Last updated on April 20, 2022
One of the simplest ways to become compliant with basic privacy and security principles, increase productivity, and have a great-looking office is to implement a Clean Desk Policy.
A clean desk policy and a clear screen policy work hand-in-hand to safeguard your organization’s sensitive information.
What is a Clean Desk Policy?
A clean desk policy instructs that all employees must clear their desks at the end of each work day. This not only includes documents and notes, but any post-it notes, businesses cards, and removable media (e.g. USB memory sticks).
The purpose of the clean desk policy is to help your organization reduce the risk of information theft, fraud, or a security breach caused by sensitive information being left unattended and visible in plain view. In addition, a clean and organized work environment can help to reduce stress, as well as increase productivity.
The Benefits of a Clean Desk Policy
A clean desk policy should be adopted because of the numerous benefits it can provide your organization.
1. Save Time and Money
According to an IDC report, a typical employee in your organization spends 2.5 hours a day searching for information. Assuming the knowledge workers in your organization earn $80,000 a year, a 1000-person organization loses approximately $2.5 million dollars a year from the inability to locate and retrieve information.
A clean desk policy will encourage employees to use digital versions of documents, significantly reducing your organization’s costs of paper, ink toner, and printer maintenance.
2. Make Good Impressions
Who knows who and when someone will visit your office? A clean and tidy workspace makes your organization look efficient and presentable to anyone who decides to visit, including the auditors!
3. Easy ISO Compliance
A clean desk policy is not only ISO 27001/17799 compliant, it also complies with basic privacy principles.
Canada’s federal privacy legislation PIPEDA requires that Canadian organizations safeguard personal information. UK’s Data Protection Act requires organizations in the UK to ensure that personal information is kept secure.
4. Discourages Prying Eyes
Employees usually leave sensitive information on their desks.
Post-it notes are usually the worst culprit, containing names, phone numbers, and even user names and passwords visible in plain view. These habits encourage dishonest employees, cleaning crews, and maintenance staff to view information they should not have access to.
5. Reduce Stress
A place for everything and everything in its place. When your employees are organized they can spend more time concentrating on work rather than feeling stressed because they can’t find a report due in the next 10 minutes.
Implementing a Clean Desk Policy
You are convinced that your organization needs a clean desk policy. Great! Here are a few steps to help you implement a policy.
When it comes to implementing a clean desk policy in the workplace, getting employee buy–in is essential for its success. When employees are aware of the benefits of a clean desk policy, they are more likely to be on board with it. Some of the employee benefits of a clean desk policy include increased productivity, decreased chances of losing important documents, and improved workflows.
If you want your employees to buy into the clean desk policy, it is important to encourage feedback. This will allow you to make changes to the policy based on employee feedback, which will make it more likely that employees will comply with the policy.
Put it in Writing
A clean desk policy should be in writing and communicated to all employees, especially during introductory and refresher training. Consequences for failure to comply should be serious yet practical, especially if your organization works with much sensitive information. Have all employees sign the document for approval.
Add a Reminder to Email Signatures
You have probably seen it below many email signatures: Please consider the environment before printing this email. If your organization uses standardized email signatures, consider having this reminder added to the bottom.
You can’t implement a clean desk policy if you have no where for employees to put their documents. Consider purchasing small, lockable storage boxes for employees that fit under their desk.
Encourage Electronic Documents
Have employees work with electronic documents whenever possible. Without the need to print and work with physical papers, your employees will always have a clear desk whenever they log out of their computers.
Get Rid of Documents Securely
Your employees should never throw any work-related documents into the waste basket. Once garbage leaves your company’s doors, it becomes public property. Nothing can ruin your organization quicker than careless employees throwing sensitive information into a waste basket. Your organization does not want to be on the front page of the newspaper for exposing sensitive information.
Implement a document destruction policy to ensure all documents are disposed of securely.
Perform Routine Backups
If you discourage employees from using physical documents, make sure your organization has a dependable backup routine in place. Employees need to know that their documents will be safe in the event of a power loss or hard-drive crash.
Make it Easy for Employees to Comply with the Policy
If complying with the policy is difficult or inconvenient for employees, they are less likely to do so. Be sure to provide adequate storage solutions and make it easy for employees to access them.
Lead by Example
As with any change in the workplace, it is important for leaders to lead by example. If you expect your employees to adhere to the policy, be sure to do so yourself. This will show your employees that you are committed to the policy and that it is important to you.
Enforcing a Clean Desk Policy
Implementing a clean desk policy and having a nonchalant attitude towards enforcement will render your policy useless.
Have someone conduct random weekly checks, possibly at the end of a work day. All papers, notes, post-its, or any other documents containing sensitive information should be shredded immediately. Removable media, such as CDs, floppy disks, or memory sticks can be confiscated temporarily. It is usually a good idea to have this responsibility with one person. In many organizations, it is the office manager that conducts these checks.
Looking for an audit checklist? See our free clean desk policy audit checklist.
Upper Management Support
A clean desk policy needs to be taken seriously — especially with all levels of management. If your employees see that upper management does not have to abide by the policy, they will soon lose faith.
The fact that upper management usually handles more sensitive documents should reinforce the need for a clean desk policy for all employees regardless of their status within the organization.