Employee Computer Data Protection/Screen Locking Procedure (Protecting Student Data)
Purpose
The purpose of this document is to set a minimum standard for protecting data on college owned computers with password protected screen savers. The screen saver locks the desktop after a set amount of time with no activity. By requiring a user to sign in when they return, it minimizes the risk of an unauthorized person using an active session while the authorized user is away. A password enabled screen saver helps to protect the information displayed on your screen, stored on your computer's hard drive and other data that is accessible from your computer when you walk away from the computer.
Procedure
How to Enable the Data Protection Locking Screen Saver:
Windows 7
1. From the start menu, select "control panel". In the "control panel" window, select "appearance and personalization" and then select "change screen saver" (under "Personalization")
2. In the "wait" box, choose 30 minutes
3. Check the "on" resume, display logon screen check box and then click "OK"
Windows Vista and Windows XP
1. From the start menu, select "control panel". In the "control panel" window, select "display" and then select "screen saver"
2. In the "wait" box, choose 30 minutes
3. Check the "on" resume, password protect check box and then click "OK"
Mac OS X
1. From the Apple menu, choose "system preferences"
2. Click "desktop and screen saver"
3. Click "screen saver", and then use the slider to choose ten minutes
4. Optionally, set up a hot corner to let you invoke the screen saver manually:
4.1 Click the "hot corners" button
4.2 Click the list next to the corner of the screen you want to use as a hot corner and select "start screen saver," and then click "OK"
5. Click "show all" to go back to the main "system preferences" window
6. Click "security", and then click “require password” to wake this computer from sleep or screen saver
7. Close the "system preferences" window
Manually invoking the screen saver to lock computer
On Windows, you can manually invoke the screen saver (thereby locking your computer) any time you leave your work area by pressing the Windows logo key (near the space bar) and typing 'L'. You can also press the Ctrl-Alt-Del keys at the same time and choose to “Lock this Computer.”
On the Mac, you can invoke the screen saver manually by moving the mouse to the hot corner you set up for that purpose (see instructions above).
Standards
A domain wide standard screen lock of 30 minutes.
Exceptions
Digital signage, lab and library systems and kiosk systems (these systems must remain unlocked for viewing and contain no important or private data). The lock out time for machines that contain highly sensitive information and or in high traffic areas should be evaluated as some situations may warrant a lock out time that is well below the 30 minute standard.
Other exceptions are very rarely granted as screen locking timeouts are a standard security measure. Perceived inconvenience is not sufficient grounds for removal. The College is able to exempt computers from the timeout policy only in circumstances where: physical security for the space in which the computer is located is of such high quality as to make access by unauthorized users effectively impossible; or application of the timeout policy to the particular computer is materially detrimental to work activities and makes work processes effectively impossible.
Exceptions can be requested by creating a screen locking exemption ticket in the Computer Help Center ticketing system.
Responsibility
Information Technology Department employees (IT)
- Implement a domain wide policy to enforce the standard. This sets the standard globally on the network for everyone
- Provide support for machines that do not get the screen locking standard automatically enforced (i.e, Mac machines)
- Identify and review exception requests
Leadership/supervisors
- Support the concept of a screen locking standard
- Advise of and follow the exception policy when needed
All faculty and staff
- Follow this policy, making sure that your screen lock is enabled and functioning
- Always lock your computer manually if you intend to be away from it when it is on and logged in. Make this a habit. (Manual locking instructions are below)
- Always ensure that the data on your devices is kept safe and backed up
Frequently Asked Questions
How will IT centrally apply a screensaver time out to workstation?
A: IT will apply a centralized group policy via active directory where all domain joined workstations screensaver timeout is changed to 30 minutes. Once the screensaver is activated, there is a one-minute delay before locking, and a password will be required before activity resumes.
Will Classroom instructor PCs have the policy enforced also?
A: Yes. The operating systems for these machines receive a different configuration that is maintained by the Information Technology Department, but also require the locking feature to be enabled.
How can I stop my screen from locking in the classroom or during presentations?
A: There are remote devices and software/mobile apps that can allow you to control your mouse/keyboard from anywhere in the room. Proximity devices could also be used. Please contact your local Computer Help Center for information on what might be available.
If I have a machine that has an operating system other than windows or is not connected to the domain, is the screen lockout standard still required?
A: Yes. Machines that are not connected to the domain are still bound by the standard and must have the screen saver lock enabled and set to lock automatically. For instructions on how to set the screen saver lockout please see instructions below. (Part 3. Instructions)