Professional Documents
Culture Documents
Overview
Description: Most of the company business is conducted using
desktop or laptop dedicated to a single user. It is essential to protect
information about assets created, gathered, shared or stored in
desktop and laptop, related computer media (e.g. Diskettes, CDROMs,
Flash Drives, etc.) and peripheral equipment such as fax machines,
printers and copiers.
Purpose/Rationale: The purpose of this policy is to set security
provisions for securing desktop and laptop computers, related
computer media and peripheral equipment there by ensuring safety of
business information /data.
Applicability: All individuals granted access to the company network
and information systems including but not limited to full and part-time
employees, temporary workers and those employed by others to
perform company work, are covered by this policy and shall comply
with this and associated policies, procedures and guidelines.
This policy includes all computers (e.g., desktops and laptops), stand
alones as well as those connected to the company Network.
The same physical and technical security
implemented for mobile and remote computers.
measures
shall
be
Policy
1. General
a. Company will ensure reasonable physical safeguards to
maintain desktop and laptop computers and peripheral
equipment in such a way to avoid inadvertent disclosure of
the information.
b. The IT department shall be responsible for secure
installations, configurations, distribution, management and
removal from service, of desktop and laptop computers. IT
department must document if these responsibilities are
assigned to another program area or office.
c. The company may withdraw permission for any or all
business or personal uses of its network or information
systems at any time.
2. Securing Desktop and Laptop Computers
Individuals granted access to the company Network or
information systems shall secure desktop and laptop computers
from inadvertent or unauthorized access.
a. When leaving a desktop or laptop computer unattended,
users shall apply the "Lock Workstation" feature
(ctrl/alt/delete, enter) where systems allow.
b. Desktop and laptop computers shall be set to activate the
automatic screensaver feature after a period of non-use.
The period of non-use shall be for no more than five (5)
minutes.
c. The approved desktop background is attached which is to
be used as desktop background by all the employees
7. Viruses
a. Desktop and laptop computer users shall not write,
compile, copy, knowingly propagate, execute, or attempt
to introduce any computer code designed to self-replicate,
damage, or otherwise hinder the performance of any
computer system (e.g. virus, bacteria, worm, trojan horse,
or the like).
b. Suspected viruses should be reported immediately to the
Help Desk of IT department.
c. Viruses shall not be deleted without expert assistance
unless instructed by the IT department.
8. Monitoring of desktop and laptop computers.
a. The company reserves the right to monitor individual user
desktop and laptop computers at random or for cause.
9. Technical Security
Desktop and laptop computers shall be configured to reduce the
risk of inadvertent or unauthorized access to the company
information and systems.
a. All company desktop and laptop computers shall be
configured according to IT department desktop and laptop
configuration standards.
b. User identification (name) and authentication (password)
shall be required to access the operating system of all
desktop and laptop computers whenever turned on or
booted.
c. Mainframe terminal sessions shall be configured to log a
user off the system during extended periods of non-use.
The period of non-use shall be for no more than 60
minutes.
Policy exceptions
a. The IT department shall be authorized to approve or deny
policy exceptions regarding elements of any Information
Security Policy. Policy exception requests shall be
submitted electronically or in hard copy form to the IT
department.