Sample Policy: Secure Desk Policy

Disclaimer

This is a sample policy provided to give you some ideas to draft your own. You should consider your own work situation and draft your policy accordingly. Where there are points requiring legal advice or expert consultations, please obtain the required expertise at your own costs.

Secure Desk Policy

Purpose

This policy aim to reduce the risk of unauthorized access, loss of, and damage to information during and outside normal working hours or when areas are unattended.

Operating Units and / or Locations Covered

XYZ Group and its subsidiaries

Scope

This policy apply to all permanent staff and contract staff who can access confidential information under supervision or authorization.

Responsibility

All staff are responsible for complying with these work instructions. Business Unit Heads, Department managers and supervisors should monitor compliance by their staff on an on-going basis.

Definitions

None

Forms

Not Applicable

Confidential Paper and Other Media Documents

7.1         Where practically possible, paper and computer media should be stored in suitable locked cabinets or other forms of security furniture when not in use, especially outside working hours.

7.2       Where lockable filing cabinets, drawers, cupboards etc are not available, office / room doors must be locked if left unattended.

7.3       Confidential information, when printed, should be cleared from printers immediately. Where practical printers with a “locked job” facility should be used.

7.4       It is a good practice to lock all office areas when they are not in use.

7.5       Any confidential information must be removed from the desk and locked in a drawer or cabinet when the desk is unoccupied and at the end of the work day.

7.6       File cabinets containing confidential information must be kept closed and locked when not in use or when not attended.

7.7       Keys used for access to confidential information must not be left at an unattended desk.

7.8       Upon disposal confidential documents should be shredded. All employees may not dispose confidential documents in the trash-bin.

7.9       Whiteboards containing confidential information should be erased when the meeting ends.

7.10    Treat mass storage devices such as CDROM, DVD or USB drives as sensitive and secure them in a locked drawer.

7.11    Employees working in cubicles must turn work papers containing confidential information face-down before leaving their cubicles temporarily.

Computer Screen

8.1       Computer terminals, whether desk-tops, lap-tops or hand held devices should not be logged on when un attended and should be password protected.

8.2       Computers should be configured to automatically lock or engage password protected screensaver after an unattended duration of 15 minutes or any other short duration of time.

8.3       Computer screens should be angled away from the view of unauthorized persons, wherever practical.

8.4       Users should log off or lock their computers when they are leaving their computers unattended.

8.5       Compute desk-tops or lap-tops must be shut down completely at the end of the work day.

References

Nil

Process Map

Not Applicable

Revision History

First release:  May 2015

Advertisements