Templates › Inspections › SEO page

Run: Agent Idle Session Lock Compliance Check

Use this inspection to verify workstations auto-lock after idle time, require re-authentication, and keep regulated sessions from staying open unattended.

Fill this out, get a PDF emailed to you. No account required. Want to run it with your team and track results? Sign up free →

Inspection Setup

Inspection date and time

Record the exact date and time this inspection is conducted.

Inspector name and role

Full name and job title of the person conducting this inspection (e.g., IT Security Analyst, Compliance Officer).

Workstation asset tag / hostname

Enter the asset tag number or network hostname of the workstation being inspected.

Agent name or station ID (if occupied)

Name or station ID of the agent assigned to this workstation, if applicable. Leave blank for unassigned stations.

Operating system and version

Select the operating system installed on the workstation.

Screen Lock and Idle Timeout Configuration

Screen lock / screensaver idle timeout is configured critical (required)

Confirm that an idle timeout triggering screen lock or screensaver is set at the OS level. A 'No' answer is an automatic failure.

Yes No N/A

Idle timeout value (minutes) critical (required)

Record the currently configured idle timeout in minutes. Acceptable range is 1–15 minutes per policy. Values above 15 minutes constitute a non-conformance.

Screen lock activates automatically upon idle timeout (observed or verified in settings) critical (required)

Confirm by direct observation or settings review that the workstation screen locks (not merely dims) when the idle timeout elapses.

Yes No N/A

Timeout setting is enforced via Group Policy or MDM (not user-adjustable) critical (required)

Verify that the idle timeout is pushed via Active Directory Group Policy, Intune, or equivalent MDM so individual agents cannot increase or disable it.

Yes No N/A

Re-Authentication Requirements

Password or credential prompt is required to unlock the screen critical (required)

Attempt to unlock the workstation from a locked state and confirm a password, PIN, smart card, or biometric prompt is presented. Bypassing without credentials is a critical deficiency.

Yes No N/A

Authentication method in use

Record the authentication method required at screen unlock.

Guest or auto-login is disabled on this workstation critical (required)

Confirm that guest accounts and automatic login features are disabled, preventing bypass of the lock screen.

Yes No N/A

Failed unlock attempts trigger account lockout per policy

Verify that repeated failed unlock attempts result in account lockout consistent with the organization's account lockout policy (e.g., ≤ 5 failed attempts).

Yes No N/A

Physical Workstation Security

Workstation is located in an access-controlled area (badge, key, or escort required)

Confirm the workstation is within a physically secured area that restricts entry to authorized personnel only.

Yes No N/A

Monitor screen is not directly visible to unauthorized passersby (visual privacy)

Assess whether the monitor orientation or a privacy screen filter prevents shoulder-surfing by non-authorized individuals.

Yes No N/A

Workstation is free of written passwords or credentials posted visibly (sticky notes, whiteboards, etc.) critical (required)

Inspect the immediate workstation area for any written credentials that could allow an unauthorized person to unlock the session.

Yes No N/A

Application-Level Session Timeout (EHR / CRM)

Does this workstation access an EHR or other regulated application?

If 'No', mark remaining items in this section as N/A in comments and proceed to the next section.

Yes No N/A

Application-level session timeout is enabled in the EHR / regulated app critical (required)

Confirm the EHR or regulated application has its own inactivity timeout configured, independent of the OS screen lock.

Yes No N/A

Application session timeout value (minutes)

Record the application-level idle timeout in minutes. Acceptable range per EHR best practice is 1–15 minutes.

Deficiency Documentation and Corrective Actions

Number of deficiencies identified during this inspection

Enter the total count of items marked 'No' or out-of-range during this inspection.

All critical deficiencies have an assigned corrective action owner critical (required)

Confirm that every critical non-conformance has a named responsible party documented in the corrective action log.

Yes No N/A

Target remediation date for open deficiencies

Record the agreed target date by which all open deficiencies will be remediated and re-verified.

Photo evidence attached for any critical deficiency

Confirm that photographic evidence has been captured for each critical deficiency to support the corrective action record.

Yes No N/A

Inspector signature

Inspector signature confirming the accuracy of all findings recorded in this compliance check.

Get your results

Enter your email — we'll send you a PDF of your filled-out template, plus the occasional MangoScoop newsletter (templates, workflow tips, product updates). Unsubscribe anytime — link is in every email.

Email (required)

Your name (optional)

Generated with MangoApps Templates — browse 250+ free