To improve the security and confidentiality of customer data Simplio Labs has adopted a Clean Desk Policy for workspaces. This ensures that all sensitive and confidential information, whether on paper, storage media, or hardware is properly secured and protected from unauthorized view. This policy reduces the risk of unauthorized access, loss and damage to information during and outside of normal business hours or when workstations are left unattended.
Employees must ensure that all Restricted or Controlled data in hardcopy or electronic form is removed from their workspace and secured in a drawer when the desk is unoccupied at the end of the work day. Any breach of this type of data must be reported to the Authorized Officer.
Computer workstations must be locked when the workspace is unoccupied.
Computer workstations must be shut down at the end of the work day, unless receiving updates during off hours.
File cabinets containing Restricted or Controlled information must be kept closed and locked when not in use or when left unattended.
Laptops, tablets and any other portable computing device must be either secured with a locking cable, locked in a drawer or secured room.
Passwords may not be written down in an accessible location.
Printouts containing Restricted or Controlled information should be immediately removed from the printer.
Restricted or Controlled documents must be shredded upon disposal.
Whiteboards containing Restricted or Controlled data must be thoroughly erased.
Storage devices when not in use such as CD’s, DVD, hard drives, USB drives, etc. containing Restricted or Controlled data must be secured in a drawer and data must be encrypted.
Keys used to access Restricted or Controlled data must be secured in a locked desk.
Authorized Officer must verify compliance with this policy through various methods including periodic walk-throughs of work areas.
Restricted data: highly sensitive data such as social security numbers, personal identity information (PII) and financial data that must be handled with the utmost care and be protected to the greatest possible extent.
Controlled data: data such as proprietary data which must be protected and stored securely.