Policy Template for Workstation Security

The purpose of this policy is to provide guidance for security for {{organization.name}} workstations in order to ensure the security of information on the workstation and information the workstation may have access to. 

This policy applies to all  {{organization.name}} employees, contractors, workforce members, vendors and agents with  {{organization.name}}-owned or personal workstations connected to the  {{organization.name}} network. 

Workstations include laptops, desktops, tablets, phones, PDAs, computer-based equipment containing or accessing customer information and authorized home workstations accessing the  {{organization.name}} network. 

Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity and availability of sensitive information and that access to sensitive information is restricted to authorized users. 

Workforce members using workstations shall consider the sensitivity of the information that may be accessed and minimize the possibility of unauthorized access. 

 {{organization.name}} will implement physical and technical safeguards to restrict access to authorized users for all workstations that access electronically protected customer information.

The following procedures shall be in force to manage technical, physical and administrative controls and safeguards for  {{organization.name}} workstations:

Physical access to workstations shall be restricted to authorized personnel only. Employees shall prevent unauthorized viewing of information on a screen by:

• Securing workstations (screen lock or logout) prior to leaving the area to prevent unauthorized access.

• Enabling a password-protected screen saver with a short timeout period to ensure that workstations that were left unsecured will be protected.

• Ensuring workstations are used for authorized business purposes only.

• Keeping food and drink away from workstations in order to avoid accidental spills.

• Securing laptops that contain sensitive information by using cable locks or locking laptops up in drawers or cabinets.

• Ensuring that screens/monitors are positioned away from public view. If necessary, install privacy screen filters or other physical barriers to public viewing.

• Enabling lockout after 30 minutes of inactivity.

• Complying with all applicable password policies and procedures.

Employees shall use workstations for authorized business purposes only and only approved personnel may install software on workstations. The following operational safeguards shall be implemented:

• Ensuring that the latest OS and software updates are installed.

• Never install unauthorized software on workstations.

• Storing all sensitive information on network servers.

• Ensuring that workstations use a surge protector (not just a power strip) or a UPS (battery backup).

• If wireless network access is used, ensure access is secure by using the highest generally accepted wireless security encryption standard (i.e. WPA2, etc.).

• Install and enable security features such as firewalls, anti-virus and anti-malware software.

The Information Technology department shall ensure that workstations have all critical security updates patched and installed in a timely manner. 

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.