Clear Screen and Desk Policy

From Wikimedia UK
Jump to: navigation, search
Comment This policy was adopted by the Board on 9 February 2013. It is part of a series of IT Security Policy.

Overview[edit | edit source]

WMUK staff and volunteers shall comply with the Clear Desk and Clear Screen Policy in the following ways:

  • Lock away all sensitive and valuable documents (paper and magnetic) in cabinets or desk drawers (as appropriate) when the desk is unattended for an extended period - for example when away for meetings, at lunch times, or overnight.
  • Log off computers and windows terminals (Including laptops) when unattended by pressing ctrl alt del. At cease of work close down all the applications and log off/shutdown the workstation.
  • Employ a screensaver policy that secures computers with a 15-minute lockout policy. The policy activates a password protected screensaver whenever a workstation is not used for 15 minutes. When a user returns to their computer after that time, they must enter the workstation’s password in order to unlock the console.
  • In an emergency, staff and volunteers need to leave the office quickly, e.g. a fire alarm or emergency call, they should invoke the password-protected screensaver, only if it is safe to do so, in order to prevent unauthorised personnel accessing their device.

Best practice guidelines[edit | edit source]

Staff and volunteers should remember that it is a fundamental principle that knowledge or possession of sensitive information is to be strictly limited to those Users that have a need to know and appropriate privileges. WMUK staff and users are to adhere to this principle in the following ways:

  • Ensuring that any documents or magnetic media, or other removable media such as CDs, DVDs etc are safely stored away.
  • Having awareness of positioning your screen so that sensitive information cannot be read by others.
  • Having awareness of leaving your access badge or issued security keys on your desk.