BIM.PR.30 — Clean Desk and Clean Screen
1. Purpose and Scope
Within the framework of KYS.POL.01 P24 (Clean Desk and Clean Screen Policy), defines the physical and digital security rules for protecting personal and institutional data from unauthorised access in workspaces and common areas.
Covers all academic and administrative staff, student workspaces, laboratories and shared-use areas.
2. Clean Desk Rules
- At the end of the working day and during extended absences, no documents containing personal data are left on the desk
- Sensitive documents are stored in a locked cabinet or locked drawer
- Printer outputs are collected immediately; “secure print” is preferred on shared printers
- Meeting room whiteboards/post-its are cleared after the meeting
- Paper printouts containing personal data are disposed of using a shredder (KYS.POL.05 Art.5)
3. Clean Screen Rules
- The screen is locked when leaving the computer (Windows key + L; Mac: Ctrl+Cmd+Q)
- 30-minute automatic screen lock active (KYS.POL.01 P01 Art.350, BİM.PR.14 Art.5)
- Sensitive data is not displayed in open/shared office areas
- Passwords, PINs or staff numbers must not be affixed to the screen via post-it
- Password manager must not be opened during meeting presentations
4. Mobile Devices
- Phone, tablet and laptop must not be left unattended
- For registration: BİM.PR.14 (Mobile Access) + BİM.PR.26 (BYOD)
- If institutional mail is accessed on a mobile phone, the device must have biometric/PIN authentication enabled
5. Shared-Use Areas (Labs, Library)
- Log out after use
- USB/storage media must not be left behind; found devices are handed in to HR/IT (KVKK Art.7)
6. Annual Training and Awareness
- All staff attend IT information security awareness training (annual)
- P24 is covered during new-starter orientation (BİM.PR.16 welcome pack)
7. Audit
The IT Network & Security Group conducts quarterly random on-site audits; findings are reported to the relevant unit manager.
8. Violation
KYS.POL.04 Art.55. In the event of a personal data breach risk, a KVKK Art.12 incident investigation is initiated.
9. Effective Date
26.04.2026; revised January/July.
Hasan Kalyoncu University · IT Directorate
Osmanlı Mah. Havaalanı Yolu Üzeri 8. Km 27010 Şahinbey/Gaziantep
444 6 458 · destek@hku.edu.tr · destek.hku.edu.tr · portal.hku.edu.tr
KEP: hasankalyoncu.unv@hs01.kep.tr