Information Security Policy
Part 9
9. Information security around the office
9.1. Building security
- Staff should challenge any visitor who is not wearing a visitor badge and report them to Building Security.
- Access to complaint casework hard copy file stores will be controlled so these are only accessible by users in the performance of their duties.
9.2. At the desk
Users will maintain a ‘clear desk’, with no confidential information left in view when not in use.
- All confidential material will be cleared from desks at the end of the working day.
- Complaint casework files or confidential documents will be returned to locked cupboards or to designated storage areas at the end of each working day.
- Users will remove confidential papers immediately from printers and scanners
Users will maintain a ‘clear screen’ by doing the following.
- the auto screensaver will be set by the IT Team to lock after a maximum of 10 minutes in the office, and 30 minutes when working from home.
- using the keyboard locking mechanism (Ctrl Alt Del and choose the locking option OR use the Windows key and L) when leaving your desk.
- logging off when leaving the desk at the end of work.
See section 11.2 for more details on home working.
9.3. IT Security
- All servers and computer connectivity equipment will be in a secure location suitable for that equipment, including proximity to effective air conditioning and fire suppression systems.
- Environmental controls will protect central/key equipment. File servers will be protected from power surges and failures, interruption to other utility serves, extremes of temperature and humidity, malicious or accidental damage, fire and flood.
- Secure areas to protect key IT equipment will be secured by additional entry controls including security coded locked doors, and access will be restricted to authorised staff, coordinated by the IT staff and the Operational Support Manager.
- Equipment will be sited to minimise the risk of accidental damage. Any suspected damage to computer equipment will be reported to the IT service desk for checking before use.
- Pool laptops will be signed for before being taken out of the office. Care must be taken to ensure that IT equipment is protected from theft, loss or damage outside the office.
- Computer equipment is recorded on the asset register. It is the responsibility of IT staff to keep the asset register up to date.
See also Building security procedure.