PS-11 – Clear Desk Policy – PII

Estimated reading: 2 minutes 645 views

What is this control about?

Implementing the ‘Clear Desk Policy’ is of utmost importance in maintaining information security and protecting sensitive data within an organization. This control focuses on establishing a culture of tidiness and security-consciousness among employees by requiring them to clear their workspaces of sensitive information and securely store documents and devices when not in use. Implementing a formal  ‘Clear Desk Policy’ can help with:

  • ensuring that sensitive and confidential information is not left exposed on desks or workstations, reducing the risk of unauthorized access or data breaches.
  • mitigating insider threats by reducing the opportunity for malicious employees or individuals to access or steal sensitive data from unattended workspaces.
  • complying with privacy regulations and data protection laws that require organizations to safeguard sensitive information.

 

Available tools in the marketplace

Tools
No tool recommendation is made for this section.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

Control implementation

To implement this control, you need to consider the following: 

  • Policy Development: Begin by developing a comprehensive “Clear Desk Policy” that clearly outlines the requirements and expectations for employees to keep their workspaces tidy and free of sensitive information when not in use. The policy should emphasize the importance of data confidentiality and the potential risks associated with leaving information exposed. Make sure to communicate the policy to all employees.
  • Employee Training: Conduct training sessions to educate employees about the ‘Clear Desk Policy.’ Explain the rationale behind the policy, the types of sensitive information it applies to, and the potential consequences of non-compliance.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action.

  1. A documented clear desk policy

Evidence example

For the suggested action, an example is provided below:

  1. A documented clear desk policy

Use the Clear Desk Policy Template

 

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR