Workstation Security Policy
Workstation Security Policy
Workstation Security Policy
1. Overview
Today's desktop workstations must be configured and used in a secure manner, for two reasons.
First, it is likely that some information housed on that computer is of a sensitive, confidential, or
proprietary nature. Therefore, only authorized individuals should have access. Second, the
integrity of the system (operating system, application programs, and data files) is critical.
2. Purpose
The purpose of this policy is to provide guidance for workstation security for Baghdad
University workstations in order to ensure the security of information on the workstation and
information the workstation may have access to. Additionally, the policy provides guidance to
ensure the requirements of the HIPAA Security Rule Workstation Security Standard 164.310(c)
are met.
3. Scope
This policy applies to all Baghdad University employees, contractors, workforce members,
vendors and agents with a Baghdad University-owned or personal-workstation connected to the
Baghdad University network.
4. Policy Statements
Appropriate measures must be taken when using workstations to ensure the confidentiality,
integrity and availability of sensitive information, including protected health information (PHI)
and that access to sensitive information is restricted to authorized users.
3.1 Workforce members using workstations shall consider the sensitivity of the information,
including protected health information (PHI) that may be accessed and minimize the possibility
of unauthorized access.
3.2 Baghdad University will implement physical and technical safeguards for all workstations
that access electronic protected health information to restrict access to authorized users.
3.3 Appropriate measures include:
Restricting physical access to workstations to only authorized personnel.
Securing workstations (screen lock or logout) prior to leaving area to prevent
unauthorized access.
Enabling a password-protected screen saver with a short timeout period to ensure that
workstations that were left unsecured will be protected. The password must comply with
Baghdad University Password Policy.
Complying with all applicable password policies and procedures. See Baghdad
University Password Policy.
Page 1
5. Enforcement
Any person found to be in violation of this policy will be subject to
appropriate disciplinary action as defined by current University policy or
contract.
Exceptions: Any exception to the policy must be approved by the Infosec team in advance.
Password Policy
Portable Workstation Encryption Policy
Wireless Communication policy
Workstation Configuration Standard
Page 2
6 Revision History
Date of
Change
Responsible
Summary of Change
Mar 2015
BU Policy Team
Page 3