Clean Desk Policy
Employees are required to ensure that all sensitive/confidential information (in hardcopy, or electronic form) is secure in their work area at the end of the day, and when they are expected to be gone for an extended period. This includes offices, or virtual work areas.
- Computer workstations must be locked when workspace is unoccupied. Any workstation should be set to lock after 5 minutes of non-use.
- Computer workstations must be shutdown, or locked at the end of the work day.
- Any restricted, or sensitive information must be removed from the desk, and locked in a drawer when the desk is unoccupied, and at the end of the work day.
- File cabinets containing restricted, or sensitive information must be kept closed. They will be locked when not in use, or unattended.
- Keys used for access to restricted, or sensitive information will not be left at an unattended desk, and should be secured when not in use. A department should keep an inventory of their keys (this should include user name, key IDs, quantity, locations, and what they are used on/for).
- Laptops must be either locked with a locking cable, upon a locked docking station, or locked away in a drawer.
- Passwords may not be left on any non-secure medium.
- Printouts containing restricted, or sensitive information should be immediately removed from the printer.
- Upon disposal, documents should be shredded, or placed in a locked confidential disposal bin/location until collected.
- Whiteboards (or similar mechanism) containing restricted, or sensitive information should be erased after usage.
- Lock away portable computing devices such as laptops, and tablets that are not in use.
- Treat mass storage devices such as a CDROM, DVD, or USB drives as sensitive, and secure them when not in use. It is required that users dispose of any mass storage media per the retention policy.