Clean Desk Policy

IT & Security Security Policies Last reviewed: 2025-06-15 Owner: IT Security Team

Purpose

The Clean Desk Policy is designed to reduce the risk of information theft, fraud, and security breaches by ensuring that sensitive documents and portable storage media are not left unattended on desks or in open areas. A clean desk environment also supports a professional workplace and assists with compliance during regulatory inspections and client visits.

Policy Reference: IT-SEC-004
Effective Date: 1 June 2024
Review Date: 1 June 2025
Applies To: All employees, contractors, and temporary staff across all Global Bank premises

Policy Requirements

End of Day

At the end of each working day, or when leaving the office for an extended period, all employees must:

  • Remove all paper documents from the desk surface and store them in a locked drawer, filing cabinet, or secure document storage unit.
  • Place any documents classified as Confidential or Restricted in the designated secure cabinets provided in each department.
  • Ensure that no client information, financial records, or personal data is visible or accessible on the desk.
  • Lock computer screens (Windows: Win + L; macOS: Ctrl + Cmd + Q).
  • Store portable media (USB drives, external hard drives) in a locked drawer. Note: USB drives must be encrypted and approved — see USB and Removable Media Policy (IT-SEC-005).
  • Place any sensitive waste in the confidential shredding bins, not in general waste or recycling.

During the Working Day

During the working day, employees should:

  • Minimise the number of sensitive documents on the desk to only those actively being worked on.
  • Turn documents face-down or cover them when leaving the desk, even briefly.
  • Lock the computer screen whenever leaving the workstation, regardless of the duration of absence.
  • Use the secure print function for all printing of Confidential and Restricted documents. Collect printed documents from the printer immediately.
  • Do not leave whiteboards or flipcharts displaying sensitive information in meeting rooms after meetings conclude.

Meeting Rooms

  • After each meeting, the organiser is responsible for ensuring that all whiteboards are erased and any printed materials or notes are collected or securely disposed of.
  • Electronic displays should be disconnected from laptops and returned to the default welcome screen.
  • Check the room for any documents or devices left behind by attendees.

Shared and Hot-Desk Areas

In shared working areas and hot-desking zones, the clean desk requirements apply at all times, including when temporarily stepping away from the desk. Personal lockers are provided for storing items during the working day. At the end of each day, the desk must be completely cleared.

Secure Storage Facilities

Each department is equipped with:

  • Lockable pedestals: Assigned to each permanent desk for personal storage of documents and devices.
  • Departmental secure cabinets: For Confidential and Restricted documents that require shared access within the team.
  • Personal lockers: Available in hot-desk areas for temporary daily storage.
  • Confidential shredding bins: Located at key points on each floor for disposal of sensitive paper waste.

If you require additional secure storage, contact Facilities Management at facilities@globalbank.com.

Compliance Checks

The IT Security Team and Facilities Management conduct regular clean desk audits, both scheduled and unannounced. During an audit:

  • Desks are inspected after standard working hours.
  • Any sensitive documents or unsecured devices found on desks will be collected and held by Security.
  • The desk owner will be notified and required to collect the items from the Security Office with valid identification.
  • Repeated violations will be reported to the employee's line manager and may result in disciplinary action.

Exceptions

Certain roles may require exemptions from specific aspects of this policy (e.g., trading floor staff who must maintain reference materials during market hours). Exemptions must be formally requested through the IT Security Team and approved by the department head. All exemptions are reviewed quarterly.

Contact

  • IT Security Team: itsecurity@globalbank.com | Ext. 2200
  • Facilities Management: facilities@globalbank.com | Ext. 3000

Related Articles

Data Classification Policy

Policy defining the four data classification levels at Global Bank, along with handling requirements, labelling standards, and storage rules for each level.

Updated 2025-10-01

Email Security Guidelines

Guidelines for the secure use of corporate email, including encryption requirements, external communication rules, and data loss prevention controls.

Updated 2025-09-05

Password Policy and Best Practices

Mandatory password requirements for all Global Bank systems, along with best practices for creating and managing strong, secure passwords.

Updated 2026-01-10