Scribd
Upload
532 views3 pages

Clear Desk and Clear Screen Policy Template

This document outlines an information security policy for maintaining clear desks and screens. It requires that employees ensure all covered information is secure when leaving their work area. Any covered information must be removed from desks and locked away when unattended. It also mandates that computer workstations be locked when unattended, passwords not be left in accessible locations, and workstations be shut down at the end of the day. Violations of this policy may result in disciplinary action up to and including termination.

Uploaded by

Nicky Elizardy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
532 views3 pages

Clear Desk and Clear Screen Policy Template

This document outlines an information security policy for maintaining clear desks and screens. It requires that employees ensure all covered information is secure when leaving their work area. Any covered information must be removed from desks and locked away when unattended. It also mandates that computer workstations be locked when unattended, passwords not be left in accessible locations, and workstations be shut down at the end of the day. Violations of this policy may result in disciplinary action up to and including termination.

Uploaded by

Nicky Elizardy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Information Security Policies

Clear Desk and Clear Screen Policy


Policy # IS-XX Effective Date 20XX-XX-XX Email [Contact E-mail Address]
Version 1.X Contact [Name] Phone (xxx) xxx-xxxx

Table of Contents
1.0 PURPOSE............................................................................................................................................. 1
1.1 SCOPE.................................................................................................................................................. 1
1.2 POLICY.................................................................................................................................................. 1
1.2.1 Covered Information..................................................................................................................... 1
1.2.2 Workstations................................................................................................................................ 2
1.3 PROCEDURES...................................................................................................................................... 2
1.3.1 Screen Timeout/Lockout.............................................................................................................. 2
1.3.2 Disposing of Covered Information................................................................................................ 2
1.4 VIOLATIONS......................................................................................................................................... 2
1.5 REFERENCES...................................................................................................................................... 3
1.6 RELATED DOCUMENTS...................................................................................................................... 3
1.7 APPROVAL AND OWNERSHIP............................................................................................................ 3
1.8 REVISION HISTORY............................................................................................................................. 3
1.9 SOC 2 MAPPING................................................................................................................................... 3

1.0 PURPOSE

To establish the requirements to ensure that all work areas are clear of covered information whether in
electronic or paper form.

1.1 SCOPE

This policy applies to all [Company] computer systems and facilities, with a target audience of [Company]
Information Technology employees and partners.

1.2 POLICY

1.2.1 Covered Information

Security of Covered Information – Employees are required to ensure that all covered information in
hardcopy or electronic form is secure in their work area at the end of the day and when they are expected
to be gone for an extended period.
Locking/Removal of Covered Information – Any covered information must be removed from the desk
and locked in a drawer when the desk is unoccupied and at the end of the work day.
Key Access to Covered Information – Keys used to access covered information must not be left at an
unattended desk.
File Cabinets – File cabinets containing covered information must be kept closed and locked when not in
use or when not attended.

Policy # IS-XX CONFIDENTIAL Page 1


Printouts – Printouts containing covered information should be immediately removed from printers,
copiers, and fax machines.
Disposal of Covered Information – Disposal of covered information shall be done in accordance with
[Company] policies.

1.2.2 Workstations

Locked Workstations – Computer workstations must be locked when the corresponding workspace is
unoccupied.
Session Time/Lock-Outs – Session time-outs and lockouts shall be enforced through technical controls
for all systems containing covered information.
Workstation Shutdown – Computer workstations must be shut completely down at the end of the work
day.
Laptops – Laptops must be either locked with a locking cable or locked away in a drawer when left at the
workstation for an extended period of time.
Password Protection – Passwords may not be left on sticky notes posted on or under a computer, nor
may they be left written down in an accessible location.

1.3 PROCEDURES

1.3.1 Screen Timeout/Lockout

All systems containing covered information, including mobile devices, shall be configured to clear the
screen (e.g. a screen saver) after 15 minutes of inactivity, close network sessions after 30 minutes of
inactivity (where applicable), and require the user to re-authenticate to regain access to the system.

1.3.2 Disposing of Covered Information

Refer to Standard Safeguards Policy and Retention and Disposal Policy for proper disposal of
covered information.

1.4 VIOLATIONS

Any violation of this policy may result in disciplinary action, up to and including termination of
employment. [Company] reserves the right to notify the appropriate law enforcement authorities of any
unlawful activity and to cooperate in any investigation of such activity. [Company] does not consider
conduct in violation of this policy to be within an employee’s or partner’s course and scope of
employment, or the direct consequence of the discharge of the employee’s or partner’s duties.
Accordingly, to the extent permitted by law, [Company] reserves the right not to defend or pay any
damages awarded against employees or partners that result from violation of this policy.
Any employee or partner who is requested to undertake an activity which he or she believes is in violation
of this policy, must provide a written or verbal complaint to his or her manager, any other manager or the
Human Resources Department as soon as possible.

1.5 REFERENCES

Policy # IS-XX CONFIDENTIAL Page 2


1.6 RELATED DOCUMENTS

1.7 APPROVAL AND OWNERSHIP

Created By Title Date Signature

Approved By Title Date Signature

1.8 REVISION HISTORY

Revision Reviewer/Approver
Version Description Review Date
Date Name
1.0 Initial Version

1.9 SOC 2 MAPPING


Criteria # Criteria Points of Focus Summary

C1.1 The entity identifies and maintains  Procedures are in place to identify
confidential information to meet the entity’s confidential information
objectives related to confidentiality.  Standards are set to define the
retention period for confidential
information
 Procedures are in place to protect
confidential information from
destruction or erasure

Policy # IS-XX CONFIDENTIAL Page 3

You might also like