S 3.18 Log-out obligation for PC users

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Head of IT Section, IT Security Management

In the event that a PC is used by several users and these persons have differing access rights to the data or programs stored in the PC, the required protection can only be achieved by means of an access control system if each user logs off after finishing his/her task at the station. If it is possible for a third party to work at a PC under the identity of another person, sensible access control is not possible. As a result, all PC users should be obliged to log off after finishing their tasks. Even if no access control is implemented users should log off to ensure proper operations.

Should only a short break be required, the screen lock can be manually activated instead of logging off.

Additional controls:

• Does this obligation apply to new employees and substitutes?

• Is the awareness of the log-out obligation refreshed at regular intervals?