S 1.76 Appropriate selection and usage of a local workplace

Initiation responsibility: Supervisor, IT Security Officer, Employee

Implementation responsibility: Employee, Supervisor

Location and equipment of a workplace must be in accordance with the work to be performed at this workplace. Basic conditions and procedures and the protection requirements of the activity must be harmonised when generally distributing workplaces in a building.

Workplaces that are open to the public must be located in such a way that they are available to customers and visitors without them having to go through security-relevant areas. On the other hand, workflows where the confidentiality of the processed documents is of the essence must preferably be performed in areas visitors, but also employees of other departments are not allowed to access.

The technical equipment, furniture, the space conditions, and the general working conditions must be appropriate to the main activity. In addition to the basic working area, there must be sufficient space for further typical activities.

• The working area must provide sufficient space for PC, telephone, files, and other work equipment.
• There must be sufficient storage areas, e.g. locking cabinets, in order to be able to protect the material against unauthorised access.
• There must be sufficient connections for power, IT networks, and telephone for the employee and possibly also further employees or visitors.
• The working environment must allow for working productively due to controllable room temperature, sufficient ventilation options, sufficient illumination, and separation from sources of noise.
• In areas where the tasks are performed by groups, sufficient space for meetings must be provided. Furthermore, organisation and work equipment for group work such as whiteboards, map tables, or projection surfaces and projectors must be available and there must be sufficient space to use them.

It is recommendable to pool working rooms of groups and employees whose tasks are characterised by high or very high protection requirements in building sections in such a way that such a continuous building section also contains sanitary areas and common rooms such as meeting rooms and tea kitchens, as well as areas for printers and copiers. This building section can then easily be turned into an autonomous access control area.

Many workplaces can only be configured by the employees to a very limited extent and must generally be used as found. Therefore, the supervisors must always initially decide whether the level of security of the respective environment suffices in order to perform the tasks there.

Review questions:

• Is the equipment of the local workplaces appropriate regarding the tasks of the employees working there?
• Does the level of security of the local workplaces correspond to the protection requirements of the information processed there?