Security & Compliance
< Back to Article ListGDPR > Clean Desk Policy
Last updated: 21 November 2023 at 11:10:51 UTC by Russell Briggs
-
- This policy sets out the policies and procedures of Recycly Ltd (the "company") with respect to information, and the security of it, is important to the company, and it is committed to ensuring that it manages that information in the best way possible.
-
- A clean desk policy is an important tool to ensure that all sensitive/confidential materials are removed from an end-user workspace and locked away when the items are not in use or an employee leaves his/her workstation. It is one of the top strategies to utilise when trying to reduce the risk of security breaches in the workplace. The purpose of the policy is to increase employee’s awareness about protecting sensitive information and to establish the minimum requirements for maintaining a “clean desk” – where sensitive/critical information about the employees, the company’s intellectual property, the customers and the vendors are secure in locked areas and out of sight. A Clean Desk Policy is part of standard basic privacy controls.
This policy applies to all Recycly Ltd employees and affiliates. The purpose of this Clean Desk Policy is to set out the minimum requirements for maintaining a “clean desk”, to outline what employees and contractors are required to do in order to maintain the policy and to highlight the sanctions that may apply if the terms of the policy are not adhered to. The policy applies to all permanent, temporary, and contracted staff working for the company without no exemption.
-
- Employees are required to ensure that all sensitive/confidential information in hardcopy or electronic form is secure in their work area at the end of the day and when they are expected to be gone for an extended period.
-
- Must ensure that any computer workstation, laptop, tablet or other electronic device is locked and passworded when he/she is away from his/her workspace and completely shut down (and if a tablet or portable device locked away in the secure cabinet/drawer/facility provided for that purpose) at the end of the working day. If an employee has been given permission to use a mass storage device such as a CD, DVD, portable hard drive and USB drive (note restrictions in respect of the use of such devices in the Information Security Policy) then that mass storage device must be locked away in the secure cabinet/drawer/facility provided for that purpose.
-
- File cabinets containing confidential and/or sensitive information must be kept closed and locked when not in use or when not attended. Keys used for access to restricted or sensitive information must not be left at an unattended desk.
-
- Passwords may not be left on sticky notes posted on or under a computer, nor may they be left written down in an accessible location.
-
- Confidential and/or sensitive information should be immediately removed from the printer.
-
- Ensure that any sensitive and/or confidential information which does not form part of a file and which is no longer required is disposed of either by being shredded and the shredded papers placed in the appropriate shredding bins or disposed of using the designated confidential waste procedures. Under no circumstances should this information be placed in regular waste paper bins.
-
- Ensure that all whiteboards containing sensitive and/or confidential information are wiped clean unless they are in an area that has been designated as an area that is, either permanently or temporarily, to be kept secure and from which non-authorised staff are excluded.
-
- The company will make available for the purposes of this policy locking cabinets /locking drawers / individual locking boxes for personal and smaller items / shredding facilities / confidential waste facilities and shall ensure that all employees are made aware of how they are to be used.
-
- The company will ensure that all electronic data stored on the company’s network is capable of being securely backed up and in the event of a problem able to be accessed as and when necessary.
-
- The company will ensure that all employees are trained in the importance of this policy and in the need to abide by the terms and provisions which it contains. Refresher training will be provided from time to time.
-
- Any exception to the policy must be approved by the company in advance.
-
- Compliance with this policy will be verified using various methods including, but not limited to, periodic walk-throughs, inspections, video monitoring, end-of-day checks.
-
- If any employee shall deliberately or negligently disregard any of the Clean Desk Policy requirements then this may, in the absolute discretion of the company, result in disciplinary action being taken against him/her.
-
- If someone who is not a direct employee of the company shall deliberately or negligently disregard any of the Clean Desk Policy requirements, the company shall take such punitive action against that person and/or his or her employer as the firm in its absolute discretion deems appropriate.
This policy must be reviewed and updated annually.
The following matters must be considered as pan of each review of this policy:
- changes to the legal and regulatory environment;
- changes to any codes of conduct to which the company subscribes;
- developments in industry best practice;
- any new data collected by the company;
- any new data processing activities are undertaken by the company, and
- any security incidents affecting the company.