Clear Desk & Clear Screen Procedure

Owner: Security Officer · Approved by leadership · Version 1.0 · Effective 27 May 2026 · Next review 27 May 2027

1. Purpose

This procedure operationalises the clear-desk and clear-screen expectations set in the Information Security Policy and the Day 1 security briefing at /policies/onboarding §4.3. It exists to prevent inadvertent disclosure of Glassbreak or customer information through unattended screens, printed material, written notes, removable media, and shared workspaces.

2. Scope

This procedure applies to:

All workforce members (employees, contractors, advisors, interns) regardless of working location.
All workstations and mobile devices used for Glassbreak work, whether managed by Glassbreak or otherwise authorised for Glassbreak work.
All physical workspaces where Glassbreak information is handled — including the home office, shared offices, co-working spaces, customer sites, and public spaces.
Whiteboards, sticky notes, printouts, and any other physical artefact bearing Glassbreak or customer information.

3. Procedure

3.1 Leaving a workstation

Before stepping away from a workstation, even briefly:

Lock the screen. The screen-lock keystroke is published in the workforce handbook for each supported OS.
Verify the lock has engaged (the lock screen is visible) — do not assume.
Do not rely solely on the automatic screen-lock timeout (5 minutes per /policies/onboarding §4.1) as a substitute for manual lock-on-step-away.

A workstation left unlocked, unattended, in a location where any non-workforce person could view or use it is a Material violation under /policies/sanctions §3.2.

3.2 Paper handling

Printed material containing Glassbreak or customer information must be collected from the printer immediately on production; it must not be left in the output tray.
Printed material in active use must be returned to a locked drawer or shredder receptacle when the workstation is left unattended.
Printed material no longer required must be cross-cut shredded; recycling without shredding is not permitted for any document bearing Glassbreak or customer information.
Drafts, working notes, and sticky notes bearing the same information classes follow the same handling rules.
Default to not printing. Where a digital alternative exists, use it.

3.3 Whiteboards and visible workspaces

Whiteboards used during a working session must be erased at the end of the session if they bear non-public information.
Whiteboards bearing customer names, system architecture that is not public, or security material must not be captured in screenshots or photographs that are shared outside the immediate working group.
Open monitors, tablets, and mobile devices visible from behind the workforce member must be positioned to minimise shoulder-surfing risk; privacy filters are provided on request.

3.4 Removable media

Removable media (USB drives, external disks, memory cards) must not be used to transport Glassbreak or customer information without prior written approval from the Security Officer.
Where approved, the media must be encrypted at rest with a key the Security Officer can recover, and inventoried against the off-site-assets procedure at /policies/procedures/off-site-assets.
Removable media left on a desk, plugged into an unattended workstation, or carried without an approved case is a Material violation.
Removable media at end of life is destroyed under the endpoint-decommissioning procedure §5.

3.5 Visitor presence

When a non-workforce visitor (delivery, family member, building contractor, customer in office) is present in the working area:

All screens displaying Glassbreak or customer information are locked or rotated out of line of sight.
All printed material is cleared from the immediate workspace.
Discussion of Glassbreak or customer matters in the visitor's hearing is suspended.
The visitor is not left unaccompanied in any area where a workstation or paper material could be accessed.

3.6 End-of-day routine

Before leaving the working area at the end of the working day:

Log out of (or lock) every active session on every device used during the day.
Place all printed material, drafts, working notes, and sticky notes into a locked drawer or shredder receptacle.
Erase any whiteboard content that is not public.
Place removable media in a locked drawer.
Where the working area is shared (co-working space, home office shared with others), close the laptop lid and place the device out of immediate line of sight.
Hardware keys and other tokens are stored per the off-site-assets procedure if the device is leaving Glassbreak premises.

3.7 Working in public spaces

Working in cafes, airports, hotel lobbies, and other public spaces additionally requires:

A position that prevents the screen being read from behind or from an adjacent table.
A privacy filter on the screen if one is available.
Headphones for any voice or video call that involves Glassbreak or customer information.
No use of public printers, fax machines, or scanners for Glassbreak information.
The lock-on-step-away rule applies even for a moment spent away from the table — the device is taken or the bag is taken with it.

4. Records

Reported incidents of clear-desk or clear-screen breaches are logged in the workforce file and in the incident register where the breach involved customer information.
Approved removable-media issuances are recorded in the off-site-assets register.

5. Enforcement

Compliance with this procedure is mandatory. Breaches are assessed and handled under the Sanctions & Disciplinary Policy in proportion to the nature, frequency, and impact of the breach.

6. Review

This procedure is reviewed at least annually and after any incident that arose from a clear-desk or clear-screen failure. The next scheduled review is 27 May 2027.

7. Related documents

Counter-signed PDF copy available on request to compliance@glassbreak.io.