Security policy

Sample clean desk policy

Security policy

Show More

This clean desk policy comes from a company with approximately 2,000 employees that offers human resource and administrative services to companies looking to outsources those functions. The document explains the security implications on a not-clean desk and outlines the employee's responsibilities.

You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use).

Want to provide a policy or checklist? Contributions are welcome, as is expert commentary. Send your thoughts to Amy Bennett (abennett@cxo.com).

Clean Desk Policy

1. Overview

a. The purpose for this policy is to establish a culture of security and trust for all employees at (company). An effective clean desk effort involving the participation and support of all (Company Name) employees can greatly protect paper documents that contain sensitive information about our clients, customers and vendors. All employees should familiarize themselves with the guidelines of this policy.

2. Purpose

a. The main reasons for a clean desk policy are:

i. A clean desk can produce a positive image when our customers visit the company.

ii. It reduces the threat of a security incident as confidential information will be locked away when unattended.

iii. Sensitive documents left in the open can be stolen by a malicious entity.

3. Responsibility

a. All staff, employees and entities working on behalf of [COMPANY] are subject to this policy

4. Scope

a. At known extended periods away from your desk, such as a lunch break, sensitive working papers are expected to be placed in locked drawers.

b. At the end of the working day the employee is expected to tidy their desk and to put away all office papers. (Company) provides locking desks and filing cabinets for this purpose.

5. Action

a. Allocate time in your calendar to clear away your paperwork.

b. Always clear your workspace before leaving for longer periods of time.

c. If in doubt - throw it out. If you are unsure of whether a duplicate piece of sensitive documentation should be kept - it will probably be better to place it in the shred bin.

d. Consider scanning paper items and filing them electronically in your workstation.

e. Use the recycling bins for sensitive documents when they are no longer needed.

f. Lock your desk and filing cabinets at the end of the day

g. Lock away portable computing devices such as laptops or PDA devices

h. Treat mass storage devices such as CDROM, DVD or USB drives as sensitive and secure them in a locked drawer

6. Enforcement

a. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

7. Revision History

a. Policy is in effect on (date)

b. Document revised on (date)

Find more sample security policies on CSO's templates and tools page. Also see What's wrong with this picture? The NEW clean desk test

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)