Policies
This page contains a list of IT Services Policies and Standard Operating Procedures (SOP) that help to define how the department operates. Overarching policies can be found on the QMUL Policy zone.
A document remains active until superseded and a new version is uploaded. If it is deemed no longer valid then the document is retired and removed from the list below.
Governance Frameworks
Information Security & Data Governance (SOP) Policies
IS00 ITS ISMS Information Security Management System Policy [PDF 302KB]
Approved by: IGG Last Review 29.01.26
IS01 Information Security & Acceptable Use Policy [PDF 242KB]
Approved by: IGG Last Review 29.01.26
DG00 Review Update of Policies [PDF 302KB]
Approved by: ITLT Last review: 17.02.25
IS02 ITS Documents and Records Control Policy [PDF 152KB]
Approved by: IGG Last review: 29.01.26
IS03 ITS Nonconformance and Continual Improvement Policy [PDF 170KB]
Approved by: IGG Last review: 29.01.26
Managing Information
IS08 ITS Risk Management Policy [PDF 238KB]
Approved by: IGG Last review: 29.01.26
Supersedes DG01 Information Risk Management
DG09 Information Classification [PDF 367KB]
Approved by: IGG Last review: 28.03.2025
IS12 ITS Information Transfer Policy [PDF 175KB]
Approved by: IGG Last review: 29.01.26
Procurement & Confidentiality
DG03 Third Party Access to Information Policy [PDF 270KB]
Approved by: ITLT Last review: 17.02.25
DG04 Contracting for IT Services [PDF 547KB]
Approved by: ITLT Last review: 20.02.17
DG07 IT Procurement Policy [PDF 317KB]
Approved by: ITLT Last review: 17.02.25
IS07 Third Party Supplier Assessment and Management Policy [PDF 192KB]
Approved by: IGG Last review: 29.01.26
Operations
IS23 ITS Secure Development Lifecycle Policy [PDF 229KB]
Approved by: IGG Last review: 29.01.26
IS28 ITS Joiners, Movers, Leavers Policy [PDF 198KB]
Approved by: IGG Last review: 29.01.26
DG08 Implementing IT Systems Policy [PDF 349KB]
Approved by: ITLT Last review: 17.02.25
DG06 IT Incident (Malfunction) Reporting Policy [PDF 312KB]
Approved by: ITLT Last review: 17.02.25
IS13 ITS Asset Management Policy [PDF 170KB]
Approved by: IGG Last review: 29.01.26
IS29 ITS Reuse and Disposal of IT Equipment [PDF 184KB]
Approved by: IGG Last review: 29.01.26
DG17 User Account Management Procedure [PDF 225KB]
Approved by: ITLT Last review: 13.11.25
DG19 Remote Access Policy [PDF 210KB]
Approved by: ITLT Last review: 13.11.25
DG20 Access to and Use of Email
Superseded by: IS01 Information Security & Acceptable Use Policy - 27.03.2023
DG22 Maintenance of System Security Logs Policy v2 [PDF 189KB]
Approved by: ITLT Last review: 13.11.25
IS16 ITS Physical and Environmental Security Policy [PDF 199KB]
Approved by: IGG Last review: 29.01.26
DG23 Computer Room Operation Procedure [PDF 344KB]
Approved by: ITLT Last review: 17.02.25
DG24 Working in Secure Areas Policy [PDF 299KB]
Approved by: ITLT Last review: 17.02.25
IS06 ITS Configuration & Change Management Policy [PDF 147KB]
Approved by: IGG Last review: 29.01.26
Supersedes DG25 Configuration & Change Management Policy
DG26 System Backup and Recovery Procedure [PDF 211KB]
Approved by: ITLT Last review: 13.11.25
IS17 ITS Network Security Management Policy [PDF 178KB]
Approved by: IGG Last review: 29.01.26
Supersedes DG28 Network Security Management Policy
Approved by: ITLT Last review: 31.03.17
DG29 Acceptable Use of IT
Superseded by: IS01 Information Security & Acceptable Use Policy - 27.03.2023
ITS Computing Device Policy v1.9 [PDF 1,055KB]
Approved by: ITLT Last review: 15.04.56
ITP07 Self Managed Devices Policy [PDF 296KB]
Approved by: ITLT Last review: 14.11.25
Security
IS04 ITS Information Security Incident Reporting and Management Policy [PDF 204KB]
Approved by: IGG Last review: 29.01.26
IS26 ITS Awareness and Training Policy [PDF 196KB]
Approved by: IGG Last review: 29.01.26
IS15 ITS Access Control Policy [PDF 211KB]
Approved by: IGG Last review: 29.01.26
IS18 ITS Cryptographic Controls Policy [PDF 177KB]
Approved by: IGG Last review: 29.01.26
DG18 Password Management
Superseded by: IS01 Information Security & Acceptable Use Policy - 15.01.2025
IS19 ITS Vulnerability and Malware Policy [PDF 208KB]
Approved by: IGG Last review: 29.01.26
DG21 Disconnection from the system
Approved by: ITLT Last review: Retired
Secure Desk Working Policy
Superseded: IS01 Information Security & Acceptable Use Policy - 27.03.2023
IS22 ITS Use of Cloud Services Policy [PDF 175KB]
Approved by: IGG Last review: 29.01.26
System Recovery
IS05 ITS Information Security Business Continuity Policy [PDF 127KB]
Approved by: IGG Last review: 29.01.26
IS21 ITS Backup Policy [PDF 189KB]
Approved by: IGG Last review: 29.01.26
Logs & Audits
DG13 Managing Information Records
Approved by: IGG Last review: Retired
IS20 ITS Logging and Monitoring Policy [PDF 180KB]
Approved by: IGG Last review: 29.01.26
IT Related Policies
If the link does not work copy & paste the URL into your browser.
Managing Electronic Information
Central Print Policy [PDF 498KB]
Patch Management Policy [PDF 717KB]
BYOD Policy [PDF 523KB]
BYOD Appendix - B [PDF 244KB]
IT Related Procedures
ITPROC01 Data Destruction Procedure [PDF 288KB]
ITPROC01 Secure Deletion Confirmation Template [DOC 49KB]
Guidance Documents
ITS Device Policy Guidance v2.4 [PDF 428KB]
Guidelines on Cloud Services [PDF 669KB]
Web Application Guidance [PDF 1,000KB]
SDD and NCR Naming Convention [PDF 704KB]
Guide to current service offering - PC and Print May 2016 [PDF 88KB]
IT Service Offerings Description Document v4.0 [PDF 954KB]
Guidance for Recruiting Individuals [PPT 479KB]
IS14 Staff Travelling to High-risk Countries [PDF 1,217KB]
Risk Management