Clear Desk Policy: the complete guide

Clear Desk Policy: the complete guide

What a clear desk policy contains, how to write it, how to implement it and a downloadable template.

What is a Clear Desk Policy?

A clear desk policy is one of the simplest ways to be compliant with basic information security. It is a simple way to protect your business.

It is about making sure that confidential information is not left on a desk or open office overnight. It includes your home office. It is about protecting information when unattended.

The purpose of the clear desk policy is to help your organization reduce the risk of information theft, fraud, or a security breach caused by confidential information being left unattended and visible in plain view.

The clear desk policy is about clear screen and locking your screen when not at your desk.

Fay Barker Laugh and Smile - High Table Client Director

Clear Desk Policy Template

The clear desk policy template is a simple and effective way to set out the requirements and management of clear desks and protected screens.

The 5 Benefits of a Clear Desk Policy

  1. It protects your organisation by placing that confidential information out of sight and out of reach when unattended
  2. It encourages a tidy work space that can increase productivity
  3. It ensures compliance with standards such as ISO 27001 and SOC 2
  4. It is best practice in many organisations across the globe
  5. It is good for the environment as it encourages digital documents over physical print outs

How to implement a clear desk policy in 3 simple steps

Implementing a clear desk policy is straight forward, and on the whole, is common sense.

  1. Inform staff of where the policy is, encourage them to read it and test their understanding of what is required.
  2. Provide cross cut shredders and lockable storage in office’s, next to printers and to home workers that need to print confidential information
  3. Perform checks on a periodic basis by doing an office floor walk or remote video call check

How to write a clear desk policy

Time needed: 4 hours.

How to write the clear desk policy in a step by step guide.

  1. Create your version control and document mark-up

    ISO 27001 documents require version control of the author, the change, the date and the version as well as document mark up such as document classification.

  2. Write the document purpose

    Write the purpose of the document. The purpose of this policy is to reduces the risks of unauthorized access, loss of and damage to information during and outside normal working hours.

  3. Write the scope of the policy

    All company employees and external party users.
    Confidential information in electronic and paper form.
    Monetary items and associated resources.

  4. Write the principle on which the policy is based

    Clear desk and clear screen are ensuring that resources of value and confidential information are secured from unauthorised access, loss, or damage when not in use.

  5. Write the content for the required sections

    Internal, Confidential and Critical Information
    Printers, Photocopiers and Reproduction Technology
    Cash, Cheques, Bank Cards, Payment Devices
    Media Disposal
    Desk Cleaning
    Policy Compliance
    Compliance Measurement
    Exceptions
    Non-Compliance
    Continual Improvement

Clear Desk Policy FAQ

Why do we have a clear desk policy?

A clear desk policy is in place to provide guidance on what people should do when it comes to their desks either at home or at the office. It is not about cleaning but it is about making sure that important information and devices are secured when not in use. We do not want to leave them on desks when unattended.

Do I have to clean my desk?

You don’t HAVE to but keeping a clean and tidy desk can reap productivity benefits.

What should I do with confidential data and devices when I am not at my desk?

Secure them, ideally in lockable storage. Keeping them in a room that can be locked is also advisable. In basic terms don’t leave them where people can easily take them.

ISO 27001 Certification

ISO 27001 Templates Toolkit: Business Edition

ISO 27001 Policy Templates: Professional Edition

Shopping Cart