Outlining our approach to clear desk and screen security measures

Contents

Policy statement

This control procedure defines our approach to keeping working areas and devices secure, and directly supports the following statement from the Information Security Policy:

“All assets (information, software, electronic information processing equipment, service utilities and people) will be documented and accounted for.”

“Owners will be identified for all assets and they will be responsible for the maintenance and protection of their assets.”

Audience

This procedure is intended to be read and understood by all users accessing university information, IT systems, networks or software using any university or personal device.‌

Control statements

Clear desk

Material left unattended (e.g. on a printer or in an unlocked cupboard) is more susceptible to damage, disclosure or theft, particularly outside of office hours.

Documents containing SENSITIVE information according to the University’s information classification scheme should be locked away when not required, especially when the office is empty. Printing should be removed from printers immediately and not left for others to pick up.

Documents should be disposed of in the confidential waste bins or shredded according to the University’s information classification scheme. No SENSITIVE documents should be placed in the general waste.

Where possible, pedestals and/or shared cupboards should be locked when left unattended.

Clear screen

There is a risk that information could be viewed by unauthorised users if left on an unlocked, unattended computer screen. Screens can easily be locked when not in use by using Ctrl+Alt+Del and Enter or the Windows key and ‘L’ for Windows computers, or Control+Shift+Power for Macs. This should be done whenever a screen is left unattended.

Screens will automatically lock after a period of 30 minutes when inactive. 

Remote working

Care should be taken when working away from the office, including at home, to ensure that the same guidelines are followed. Always be aware of others being able to view University material, especially when on public transport or in public locations such as cafes.

Removable media

All removable media devices including laptops and mobile phones containing SENSITIVE data should be stored within a secure room or cupboard when not in use.

Compliance

Failure to comply with this procedure could result in action in line with the University’s disciplinary procedure or performance improvement procedure. 

Compliance checks will be undertaken by the University’s information governance functions. The results of compliance checks, their risk assessment and their remediation will be managed by the Information Governance Board.

Related documents

This control procedure needs to be understood in the context of the other policies and procedures constituting the University’s Information Security Management System.

Browse Information Security policies and control procedures

Review

A review of this policy will be undertaken by the information security team annually or more frequently as required, and will be approved by the Information Governance Board.

Version: 3.4
Release date: 22/03/2023
Review date: 21/02/2024