Beyond a Clear Desk Policy – Where Security and IT Service Continuity Meet – Part 1
Beynod a Clear Desk Policy – Where Security and IT Service Continuity Meet – Part 1
Would your company be prepared if faced with a catastrophic event like the one below? This my true story…
In May 2008, while visiting one of my clients in Greeley, Colorado, their headquarters and primary computing site was struck by a massive tornado (click here to see the youtube clip of the actual tornado). I was in a conference room on the top floor of the building when we were abruptly interrupted and instructed to immediately head for the stairwell located in the center of the building wing. As I left the conference room, I viewed the outline of the tornado which appeared in the distance. Born and raised in the Boston area, the only Tornados I’ve witnessed are on T.V. or youtube, so I wasn’t too hard on myself when I was called from my trance-like state, “Jay, this way” (i.e. deer in headlights). Cramming into the stairwell, the next 20 to 30 minutes were nothing short of intense, if not down-right horrific as the building walls and stairs shook violently and sounded as if a large locomotive had hit the building. People were crying, shaking and wondering if they would ever see their loved ones again.
Then we felt it, a strange stream of cool air blowing down the stairwell. We’d later come to realize that the cool air was due to a section of the roof being blown off and settling some 300 feet away from the building. When the “all clear” sounded, we were instructed to return to the top floor, collect our belongings and evacuate the building due to a gas leak caused by the tornado. Windows were blown out and chairs, file cabinets and papers were strewn all over the office. Papers were not just contained within the building but thrown all over the parking lot and adjacent property owned by an insurance company that was also in the direct patch of the tornado.
I heard a story that during the 1992 London Bombings, sensitive and confidential financial documents were found miles away from the blast site. Seeing that this tornado picked automobiles up and tossed them 15 feet away, I wondered how far my client’s paper trail would go.
A Clear Desk Policy dictates that all personnel clear their desks and file documents appropriately based on their Information Sensitivity Policy. The Clear Desk Policy is typically written for a companies security program, but concerns about critical documents not having a copy (digital equivalent or otherwise) should be a concern for business continuity as well.
So, would your company be prepared? Do you have a clear desk policy? If so, does it only mandate that documents be cleared at the end of the day?
In my next blog, I’ll give you some practical ways to insure that your documents don’t end up in China (unless of course you are reading this from China).
Posted by: Jay Martin
Compliance Process Partners — www.cppit.com
