Skip Navigation
Main Content

UCISA Information Security Toolkit 


You may also be instrested in the UCISA Information Security Management Toolkit

Most institutions now rely heavily on information systems to support and drive their key business processes. Consequently, such systems are increasingly subject to audit to ensure that they are being managed effectively and that the integrity of the information they hold is being maintained. The British Standard BS 7799 was frequently used as the basis for many such audits; the standard has now been subsumed into the international standard ISO27001:2005.

The UCISA Information Security Toolkit is intended to support UK Higher and Further Education Institutions in producing Information Security policies to address (and to demonstrate that they are addressing) threats to the confidentiality, integrity and availability of information systems for which they are responsible, and to help meet audit requirements. The sections draw heavily on British Standard BS 7799, not least by adopting its structure for control objectives and controls.

The first edition of the Toolkit, which has been produced with support from JISC and UKERNA, was launched at the UCISA Management Conference in Glasgow in March 2005, and the second version was launched at a Managers Forum on 23 November 2005 in London; this included a number of case studies on the implementation of the Toolkit. (The presentations can be downloaded from the event programme.) A third edition,  revised to reflect the new ISO standard, was released in 2007.

The complete document is available to download as a PDF file; in addition to this, it each individual section is available separately. Further it is hoped to include specimen policies from institutions that have implemented all or part of the Toolkit.

Download the Information Security Toolkit as a PDF file

Related material

A survey of institutions in May 2011 identified a number of information security policies in use or development. Links to these polices are available from this page.

The Information Assurance Advisory Council have produced guidance on digital investigation and evidence for Directors and corporate advisers.



Blank Image