Clean Desk and Clear Screen Guidelines
|Audience||Faculty, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors that handle sensitive information should familiarize themselves with these guidelines. Students are also encouraged to develop similar strategies in appropriate settings.|
|Implementation Information||Review Frequency: Triennial
Responsible Person: Director, IT Risk and Data Integrity
Approved By: CISO
|Background Information||These guidelines ensure that confidential information, whether in electronic or paper form, is appropriately secured when a workspace is not used. This strategy reduces the risk of unauthorized access, loss of, and damage to Information during and outside of regular business hours or when workspaces are left unattended.|
Information refers to a body of knowledge or data obtained, produced, organized, shared, or managed over the course of its business operations. Information may be shared or stored physically or electronically. Information is not easily replaced without funding, skill, knowledge, resources, time, or any combination of these factors. Therefore, Information is considered a critical resource used to build knowledge and sustain and create organizational value.
- Enable a password-protected screen saver.
- Log off your computer when you are not at your workspace.
- Log off and/or lock your computer at the end of the workday.
- To prevent shoulder surfing, position your computer screen to protect the confidentiality of the Information. If moving your monitor is not possible, consider using a privacy screen or filter.
- Lock your portable computing devices (e.g., laptops, tablets) in a drawer or cabinet when you are not at your workspace or at the end of the workday.
- Treat portable media (e.g., CDROM, DVD, USB drives) as sensitive and secure them in a locked drawer.
- Do not leave portable media (e.g., CDs, USB drives) with sensitive information unattended in drives or attached to your computer.
- Notify IT Service Desk Level 1 and Public Safety immediately if any desktop, laptop, tablet, and/or portable media containing Fordham Protected or Fordham Sensitive information is missing.
- Do not leave secure sensitive paper containing Fordham Protected and Fordham Sensitive data unattended on your desk, especially if you will be away from your desk for an extended period of time (e.g., lunch breaks, meetings, etc.).
- Do not leave cabinet or office keys in their locks.
- Do not leave keys used for access to Fordham Protected or Fordham Sensitive Information at an unattended desk.
- Notify Public Safety immediately if your access card or keys are missing.
- At the end of the working day, you should tidy your desk, put away all paper that contains Fordham Protected or Fordham Sensitive Information, and lock your office or drawers.
- Never write down passwords.
- Do not leave printouts on printers unattended.
- Shred sensitive documents when they are no longer required.
- Do not use bookshelves to store binders with Fordham Protected or Fordham Sensitive Information. Label those binders accurately. Treat those binders as sensitive and secure them in a locked drawer.
Related Policies, Procedures, and Forms
- Data Classification and Protection Policy
- Data Classification Guidelines
- Records Retention and Disposal