S 2.16 Supervising or escorting outside staff/visitors
Initiation responsibility: Head of Organisation
Implementation responsibility: Employee
Persons not belonging to the organisation such as visitors, tradesmen, maintenance personnel, and cleaning staff should not be left unattended except in those rooms explicitly intended for this purpose (see also S 2.6 Granting of site access authorisations). All employees should be informed that they are required to look after any unattended external personnel they meet on the premises of the government agency or company immediately. This not only helps maintain the security of everyone involved, but is also a positive service aspect for the person from outside the organisation.
If it is necessary to leave someone from outside the organisation alone in an office, a co-worker should be asked to stay in the room or the visitor should be asked to wait in a co-worker's office.
If it is impossible to escort or supervise external personnel at all times (for example the cleaning staff), the personal workspace of every employee should at least be locked: for example desk, file cabinet, and PC (by locking access), see also S 2.37 Clean desk policy.
For home office solutions, family members and guests should only be allowed to enter the home office on their own when all work documents have been placed under lock and key and access protection is activated for the IT.
The employees must be informed why it is necessary to take this safeguard, and the safeguard must be stated in a security policy. Records of the entrance and exit of external personnel can be documented in a guest book.
Review questions:
- Are the employees required to ensure external personnel and visitors are not left unattended?