A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office. Most CDPs require employees to clear their desks of all papers at the end of the day.
In the past, implementation of a clean desk policy was at discretion of the management. Employees at companies like UPS, for example, have adhered to a CDP for years because the culture established by founder James Casey encouraged employees to strive for order, to keep their offices free of clutter and to present outsiders with an impression of professionalism and competence. Today, CDPs are increasingly being motivated by information security compliance regulations such as ISO 27001 and the Data Protection Act.
To be effective, a CDP should be in writing with clear instructions for what actions the employee is supposed to take. Like an acceptable use policy (AUP), the CDP should be a signed contract that outlines what is expected of the employee, what is expected of the employer, who is responsible for monitoring the success of the policy, how monitoring will be done and what the consequences will be for policy non-compliance.
Typically, employees are responsible for clearing their desks when they leave the office at the end of the day and employers are responsible for providing access to a paper shredder and storage space. The office manager or the employee's supervisor might be tasked with checking the office at the end of the day and confiscating or destroying any folders, papers or portable storage media an employee might have left out on their desk. Consequences for policy non-compliance could be anything from a verbal warning to a monetary fine, according to the specifications of the policy.
Although a CDP helps protect sensitive corporate and client data assets by limiting exposure to external parties (such as cleaning staff), it can hamper the work of employees who use visual controls to do their jobs. 'Visual control' is a term that grew out of lean production. It simply means that proprietary information needs to be displayed in full view for everyone to see. A visual control may be something that needs to be physically manipulated, like an agile programming scrum chart, or something that has too many components to be stored easily at the end of each day. In such cases, a CDP for compliance can still be carried out by grouping employees who use visual controls together in one office and making the employees in that office responsible for physically cleaning their workspace (vacuuming, dusting, taking out the trash) so outsiders are not given the opportunity to view corporate or client information.