CLEAR DESK AND CLEAR SCREEN POLICY
Document Identification |
HSNZ/POL/20 |
|
Document Name |
Clear Desk and Clear Screen Policy |
|
Master Copy |
CISO |
|
Version Number |
1.3 |
|
Date Of Release |
15 Aug 2023 |
|
Prepared By |
Eparama Tuibenau |
CISO |
Approved by |
Kevin McAfee |
Managing Director |
VERSION HISTORY
Sl No |
Version No. |
Prepared by |
Approved by |
Description of Version |
Date |
Reason for Version Change |
|
From |
To |
||||||
1 |
1.0 |
- |
CISO |
MD |
First Release |
14 Apr 2020 |
No changes made |
1 |
1.0 |
1.1 |
CISO |
MD |
Updated |
11 July 2021 |
Modifications due to changes in HealthSafe |
1 |
1.1 |
1.2 |
CISO |
MD |
Reviewed |
28 July 2022 |
Annual review |
1 |
1.2 |
1.3 |
CISO |
MD |
Reviewed |
15 Aug 2023 |
Annual review |
DOCUMENT STATUS
Date |
Document Status |
14 Apr 2020 |
Modified |
11 Jul 2021 |
Reviewed |
28 Jul 2022 |
Reviewed |
15 Aug 2023 |
Current |
Table of Contents
1 Purpose
2 Scope
3 Input
4 Output
5 Interacting Process
6 Abbreviations, Acronyms and Definitions
7 Procedure
8 Monitoring the Process
9 Records
1 PURPOSE
The purpose of this document is to establish and maintain a policy for clear desk and clear screen for HealthSafe NZ.
2 SCOPE
These procedures apply to all aspects of a clear desk and clear screen.
3 ABBREVIATIONS, ACRONYMS AND DEFINITIONS
Abbreviation |
Description |
FH |
Functional Head |
IT |
Information Technology Department |
TL |
Team Lead |
CISO |
Chief Information Security Officer |
CIA |
Confidentiality Integrity Availability |
4 INPUT
To ensure that no data or information is available on a desktop which can be a threat to CIA
5 OUTPUT
To ensure that no data or information are available that can be threat to the CIA
6 INTERACTING PROCESS
Individual Employees and Contractors are responsible for keeping their home desks clear of any sensitive information
7 PROCEDURE
Clear Desks
- All information classified higher than Public domain must be removed and securely stored where a desk will be unattended for more than 30 minutes.
Clear Screen
- All screens and other computer displays must be cleared of non-public domain information and logged out when not in use.
- Where available, system controls must be used to enforce this policy where a machine has been unattended for 30 minutes or more.
Screen Locking
- A domain-wide policy for all computer systems must automatically lock the screen, when the system is idle for 30 minutes.
- Such screen un-locking must require the logged in users to authenticate to access the system.
- Screen locking can be done by logging-off when the host will be unattended.
- Password for screen locking must be applied at every login.
8 MONITORING THE PROCESS
This process is monitored through regular and routine checkups and shall be effectively monitored during the internal audits when applicable
9 RECORDS
NIL