Call us Today +44 (0)1536 711 999

Marval logo
Blog

Why your organisation needs a clear desk and screen policy

Following the introduction of the EU General Data Protection Regulation (GDPR) which came into effect in May 2018, organisations have certainly become more aware and vigilant in maintaining the integrity and security of sensitive or confidential company data.

 

Marketing and sales departments across Europe have been quick to ensure compliance with the requlation, but an organisation’s security and control of information is a responsibility for all staff.

A simple, easy to adopt change is a company-wide clear desk and screen policy.

The objective of such a policy is to help employees (that’s all of us!) to understand our responsibilities in company security and play a small but vital part in its achievement.

On an individual’s desk and generally around offices (left on the photocopy is my pet peeve!), is the documentation we all use on a daily basis (plans, proposals, product information, quotations, customer communications including emails etc). These documents are company assets and as such the asset owners have a responsibility to ensure that documents are correctly classified (Restricted and Confidential, Internal Use and Public Use).

At the end of the working day and if you leave your desk or office (for comfort breaks, getting a cup of tea, attending a meeting etc), all documents marked as Confidential or Restricted should be stored in a locked area such as a desk drawer or filing cabinet.

Confidential or Restricted documents may be left on desks providing they are not left unsupervised for extended periods of time.

If Confidential or Restricted documents are found, they must be returned to your line manager or the document owner.

Removable media such as CDs, external hard drives and USB storage devices that contain Confidential or Restricted items should also be locked away if left unattended.

Drawers and cabinets that contain Confidential and Restricted documents should be locked at the end of the working day.

All personnel IT devices (laptops, desktops, servers, phones and tablets) should be locked when left unattended. Organisations can help by introducing an auto lockout policy that will take effect after a pre-determined period of inactivity. Users must then sign in to unlock their device.

Confidential or Restricted information being viewed on screens should be minimised or the screen turned off if unauthorised personnel are able to view the screen.

Personnel who view Confidential or Restricted information on a regular basis should have their screens facing away from doors and other desks (unless other office users have the same access level).

These guidelines will help minimise risks to the business through accidental or deliberate misuse of information.

By understanding and adopting this policy it will enable your organisation to correctly manage its information assets and thus preserve the integrity of its data. Failure to adopt may result in rogue documentation at best being misplaced and at worst fall into the hands of competitors.

By Richard West 

Got feedback? We'd love to hear it, drop an email to [email protected]

Contact Us View all Articles

Similar Articles

Endless possibilities with Marval...

Whatever your aspirations might be, we have the technology, the expertise and the people to make them happen.

We know you may have some questions...

I would like to opt in to receive marketing communications from Marval via:

  • Request a
    Demo

    Discover the benefits of implementing MSM software, designed to improve service quality, customer satisfaction and reduce costs

  • Download
    Resources

    Your central repository of interesting and useful information on IT Service Management

  • Customer
    Case Studies

    See how organisations all over the world use Marval MSM software to address their most critical IT Service Management challenges

  • Contact
    Marval

    Contact us to discuss your service improvement requirements