Skip to content

Clear Desk and Clear Screen Policy

Owner Classification Review Date Status
CDO Office Internal April 2027 Active
Field Details
Document Type Policy
Document Reference SP-CDCSP-005
Version 1.2
Owner CISO
Classification Confidential
Review Cycle Annual

Introduction

The Clear Desk and Clear Screen Policy establishes Simpaisa's requirements for protecting sensitive information from unauthorised access or disclosure through physical and screen-based security measures. Unattended workstations and documents left visible in the workplace represent a significant information security risk.

This policy applies to all Simpaisa employees, contractors, and visitors at all Simpaisa premises.

Resources

The following resources are covered by this policy:

  • Desktop and laptop computers

  • Mobile devices (smartphones, tablets)

  • Printed documents, reports, and files

  • Removable storage media (USB drives, external hard drives)

  • Whiteboards and other visible surfaces where sensitive information may be displayed

  • Physical keys and access cards

Policy

Computer Screen Security

  • All computer screens shall be locked when a workstation is left unattended, even briefly

  • Automatic screen lock shall be configured to activate after a maximum of 5 minutes of inactivity

  • Screen lock shall require re-authentication (password or PIN) to unlock

  • Computer screens shall be positioned to prevent inadvertent viewing by unauthorised individuals

  • Screens displaying sensitive information shall not be visible from public areas or common walkways

  • Privacy screens shall be used where screens face areas accessible to the public or other unauthorised personnel

Physical Security Requirements

  • Sensitive documents shall not be left unattended on desks or in open areas

  • All documents containing confidential or sensitive information shall be stored securely when not in use (e.g., in locked drawers or cabinets)

  • Printed documents containing sensitive information shall be collected promptly from printers and not left unattended

  • Documents containing sensitive information that are no longer required shall be securely disposed of using cross-cut shredders or locked confidential waste bins

  • Whiteboards containing sensitive information shall be erased when meetings conclude

  • Physical keys and access cards shall be stored securely and not left unattended on desks

  • Removable storage media shall be stored securely when not in use and locked away at the end of the working day

Compliance

All employees are responsible for complying with this policy as part of their day-to-day working practices. Managers are responsible for ensuring their teams are aware of and adhere to this policy.

The following measures support compliance with this policy:

  • Clear desk and clear screen requirements shall be included in employee induction and security awareness training

  • Periodic physical inspections may be carried out to assess compliance with this policy

  • Compliance with this policy is a condition of employment and service agreements with contractors

Non-Conformance

Failure to comply with this policy may result in:

  • Formal disciplinary action in accordance with Simpaisa's HR policies

  • Termination of employment or contractor engagement in cases of serious or repeated non-compliance

  • Regulatory and legal consequences where a breach results in the unauthorised disclosure of personal or confidential data

All instances of non-compliance identified during inspections or reported by staff shall be logged and investigated. Remedial action shall be taken and documented.