Skip to main content

Clean Desk Policy

Source basis

Ported from policies/Core 12 Security Policy - Clean Desk Policy.md in the legacy ISMS backup. Use this as the current maintained Markdown version and track operational records in core12-isms-management.

The Core 12, LLC Information Security Policy requires all employees maintain a clean desk to ensure the security of confidential information.

Listed below are the minimum standards that must be implemented in order to ensure the effectiveness of the clean desk policy.

These standards must be followed when working from the office, home, or while traveling.

  • Employees are required to ensure that all sensitive/confidential information in hardcopy or electronic form is secure in their work area at the end of the day and when they are expected to be gone for an extended period.

  • File servers containing Confidential and/or Internal Information must be installed in a secure area to prevent theft, destruction, or access by unauthorized individuals.

  • Computer workstations must be locked when workspace is unoccupied.

  • Any Restricted or Sensitive information must be removed from the desk and locked in a drawer when the desk is unoccupied and at the end of the workday.

  • File cabinets containing Restricted or Sensitive information must be kept closed and locked when not in use or when not attended.

  • Keys used for access to Restricted or Sensitive information must not be left at an unattended desk.

  • Passwords may not be left on sticky notes posted on or under a computer, nor may they be stored written down in any manner. Written passwords need to be shredded or otherwise destroyed when they are done being used.

  • Printouts containing confidential information should be immediately removed from the printer.

  • Upon disposal confidential documents should be shredded and disposed of with an approved vendor.

  • Whiteboards containing Restricted and/or Sensitive information should be erased.

  • Mass storage devices such as USB drives or external hard drives with confidential information are encrypted and secured in a locked drawer.