Content library
ISO 27001 (2013): Full
11.2.9: Clear desk and clear screen policy

How to fill the requirement

ISO 27001 (2013): Full

11.2.9: Clear desk and clear screen policy

Task name
Priority
Status
Theme
Policy
Other requirements
Personnel guidelines for safe processing of personal and confidential data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Processing principles and accountability
requirements

Task is fulfilling also these other security requirements

29. Processing under the authority of the controller or processor
GDPR
7.2.2: Information security awareness, education and training
ISO27 Full
18.1.4: Privacy and protection of personally identifiable information
ISO27 Full
12.1.1: Documented operating procedures
ISO27 Full
11.2.8: Unattended user equipment
ISO27 Full
1. Task description

The Data Protection Officer (or other responsible person) has drawn up operating instructions for personnel handling personal data. In addition, the Data Protection Officer is ready to advise the controller, personal data processing partners or their own staff on compliance with GDPR or other data protection requirements.

Personnel guidelines for file usage and local data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Management of data sets
requirements

Task is fulfilling also these other security requirements

7.2.2: Information security awareness, education and training
ISO27 Full
11.2.9: Clear desk and clear screen policy
ISO27 Full
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Self-monitoring
FYY-04: Tiedon säilytys
Julkri
5.10: Acceptable use of information and other associated assets
ISO27k1 Full
1. Task description

Especially when local or unstructured data needs to be handled a lot due to the nature of the activity, it may be necessary to develop training that describes the risks involved for staff.

Common problems with local and unstructured data include e.g.:

  • no backups
  • no access management
  • hard to locate

For data you do not want to lose, that you want to control, or that is important to find in the future, staff should use data systems designed for it.

Endpoint PIN-protection and automated locking
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Remote work and mobile devices
Mobile device management
requirements

Task is fulfilling also these other security requirements

11.2.9: Clear desk and clear screen policy
ISO27 Full
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Self-monitoring
7.7: Clear desk and clear screen
ISO27k1 Full
SEC-06: Reviewing password practices on password protected systems
Cyber Essentials
1. Task description

Devices should be protected against unauthorized access to or disclosure of information stored on or processed by them. Mandatory protection of the devices, e.g. with a 5-digit PIN code before each use, and automatic locking of the devices, e.g. after 5 minutes of inactivity, can help.

Locked cabinets for storing confidential paper data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Non-electronic data and copies
requirements

Task is fulfilling also these other security requirements

11.2.9: Clear desk and clear screen policy
ISO27 Full
7.7: Clear desk and clear screen
ISO27k1 Full
1. Task description

If sensitive paper information is required, there are safes, other lockers or other secure furniture for storing it.

Sensitive information must not be lurking available to anyone around the office.

No items found.