Browse Definitions :
Definition

clean desk policy (CDP)

A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office. Most CDPs require employees to clear their desks of all papers at the end of the day.

In the past, implementation of a clean desk policy was at discretion of the management. Employees at companies like UPS, for example, have adhered to a CDP for years because the culture established by founder James Casey encouraged employees to strive for order, to keep their offices free of clutter and to present outsiders with an impression of professionalism and competence. Today, CDPs are increasingly being motivated by information security compliance regulations such as ISO 27001 and the Data Protection Act.

To be effective, a CDP should be in writing with clear instructions for what actions the employee is supposed to take. Like an acceptable use policy (AUP), the CDP should be a signed contract that outlines what is expected of the employee, what is expected of the employer, who is responsible for monitoring the success of the policy, how monitoring will be done and what the consequences will be for policy non-compliance.

Typically, employees are responsible for clearing their desks when they leave the office at the end of the day and employers are responsible for providing access to a paper shredder and storage space. The office manager or the employee's supervisor might be tasked with checking the office at the end of the day and confiscating or destroying any folders, papers or portable storage media an employee might have left out on their desk. Consequences for policy non-compliance could be anything from a verbal warning to a monetary fine, according to the specifications of the policy.

Although a CDP helps protect sensitive corporate and client data assets by limiting exposure to external parties (such as cleaning staff), it can hamper the work of employees who use visual controls to do their jobs. 'Visual control' is a term that grew out of lean production. It simply means that proprietary information needs to be displayed in full view for everyone to see. A visual control may be something that needs to be physically manipulated, like an agile programming scrum chart, or something that has too many components to be stored easily at the end of each day. In such cases, a CDP for compliance can still be carried out by grouping employees who use visual controls together in one office and making the employees in that office responsible for physically cleaning their workspace (vacuuming, dusting, taking out the trash) so outsiders are not given the opportunity to view corporate or client information.

This was last updated in January 2010
SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • email spam

    Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients.

  • security policy

    A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT...

  • shadow password file

    A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • bare-metal restore

    A bare-metal restore (also referred to as bare-metal recovery or bare-metal backup) is a data recovery and restoration process ...

  • mSATA SSD (mSATA solid-state drive)

    An mSATA SSD is a solid-state drive (SSD) that conforms to the mSATA interface specification developed by the Serial ATA (SATA) ...

  • network-attached storage (NAS)

    Network-attached storage (NAS) is dedicated file storage that enables multiple users and heterogeneous client devices to retrieve...

Close