SP 6-10h – Clear Desk

Colorado Community College System / System Procedure


SP 6-10h

APPROVED: January 28, 2021
EFFECTIVE: January 28, 2021

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

APPROVED:

/ Joe Garcia /
Joseph A. Garcia
Chancellor

BASIS

This procedure documents the minimum requirements for maintaining a “clear desk” — where Sensitive and Restricted information about our employees, students, partners, and vendors is secure in locked areas and out of sight.

APPLICATION

This procedure applies to employees, personnel affiliated via third party contracts, and volunteers that have access to Information Systems and Assets that are owned or leased by CCCS.

DEFINITIONS

For the definition of Sensitive, Restricted, and Public see the Data Classification Procedure.

PROCEDURE

The System Chancellor delegates to the System Vice Chancellor for Information Technology (“IT”) responsibility for oversight of compliance with and implementation of this procedure. Further, the System Chancellor delegates to the College Presidents the responsibility to implement and compliance with this procedure at their respective institution.

  • Employees are required to ensure that Restricted and Sensitive information in hardcopy or electronic form is secure in their work area at the end of the day, or when they are expected to be gone for an extended period (i.e., several hours).
  • Computer workstations must be locked when workspace is unoccupied.
  • Computer workstations should be logged out of at the end of the workday.
  • File cabinets containing Restricted or Sensitive information must be kept closed and locked when not in use or when not attended.
  • Keys used for access to Restricted or Sensitive information must be secured and accessible only to authorized users.
  • Passwords may not be left on sticky notes posted on or under a computer, nor may they be left written down in an accessible location. Passwords should be stored in a secure encrypted password manager.
  • Printouts containing Restricted or Sensitive information should be promptly removed from the printer, or printing-capable devices.
  • Restricted or Sensitive documents should be disposed of in the System Office or College provided secured shred bins.
  • Whiteboards containing Restricted and/or Sensitive information should be erased or secured prior to leaving the workspace.
  • Treat CCCS approved mass storage devices such as external hard drives or USB drives as sensitive and secure them in a locked drawer.

REVISING OF THIS PROCEDURE

CCCS reserves the right to change any provision or requirement of this procedure at any time and the change shall become effective immediately.