If you have IT security questions or concerns, your first point of contact should be the ICT Service Desk. Please submit a ‘Report an issue’ form and include as much detail as possible. 

Report a vulnerability 

Imperial’s IT security team welcome responsible disclosure of any vulnerability in our services. We are committed to verifying and responding to any legitimate reported vulnerability.

Disclosure guidelines

  • Please provide details of the vulnerability or security issue along with any information needed to reproduce.
  • Avoid violating the law, privacy, or any destruction, alteration or denial of our services.
  • Do not modify or access any data that doesn’t belong to you.
  • Allow us reasonable time to respond and fix the issue. We aim to reply to your initial contact within 2 business days.

Community members 

Please send an email to vulnerability@imperial.ac.uk with your name and contact information. We can provide encrypted channels over S/MIME or other mechanisms if required.

Please note this reporting policy is not permission to “hack” or “pen test” Imperial systems but provides a process to report issues legitimately discovered in the course of using our systems and services.