What is a Clear Desk Policy?
A clear desk policy is one of the simplest ways to be compliant with basic information security. It is a simple way to protect your business.
It is about making sure that confidential information is not left on a desk or open office overnight. It includes your home office. It is about protecting information when unattended.
The purpose of the clear desk policy is to help your organization reduce the risk of information theft, fraud, or a security breach caused by confidential information being left unattended and visible in plain view.
The clear desk policy is about clear screen and locking your screen when not at your desk.
Clear Desk Policy Template
The clear desk policy template is a simple and effective way to set out the requirements and management of clear desks and protected screens.
The 5 Benefits of a Clear Desk Policy
- It protects your organisation by placing that confidential information out of sight and out of reach when unattended
- It encourages a tidy work space that can increase productivity
- It ensures compliance with standards such as ISO 27001 and SOC 2
- It is best practice in many organisations across the globe
- It is good for the environment as it encourages digital documents over physical print outs
How to implement a clear desk policy in 3 simple steps
Implementing a clear desk policy is straight forward, and on the whole, is common sense.
- Inform staff of where the policy is, encourage them to read it and test their understanding of what is required.
- Provide cross cut shredders and lockable storage in office’s, next to printers and to home workers that need to print confidential information
- Perform checks on a periodic basis by doing an office floor walk or remote video call check
How to write a clear desk policy
Time needed: 4 hours.
How to write the clear desk policy in a step by step guide.
- Create your version control and document mark-up
ISO 27001 documents require version control of the author, the change, the date and the version as well as document mark up such as document classification.
- Write the document purpose
Write the purpose of the document. The purpose of this policy is to reduces the risks of unauthorized access, loss of and damage to information during and outside normal working hours.
- Write the scope of the policy
All company employees and external party users.
Confidential information in electronic and paper form.
Monetary items and associated resources.
- Write the principle on which the policy is based
Clear desk and clear screen are ensuring that resources of value and confidential information are secured from unauthorised access, loss, or damage when not in use.
- Write the content for the required sections
Internal, Confidential and Critical Information
Printers, Photocopiers and Reproduction Technology
Cash, Cheques, Bank Cards, Payment Devices
Clear Desk Policy FAQ
A clear desk policy is in place to provide guidance on what people should do when it comes to their desks either at home or at the office. It is not about cleaning but it is about making sure that important information and devices are secured when not in use. We do not want to leave them on desks when unattended.
You don’t HAVE to but keeping a clean and tidy desk can reap productivity benefits.
Secure them, ideally in lockable storage. Keeping them in a room that can be locked is also advisable. In basic terms don’t leave them where people can easily take them.