Browse Definitions :
Definition

clean desk policy (CDP)

A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office. Most CDPs require employees to clear their desks of all papers at the end of the day.

In the past, implementation of a clean desk policy was at discretion of the management. Employees at companies like UPS, for example, have adhered to a CDP for years because the culture established by founder James Casey encouraged employees to strive for order, to keep their offices free of clutter and to present outsiders with an impression of professionalism and competence. Today, CDPs are increasingly being motivated by information security compliance regulations such as ISO 27001 and the Data Protection Act.

To be effective, a CDP should be in writing with clear instructions for what actions the employee is supposed to take. Like an acceptable use policy (AUP), the CDP should be a signed contract that outlines what is expected of the employee, what is expected of the employer, who is responsible for monitoring the success of the policy, how monitoring will be done and what the consequences will be for policy non-compliance.

Typically, employees are responsible for clearing their desks when they leave the office at the end of the day and employers are responsible for providing access to a paper shredder and storage space. The office manager or the employee's supervisor might be tasked with checking the office at the end of the day and confiscating or destroying any folders, papers or portable storage media an employee might have left out on their desk. Consequences for policy non-compliance could be anything from a verbal warning to a monetary fine, according to the specifications of the policy.

Although a CDP helps protect sensitive corporate and client data assets by limiting exposure to external parties (such as cleaning staff), it can hamper the work of employees who use visual controls to do their jobs. 'Visual control' is a term that grew out of lean production. It simply means that proprietary information needs to be displayed in full view for everyone to see. A visual control may be something that needs to be physically manipulated, like an agile programming scrum chart, or something that has too many components to be stored easily at the end of each day. In such cases, a CDP for compliance can still be carried out by grouping employees who use visual controls together in one office and making the employees in that office responsible for physically cleaning their workspace (vacuuming, dusting, taking out the trash) so outsiders are not given the opportunity to view corporate or client information.

This was last updated in January 2010
SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • threat modeling

    Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and ...

  • distributed denial-of-service (DDoS) attack

    A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a ...

  • social engineering

    Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into ...

SearchHealthIT
SearchDisasterRecovery
  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

SearchStorage
  • bare-metal cloud

    Bare-metal cloud is a public cloud service that offers dedicated hardware resources without any installed operating systems or ...

  • race condition

    A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at ...

  • storage security

    Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted ...

Close