Credit: Jay Wennington This clean desk policy comes from a company with approximately 2,000 employees that offers human resource and administrative services to companies looking to outsources those functions. The document explains the security implications on a not-clean desk and outlines the employee’s responsibilities.You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use).Clean Desk Policy1. Overviewa. The purpose for this policy is to establish a culture of security and trust for all employees at (company). An effective clean desk effort involving the participation and support of all (Company Name) employees can greatly protect paper documents that contain sensitive information about our clients, customers and vendors. All employees should familiarize themselves with the guidelines of this policy.2. Purposea. The main reasons for a clean desk policy are:i. A clean desk can produce a positive image when our customers visit the company.ii. It reduces the threat of a security incident as confidential information will be locked away when unattended.iii. Sensitive documents left in the open can be stolen by a malicious entity.3. Responsibilitya. All staff, employees and entities working on behalf of [COMPANY] are subject to this policy4. Scopea. At known extended periods away from your desk, such as a lunch break, sensitive working papers are expected to be placed in locked drawers.b. At the end of the working day the employee is expected to tidy their desk and to put away all office papers. (Company) provides locking desks and filing cabinets for this purpose.5. Actiona. Allocate time in your calendar to clear away your paperwork.b. Always clear your workspace before leaving for longer periods of time.c. If in doubt – throw it out. If you are unsure of whether a duplicate piece of sensitive documentation should be kept – it will probably be better to place it in the shred bin.d. Consider scanning paper items and filing them electronically in your workstation.e. Use the recycling bins for sensitive documents when they are no longer needed.f. Lock your desk and filing cabinets at the end of the dayg. Lock away portable computing devices such as laptops or PDA devicesh. Treat mass storage devices such as CDROM, DVD or USB drives as sensitive and secure them in a locked drawer6. Enforcementa. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.7. Revision Historya. Policy is in effect on (date)b. Document revised on (date) Get more sample security policies from CSO. Related content brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Generative AI Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe