Clean desk policy

Estimated time: 15 min

Justification

In any kind of organization, it’s natural to arrange large amounts of highly sensitive information in the paper. On the other hand, when we talk about digital workspaces, the devices used to store and manipulate data, becomes an object of interest to those who might want somewhat compromise the organization. The idea behind this policy is to establish a set of strategies to ensure both the physical information and the integrity of the equipment. This policy is one of the most linked to daily basis tasks since it considers activities that must be carried out during the entire working day.

Input data

• Template 3: Clean desk policy available in the physical or digital form to be filled out during the course of the activity.

Policies to be developed

The initial intention is, the Clean desk policy is explicitly found in most reference frames used in various organizations.

Guiding questions

1. What is the scope of this policy?
2. What measures should be taken in the organization´s workspaces?
3. How should physical information be handled in workspaces?
4. How should physical information be available once is dismissed?

Scope of the policy

In summary, the scope associated with this policy, available in section (1) of the clean desk policy template, covers the following aspects:

• Workspaces affected by this policy.
• A person affected by this policy.

Measures in spaces with work devices

What measures should be taken in the organization’s workspaces? Discuss, modify and approve the content of section (2) of the corresponding template. Some of the most important aspects discussed in this section are:

• Particular steps to follow at the end of the workday.
• Management of unattended devices during the workday.
• Use of a physical shield mechanism for devices in workspaces.

Management of physical data in workspaces

How should physical data be managed in workspaces? Discuss, modify and approve the content of section (3) of the corresponding template. Some of the most important aspects discussed in this section are:

• Processes to follow at the end of the day to keep the workspaces free of sensitive data.
• Management of filing cabinets or other physical data shield mechanisms.
• Management of furniture keys and safety boxes.
• Existence of sensitive data in workspaces.
• Management of paper in printers.
• Management of information on blackboards and billboards.
• Management of portable digital storage devices.

Physical information layout

How should physical information be available once it has to be dismissed?

Discuss, modify and approve the content in the section (4) of the corresponding template. Some of the most important aspects discussed in this section are:

• The use of equipment or techniques to make unintelligible physical information.
• To secure places by depositing information in physical after it has been processed for its disposal.

References

• R19:
  Clean Desk Policy template SANS Institute