Information Security Management System
Information Security Policy
Code: DI/ISMS/04
Revision No.: 01
Date: 2017-4-2

Workstation Policy
(Use and Security of Desktop Computers)

Purpose:
The purpose of this policy is to define the standards for using and securing desktop computer workstations at Najran University, in order to prevent unauthorized access to any university information. An unsecured workstation is considered a violation of the security policy.

Scope:
This policy applies to all permanent, temporary, and contracted employees of Najran University.

Usage and Security Guidelines:

1. Screen Locking:
   Whenever you leave your desk, always lock your desktop computer by pressing (Ctrl + Alt + Delete), selecting “Lock this computer,” and then entering your password upon return.
   If you cannot lock your machine via the domain server, set a password-protected screensaver to activate after a reasonable period of inactivity (between 5 and 7 minutes).
2. Preventing Unauthorized Access:
   No one else is allowed to use your workstation or bypass the lock screen without permission, as doing so may expose confidential information.
3. Daily Log-off:
   At the end of each workday, log off from your workstation unless instructed otherwise to avoid interfering with system updates or maintenance performed by the Cybersecurity Management Department.
4. Ensuring No Unapproved Content:
   Your workstation must not contain personal files (e.g., photos, video files, MP3 files, or any content unrelated to work).
   If you find any unusual or unauthorized content on your workstation, report it immediately to the Cybersecurity Management Department so that it can be removed or destroyed.
5. Relocation of the Workstation:
   Moving or relocating a desktop computer within offices is strictly prohibited unless you have prior written approval delegated by the Digital Transformation Agency.
6. Installing/Uninstalling Software:
   Users are not permitted to install, uninstall, or repair any software on their desktop workstations without obtaining a “Software Change Authorization” form signed by the authorized official via email to helpdesk@nu.edu.sa or by dialing extension 2000.

Compliance:

• All desktop computers are subject to random inspections by authorized university personnel.
• Every effort will be made to prevent data theft or system failures on university workstations.

Enforcement:
Any employee found to have violated this policy may face strict disciplinary action in accordance with Najran University regulations.