Clear Desk and Screen Policy

This Policy is effective as of 27/05/19.

This Policy is due for review on 27/05/20.

1.              Introduction

We are Kai Ai Ltd and this is our Clear Desk and Screen Policy. This policy applies to all Employees.

This Policy will support us in preserving the confidentiality, integrity and availability of data manually handled and on IT systems used by us and third-party staff.

2.              Definitions and key terms

 

Employees

All employees, staff and volunteers.

 

Form

A Form includes any of the following that exist on the Services:

  • surveys,
  • contact forms,
  • newsletter subscriptions forms,
  • user registrations forms,
  • e-commerce forms,
  • other registration forms; and
  • text boxes.

Policy

This Clear Desk and Screen Policy.

We, us and our

Kai Ai Ltd

3.              Who we are

The Services are operated by Kai Ai Ltd, a UK Limited company registered in England.

Some important details about us:

Our business address is: 10 Waltham Gardens, Banbury, Oxfordshire OX16 4FD

Our registered address is: 10 Waltham Gardens, Banbury, Oxfordshire OX16 4FD

Our company number is: 11648282

4.              Clear desk policy

At the end of the working day or when leaving the office during the day, all documents or media with a classification marking shall be secured in lockable commercial office furniture (desk drawers, filing cabinets, cupboards).

If the office remains occupied for the duration of your absence information classified as CONFIDENTIAL may be left on the desk for up to 5 minutes, provided those present are authorised to view the information, otherwise it should be removed from view or secured appropriately.

If material classified as RESTRICTED or CONFIDENTIAL has been left unsecured, you shall either stay with it until the data owner returns or secure the material before you leave.

Information classified as RESTRICTED shall not be left unattended for any period of time. When not in use, it is to be secured in a cabinet approved to store RESTRICTED assets.

Removable media shall be locked away.

Personal belongings should be removed from view.

Office/work area windows shall be closed when working areas are unattended and at the end of the working day.

All internal doors shall be closed when working areas are unattended and at the end of the working day.

In ground floor work areas, blinds shall be closed or PC/Laptop screens, information boards or any protectively marked or sensitive information shall be positioned so it cannot be viewed by passers-by.

All desk pedestals shall be locked when working areas are unattended and at the end of the working day.

All cabinets shall be locked when working areas are unattended and at the end of the working day.

All laptops shall be secured in suitable containers when working areas are unattended and at the end of the working day.

All printers shall be cleared of printed material when working areas are unattended and at the end of the working day.

All photocopiers shall be cleared of printed material when working areas are unattended and at the end of the working day.

All ‘white boards’ shall be wiped clean when working areas are unattended and at the end of the working day.

All ‘flip charts’ shall be cleared of information when working areas are unattended and at the end of the working day.

5.              Clear Screen Policy

For all of our IT systems, computer screens should be angled away from the view of unauthorised persons.

All users shall ensure that any information classified as RESTRICTED or CONFIDENTIAL shall not be overseen by those without a need to know.

Screens shall be cleared or locked when talking to unauthorised persons.

All computer terminals shall have the auto screen saver set to activate when there is no activity for a period, suggested as no longer than 15 minutes.  (If users have access to RESTRICTED material then the auto screen saver period shall be set for a period of no longer than 5 minutes inactivity).

Users shall invoke the screen lockout for periods when they are away from their device for no longer than 45 minutes. For periods longer than 45 minutes and at the end of the working day they shall log-off or shut down the device and switch off the screen.

For IT systems processing RESTRICTED information the screen lockout shall be invoked for a period of no longer than 30 minutes inactivity.

Users shall be required to re-authenticate to unlock their screens.

6.              Agreement

All Employees are required to read, understand and accept this policy.

7.              Further Information

Employees should contact their manager for further information regarding this Policy.