Clean Desk and Clear Screen Guidelines
Version 1.1
For Students, Faculty, Staff, Guests, Alumni
Sponsor | Office of Information Technology |
---|---|
Audience | Faculty, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors that handle sensitive information should familiarize themselves with these guidelines. Students are also encouraged to develop similar strategies in appropriate settings. |
Effective Date | 03/09/2018 |
Implementation Information | Review Frequency: Triennial Responsible Person: Senior Director of IT Security and Assurance Approved By: CISO |
Background Information | These guidelines help to ensure that confidential information, whether in electronic or paper form, is appropriately secured when a workspace is not in use. This strategy helps to reduce the risk of unauthorized access, loss of, and damage to Information during and outside of regular business hours or when workspaces are left unattended. |
Definitions
Information refers to a body of knowledge or data obtained, produced, organized, shared, or managed over the course of its business operations. Information may be shared or stored in a physical or electronic manner. Information is not easily replaced without funding, skill, knowledge, resources, time, or any combination of these factors. Therefore, Information is considered a critical resource used to build knowledge and sustain and create organizational value.
Guidelines Statement
- Enable a password-protected screen saver.
- Log off your computer when you are not in your workspace.
- Log off and/or lock your computer at the end of the workday.
- To prevent shoulder surfing, position your computer screen to protect the confidentiality of the Information. If moving your monitor is not possible, consider using a privacy screen or filter.
- Lock your portable computing devices (e.g., laptops, tablets) in a drawer or cabinet when you are not at your workspace or at the end of the workday.
- Secure portable media (e.g., CDs, DVDs, unencrypted USB or external drives) containing sensitive information with encryption or store the media in a secure location (i.e., locked drawer, locked cabinet).
- Notify IT Service Desk and Public Safety immediately if any desktop, laptop, tablet, and/or portable media containing Fordham Protected or Fordham Sensitive information is missing.
- Do not leave paper containing Fordham Protected Data and Fordham Sensitive Data unattended on your desk, especially if you are going to be away from your desk for an extended period
- (e.g., lunch breaks, meetings).
- Do not leave cabinet or office keys in their locks.
- Do not leave keys used to access Fordham Protected Data or Fordham Sensitive Data at an unattended desk.
- Notify Public Safety immediately if your access card or keys are missing.
- At the end of the working day, you should tidy your desk, put away all paper that contains Fordham Protected Data or Fordham Sensitive Data, and lock your office or drawers.
- Never write down passwords.
- Do not leave printouts on printers unattended.
- Shred sensitive documents when they are no longer required.
- Do not use bookshelves to store binders with Fordham Protected Data or Fordham Sensitive Data.
Related Policies, Procedures, and Forms
Revision History
Version | Date | Description |
1.0 | 03/03/2018 | Initial Guideline |
05/22/2020 | Periodic review | |
1.1 | 07/12/2023 | Updated Guideline Statement |