Clean Desk


Contact us

 

1. Introduction to Clean Desk Policy 2. Access to the workplace 3. Monitoring 4. Violation 5. Violation flow 5.1 Members involved in the process Table 1 – Members involved in the process Contact details for the above are listed at Appendix A of this document. 5.2 Roles and Responsibilities 6. Registry monitoring 7. APPENDIX A – Contact Sheet

1. Introduction to Clean Desk Policy

  • CLEAN DESK is an expression which indicates the need to leave the workstation clean, especially at the end of the working day, by removing confidential documents (sheets, files, dossiers, appendix etc ...) on the desk or in sight of other people.

To grant an effective cleaning of the workstations, at the end of the day the worker must leave the workstation completely free from all materials and objects other than electronic devices that are supplied by the company (** Clean Desk Policy **).

  • During the working day, the workstations are should NOT be considered as fixed;
  • Each worker will use one of the free stations among those allowed within the Direction owning.

Therefore, all recipients of this document are obliged at the end of the day to:

  • Do not leave any documents on the desk: always put the documentation in appropriate places as locked cabinets
  • Do not leave documents in the printer
  • Do not leave documents near printer / copier machines or other places than the working office
  • Always use the shredder in case of no usage of paper copies;
  • Do not leave the computer turned on

This procedure applies to all Fiber Group employees including, but not limited to, full-time, part-time, volunteers, temporary and interns, who are assigned lockers at any town facility.

2. Access to the workplace

The employee is strictly required to access work environments with biometric recognition or assignment of RFID CHIPs by accessing company gates.

All personal effects, including purse, backpack, purse, electronic media such as USB sticks, smartphones, etc., must be deposited in the appropriate locker.

Follow the [Employee Locker] procedure which requires tracking the locker assignment in a register managed by the reception.

3. Monitoring

To allow effective monitoring of the Clean Desk procedure, operational managers will supervise the workplace in order to identify any violations.

Monitoring can also take place indirectly by all employees who become aware of a possible violation, in this specific case it is necessary to promptly report the Floor Manager or Team Leader or (deputy).

4. Violation

The Clean Desk policy regulates the secure handling of data in the workplace, will be considered violations of all those contentions for which there is tangible and verified evidence, so it is not 'possible to leave in the workstation material that can compromise the security of work activities, the following are some examples:

  • Papers: one of the main sources of information for an intruder is the wastebasket, where documents are often balls of paper.
  • Invoices and payments: They almost always contain personal data and information from customers and suppliers, as well as other sensitive data related to bank details.
  • Flipcharts or whiteboards: when using them in meetings or gatherings, take care to erase what is written, or throw away the paper (in case of flipcharts)
  • Documents: if deliberately left anywhere, such as on a desk, without being filed in a folder, they could contain important data that an intruder could steal.
  • Business Cards: an intruder could use your business contacts for identity theft.
  • Calendar: virtually every office has one. If someone can access it, they will find information such as client names, appointments, and similar data on it.
  • Post-it notes: We often write in some flashy, brightly colored post-it notes our passwords, in full view of everyone.... sometimes we also write down concrete data that, although it may not seem confidential, some intruder might cross-reference with other sensitive data.
  • Keys: keys to offices and filing cabinets should not be kept near them, and should be given only to authorized persons.
  • Printers: It is very easy to forget papers in printers, sometimes there is even a drawer that the whole office can access.
  • Schedules: It should not be possible to access them freely without a security measure
  • Computers: contain huge amounts of confidential data, should be password-protected, and turned off when leaving the office or use the special screen lock function with unlock password.
  • USB flash drives: these are very convenient, both for us and for possible intruders. They frequently contain confidential data that are not encrypted normally . Anyone with them can transfer install malware or viruses through them.
  • Smarphone/Tablet: Nowadays they are indispensable in daily life, on par with computers they allow to record videos and take photos, they can contain huge amounts of confidential data, and they have the ability to transfer information out of corporate environments, also some intruder could access sensitive data.
  • Video cameras/photo cameras: can capture confidential information or sensitive data and shared outside.

Are also considered violations, unauthorized extraction of company data, information sent to external email boxes, online file sharing, photographing, video recording, transcribing or copying data for the purpose of exporting them outside the 'work environment.

5. Violation flow

Any employee may report a violation, the violation is then reported to the Floor Manager or Team Leader (or deputy) who will ensure that all violations are recorded in the appropriate registry [Clean Desk Violation Registry].

Managers (or their deputies if floor managers are not contactable), informed of the nature of the violation will ensure updating the registry and also they will report the ecent by email to the HR department [ hr@wearefiber.com ] which following the report will provide an assessment of the severity of the violation and the disciplinary measure to be attributed to the employee.

All employees who encounter a possible violation, as described above, are required to report it directly to the Floor Manager/Team leader, but they can also proceed through the appropriate procedure The Whistleblower .

5.1 Members involved in the process

Below are the business roles involved in the Clean Desk process.

Role/Business Area
Main role holder
All Employee
Report violation
Floor Manager/Team Leader
Process Owner
HR administration
HR administrative issue management
IT and Security Consultancy 
Monitoring the Violation registry

Table 1 – Members involved in the process 
Contact details for the above are listed at Appendix A of this document.

5.2 Roles and Responsibilities

The roles and responsibilities of the actors involved in the Clean Desk process:

All employees

  • Must report a violation if found by other employees

Floor Manager / Team Leader

  • Decides whether or not to initiate the procedure
  • Reports and updates the violation log
  • Direct interface in reporting violations to the human resources office
  • Training to all team resources on Clean Desk-related operating policy and procedures

Human resource

  • Disciplinary management of the employee who violated the Clean Desk Policy.

IT and Security Consultancy

  • Monthly monitoring of violations recorded in the log
  • Initiate incident procedure in case the recorded violation goes beyond the Clean Desk perimeter

6. Registry monitoring

IT and Security Consultancy is required to check the violation log once per month by monitoring the frequency and severity of violations, also must be able to ensure that violations have been handled properly and that the human resources department has taken action against those who have violated the Clean Desk policy.

7. APPENDIX A – Contact Sheet

In the table below we find the contacts and company figures involved in the process:

Organization
Contact
Telephone Number
Email
Team Leader



Floor Manager



Human Resource



IT and Security Consultancy