Privacy Impact Assessment, you can use this template to guide you through the process.
  • Data Management Plans - All research projects should fill in a Data Management Plan. You can find a guide on how to do so here.
  • Information Security Training Package - If your research data provider requires you to undertake information security training, email us at