Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Secure areas

You secure physical business locations to prevent unauthorised access, damage and interference to personal data.

Ways to meet our expectations:

  • You protect secure areas (areas that contain either sensitive or critical information) by appropriate entry controls such as doors and locks, alarms, security lighting or CCTV.
  • You have visitor protocols in place such as signing-in procedures, name badges and escorted access.
  • You implement additional protection against external and environmental threats in secure areas such as server rooms.
  • Office equipment is appropriately placed and protected to reduce the risks from environmental threats and opportunities for unauthorised access.
  • You securely store paper records and control access to them.
  • You operate a clear desk policy across your organisation where personal data is processed.
  • You have regular clear desk 'sweeps' or checks and issues are fed back appropriately
  • You operate a 'clear screen' policy across your organisation where personal data is processed.

Can you answer yes to the following questions?

  • Are printer/fax areas secure?
  • Do staff follow protocols and are they clearly communicated?
  • Would we see appropriate environmental controls in your secure areas?
  • Would a tour of your offices reveal an effective clear desk policy?
  • Are screens left unlocked?