1. AEGEAN Group
  2. Corporate Governance
  3. Personal Data Protection
  4. Clean Office Policy

Clean Office Policy

1. Introduction


The Clean Office policy defines the minimum responsibilities of Aegean employees, external partners as well as Aegean (the employer) with regards to information protection at the office, in order to ensure that such information (in physical or electronic form) is never left unattended, thus minimizing potential information leakage, destruction or loss.

The employer is responsible for providing the necessary means such as storage facilities, paper shredders, training and awareness etc. Employees and external partners are responsible for cleaning their workspace when they leave it, during, or at the end of the business day.

This policy applies to all employees and external partners having access to Aegean’s information assets regardless of form (e.g. printed, electronic, oral or other form) and/ or using Aegean’s information systems, in all Departments. 

2. Definitions


Clean office: Workspace (e.g. desk, workstation or other working area) that is free of corporate data, materials and information. Proper storage or disposal of corporate data, materials and information limits exposure / leakage at the workplace.

Sensitive/ confidential information: Information that must be protected against unauthorized access.

3. Purpose of COP


The purpose of this policy is to set minimum requirements and responsibilities so as to ensure that corporate sensitive/ confidential information such as financial statements, intellectual property, supplier data, customer and employee data is adequately protected at the workplace, during business hours as well as after. 

Aegean classifies information as sensitive / confidential according to the Asset Classification and Protection Policy. 

4. Policy


All Aegean employees / external partners should be made aware of the security requirements and procedures for protecting unattended information/ equipment, as well as their responsibilities for implementing such protection. 

It is Aegean’s employees’ and external partners’ responsibility to ensure the following:
  • At the end of the day, all portable assets including laptops, removable devices, mobile devices and hard copy documents must be locked away or secured. This requirement also applies in cases of extended absence from the workplace. Additional care should be taken when securing sensitive information (e.g. customer / employee personal data, corporate security data, corporate financial data etc.)
  • Workstation / laptop / mobile devices’ users should terminate (lock) their active sessions and protect their computer / equipment / files when leaving their offices or when leaving them unattended for a short or a long period of time.
  • Automatic screensavers should be activated when computers are left idle for more than a specified period of time, after which, password entry is required.
  • Personal identification mechanisms (e.g., access cards, keys) are always protected and never exposed or left unattended.
  • Computer workstations must be shut down at the end of the work day.
  • Any restricted or sensitive information must be removed from the office and locked in a drawer or cabinet when the office is unoccupied during the day, and at the end of the working day.
  • File cabinets containing restricted or sensitive information must be kept closed and locked when not in use or when not attended.
  • Passwords are personal and their confidentiality must remain at all times. Caution must be exercised for them not to be accessed by others than the respective users.
  • Storage of passwords in plain text, either physically (hand-written) or electronically, should be avoided. In case a password has to be written on paper, it should be ensured that the paper is stored in a secure area / container. Electronic storage of passwords is only permitted when the files / devices containing them are secure and encrypted. As a security best practice, it is recommended that passwords are memorized.
  • Printouts / fax documents containing restricted or sensitive information should be immediately removed from the printer. This helps ensuring that sensitive documents are not left in printer for unauthorized persons to access.
  • Upon disposal, restricted and sensitive documents should be shredded in the shredder bins.
  • Whiteboards containing restricted and sensitive information should be erased.
  • Walls in open areas should not be covered with posters, notices, calendars and other unauthorized materials or items which may contain sensitive information.
  • Mass storage devices such as CD-ROM, DVD or USB drives must be treated as sensitive and consequently must be secured in a locked drawer.
  • Aegean premises’ visitors are not allowed access to facilities processing sensitive information.

5. Compliance


Compliance with the policy will be verified through various methods, including but not limited to, periodic walkthroughs, monitoring and internal audits.

There will be no exceptions to the policy.

Aegean App

Get the best out of your travel experience with the Aegean App.

Get the App Not now