Bentley University Clean Desk Initiative

1. Overview and Purpose
2. Scope
3. Actions
4. Tips to Keeping a Clean Desk
5. Exceptions
6. Enforcement
7. Policy Support Contact
8. Approval and Revisions
9. Supporting Documentation

---

1.0 Overview and Purpose

The purpose for this initiative is to establish a culture of security and trust for employees at Bentley. An effective clean desk effort involving the participation and support of Bentley employees can greatly protect paper documents that contain sensitive information about our students, employees, donors, alumni, parents and friends. All employees that handle confidential data should familiarize themselves with the guidelines of this initiative.

The main purpose for a clean desk initiative is to reduce the risk of unauthorized disclosure of confidential information when left unattended; sensitive documents left in the open can be stolen by a malicious entity or lost.

2.0 Scope

At known extended periods away from your desk, such as a lunch breaks or meetings, sensitive working papers containing Level 1 or 2 data should be placed in locked drawers or a locked office.  At the end of the working day, an employee should tidy his or her desk and to put away all office papers that contain Level 1 or 2 data or lock his or her office.  Bentley provides locking desks and filing cabinets for this purpose.

3.0 Actions

• Allocate time in your calendar to clear away your Level 1 and 2 paperwork.
• Always clear your workspace of Level 1 and 2 paperwork before leaving for longer periods of time.
• If in doubt - check with your supervisor. If you are unsure of whether a duplicate piece of Level 1 or 2 documentation should be kept - discuss it with your supervisor before shredding.
• Destroy Level 1 or 2 documents when they are no longer needed through cross-cut shredders or locked Retrievex boxes.
• Lock your desk and filing cabinets at the end of the day. Don’t keep the keys in the drawer.
• If you have portable computing devices such as laptops or smart phones, lock your door at the end of the day.
• If you are storing any Level 2 data on CDs, secure them in a locked drawer. Don’t keep them in your PC when unattended.

 4.0 Tips to Keeping a Clean Desk

• If you store sensitive information (usernames, passwords, etc.) in day planners or notebooks, keep them in a locked drawer when you are away from desk for extended periods of time, including overnight.
• Lock your office door when you're gone for extended periods; if you don’t have an office, lock your cabinets. Do not leave keys in their locks.
• Never leave your access cards or keys out anywhere; always keep them with you; notify University Police immediately if access cards or keys are missing.
• Lock your computer when you leave your desk for an extended period of time, including overnight.
• Do not leave portable media with sensitive information, such as CDs or USBs, in drives or attached to your computer.
• Enable a password-protected screen saver.
• Never write your passwords on a sticky note nor try to hide them anywhere in your office.
• Remove printouts from printers before leaving your office.
• Shred sensitive printouts when you are done with them using a cross-cut shredder or Retrievex bin.
• Clear cache files on your computer regularly.
• Do not use bookshelves to store binders with sensitive information. Label those binders accurately and lock them up.

5.0 Exceptions

Any exceptions to this policy are to be reviewed and approved by the Information Security and Privacy Administrator in consultation with the Information Privacy Council as needed.

6.0 Enforcement

As described in Bentley University’s Acceptable Usage Policy, anyone found to have violated this policy may be subject to disciplinary action, up to and including immediate termination.

7.0 Policy Support Contact

• Information Security and Data Privacy Administrator
• InfoPrivacy@bentley.edu

8.0 Approval and Revisions

This policy is approved by the Information Privacy Committee. The policy is reviewed on an annual basis and updated as needed.

• Revision v1: Approved by the Information Privacy Committee on 8/05/2010
• Revision v2: Approved by the Information Privacy Committee on 9/30/2013

9.0 Supporting Documentation

This policy is supported by the following policies, rules, standards, and procedures:

• University Acceptable Usage Policy