Checklist of ISO/IEC 27001-A.11.2.9 Clear desk and clear screen policy

Introduction:

One of the essential aspects of information security is to ensure that sensitive information is not left unattended, exposed to unauthorized access, or at risk of theft. 

A clear desk and clear screen policy is an effective measure to safeguard confidential data by ensuring that work areas are free of sensitive information and digital devices are locked when not in use. 

This article aims to discuss the key considerations and practices for implementing and maintaining a clear desk and clear screen policy.

Sample Checklists:

  • Review existing policies, standards, procedures, and guidelines regarding clear desk and clear screen policy.
  • Evaluate the effectiveness of the current policy in practice by conducting walkthroughs and inspections of work areas.
  • Check if all computing devices have a password-protected screen saver or lock that employees use when stepping away from their devices or after a defined idle time.
  • Examine the procedures around usage of printers, photocopiers, scanners, cameras, and other reproduction technologies.
  • Check if all paperwork and digital storage media containing sensitive business or personal information are stored securely in locked cabinets, drawers, or encrypted devices.
  • Ensure that all employees are trained and made aware of the clear desk and clear screen policy, and understand the consequences of non-compliance.
  • Regularly monitor and enforce compliance with the policy, with clear consequences for violations.

Conclusion:

A clear desk and clear screen policy is a vital component of information security that helps protect sensitive information from unauthorized access or theft. 

By implementing and maintaining this policy, organizations can minimize the risk of information leakage and protect confidential data. 

See also  Uses of AI in ISO 27001

Regular reviews and evaluations of the policy are necessary to ensure that it remains effective and that all employees are complying with it.

Leave a comment

Your email address will not be published. Required fields are marked *