Clear desk and screen control procedure
Defining our approach to keeping working areas and devices secure.
Outlining our approach to clear desk and screen security measures
Contents
Policy statement
This control procedure defines our approach to keeping working areas and devices secure, and directly supports the following statement from the Information Security Policy:
“All assets (information, software, electronic information processing equipment, service utilities and people) will be documented and accounted for.”
“Owners will be identified for all assets and they will be responsible for the maintenance and protection of their assets.”
Audience
This procedure is intended to be read and understood by all users accessing university information, IT systems, networks or software using any university or personal device.
Control statements
Clear desk
Material left unattended (e.g. on a printer or in an unlocked cupboard) is more susceptible to damage, disclosure or theft, particularly outside of office hours.
Documents containing SENSITIVE information according to the University’s information classification scheme should be locked away when not required, especially when the office is empty. Printing should be removed from printers immediately and not left for others to pick up.
Documents should be disposed of in the confidential waste bins or shredded according to the University’s information classification scheme. No SENSITIVE documents should be placed in the general waste.
Where possible, pedestals and/or shared cupboards should be locked when left unattended.
Clear screen
There is a risk that information could be viewed by unauthorised users if left on an unlocked, unattended computer screen. Screens can easily be locked when not in use by using Ctrl+Alt+Del and Enter or the Windows key and ‘L’ for Windows computers, or Control+Shift+Power for Macs. This should be done whenever a screen is left unattended.
Screens will automatically lock after a period of 30 minutes when inactive.
Remote working
Care should be taken when working away from the office, including at home, to ensure that the same guidelines are followed. Always be aware of others being able to view University material, especially when on public transport or in public locations such as cafes.
Removable media
All removable media devices including laptops and mobile phones containing SENSITIVE data should be stored within a secure room or cupboard when not in use.
Compliance
Failure to comply with this procedure could result in action in line with the University’s disciplinary procedure or performance improvement procedure.
Compliance checks will be undertaken by the University’s information governance functions. The results of compliance checks, their risk assessment and their remediation will be managed by the Information Governance Board.
Related documents
This control procedure needs to be understood in the context of the other policies and procedures constituting the University’s Information Security Management System.
Browse Information Security policies and control procedures
Review
A review of this policy will be undertaken by the information security team annually or more frequently as required, and will be approved by the Information Governance Board.
Version: | 3.5 |
Release date: | 10/09/2024 |
Review date: | 10/08/2025 |