Skip to content

Clean Desk Policy

POLICY SUMMARY

A clean desk policy can be an essential tool to ensure that all sensitive/confidential materials are removed from an end user’s workspace and locked away when the items are not in use or an employee leaves his/her workstation.

PolicySummary
A clean desk policy can be an essential tool to ensure that all sensitive/confidential materials are removed from an end user’s workspace and locked away when the items are not in use or an employee leaves his/her workstation. It is one of the top strategies to utilize when trying to reduce the risk of security breaches in the workplace. This policy is also intended to increase employee awareness about protecting sensitive information.
Reason for Policy
To improve the security and confidentiality of data used by employees of the Institute, Pratt has adopted a Clean Desk Policy for workspaces. This policy ensures that all sensitive and confidential information, whether on paper, storage media, or hardware is adequately secured and protected from unauthorized view. This policy reduces the risk of unauthorized access, loss, and damage to information during and outside of regular business hours or when workstations are left unattended.
Targeted Population
This policy applies to all employees of Pratt Institute.
1. Policy
1.1    Employees are required to ensure that all sensitive/confidential information in hardcopy or electronic form is secure in their work area at the end of the day and when they are expected to be gone from their workspace for an extended period.
1.2    Computer workstations must be locked when the workspace is unoccupied.
1.3    Any Restricted/Sensitive information must be removed from the desk and locked in a drawer when the office is empty and at the end of the workday.
1.4    File cabinets containing Restricted or Controlled information must be kept closed and locked when not in use or when not attended.
1.5    Computer workstations must be shut down at the end of the workday unless receiving updates during off-hours or remote access for out of office use has been approved.
1.6    Keys used for access to Restricted/Sensitive information must be left in a locked drawer.
1.7    Laptops and tablets must be either locked with a locking cable or locked away in a drawer.
1.8    Passwords should not be posted on sticky notes posted on or under a computer, nor may they be left written down in an accessible location.
1.9    Printouts containing Restricted/Sensitive information should be immediately removed from the printer.
1.10 Upon disposal Restricted/Sensitive documents should be shredded in the official shredder bins or placed in the lock confidential disposal bins.
1.11 Whiteboards containing Restricted and Sensitive information should be erased.
1.12 Lock away portable computing devices such as laptops and tablets.
1.13 Treat mass storage devices such as CDROM, DVD or USB drives as sensitive and secure them in a locked drawer
1.14 All printers and fax machines should be cleared of papers as soon as they are printed; this helps to ensure that sensitive documents are not left in printer trays for the wrong person to pick up.
2. Policy Compliance
2.1 Compliance Measurement
The Pratt Information Technology division will verify compliance to this policy through various methods, including but not limited to, periodic walkthroughs, business tool reports, internal and external audits, and feedback to the policy owner.
2.2 Exceptions
The Pratt IT department must approve any exception to the policy in advance.
2.3 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
3. Related Standards, Policies, and Processes
None.
4. Definitions and Terms
Restricted/Sensitive Information: Highly sensitive data such as social security numbers, personal health information, personal identity information (PII) and financial data that must be handled with the utmost care and be protected to the highest possible extent.
Controlled Information: data such as proprietary data, graded papers, etc. which must be protected and stored securely.
5. Revision History
Date Submitted
Name of person responsible
Role of the person responsible
Summary of changes
10-22-2018
David Soto
System Security Analyst
Policy was written
4-22-2019
David Soto
System Security Analyst
Edited grammatical errors.
8-26-2019
David Soto
System Security Analyst
Recommended changes.
10-6-2020
David Soto
System Security Analyst
Edited grammatical errors / requested policy be posted online