[{"data":1,"prerenderedAt":472},["ShallowReactive",2],{"document-clean-desk-policy-D12629":3},{"document":4,"label":23,"preview":11,"thumb":24,"thumb600":25,"description":5,"descriptionCustom":6,"apiDescription":5,"pages":8,"extension":10,"parents":26,"breadcrumb":30,"related":36,"customDescModule":168,"customdescription":6,"mdFm":169,"mdProseHtml":471},{"description":5,"descriptionCustom":6,"label":7,"pages":8,"size":9,"extension":10,"preview":11,"thumb":12,"svgFrame":13,"seoMetadata":14,"parents":16,"keywords":15},"CLEAN DESK POLICY OVERVIEW [COMPANY NAME] is committed to developing security policies and practices and, in doing so, has implemented this clean office policy to increase physical security in [COMPANY NAME]'s offices. A clean office policy is a powerful tool to ensure that all sensitive/confidential documents are removed from the end user's workspace and locked when items are not used or when an employee leaves the workstation. The goal is to minimize the risk of security breaches in the workplace. PURPOSE The purpose of this policy is to ensure that confidential information and sensitive documents are kept away from inquisitive eyes when they are not used by authorized personnel or when the employee leaves his or her workspace. This policy is also intended to increase employee awareness of the protection of sensitive information. OBJECTIVE The objective of this policy is to establish minimum requirements for maintaining a \"clean office\", where sensitive/critical information about employees, intellectual property, customers, partners and suppliers is protected in locked areas and out off site. A Clean Desk policy not only complies with the highest industry protection standard but is also part of the standard basic controls for confidentiality. SCOPE This policy applies to all current employees and affiliates of [COMPANY NAME], including full-time and part-time, contractual, permanent and temporary employees and also applies to job applicants. POLICY Employees are required to protect all sensitive or confidential information in their workspace at the end of the working day and when they are absent from their workspace for a prolonged period of time. This includes electronic and physical hardcopy information. Whiteboards containing confidential and/or sensitive information should be erased after use. If you are not sure that a duplicate of a sensitive document should be kept, it is probably better to place it in the locked shredder bin. Consider scanning paper items and filing them electronically in your workstation. Desktops/laptops must be locked (disconnected or turned off) when left unattended and at the end of the working day. Portable devices such as laptops and tablets that stay overnight in the office should be turned off and stored out of sight. Laptops must be either locked with a locking cable or locked away in a drawer. Keys used to access restricted or sensitive information and physical access cards should not be left unattended on a desk",null,"Clean Desk Policy","3",513,"doc","https://templates.business-in-a-box.com/imgs/1000px/clean-desk-policy-D12629.png","https://templates.business-in-a-box.com/imgs/250px/12629.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12629.xml",{"title":15,"description":6},"clean desk policy",[17,20],{"label":18,"url":19},"Human Resources","/templates/human-resources/",{"label":21,"url":22},"Company Policies","/templates/company-policies/","Clean Desk Policy Template","https://templates.business-in-a-box.com/imgs/400px/12629.png","https://templates.business-in-a-box.com/imgs/600px/12629.png",[27,17,20],{"label":28,"url":29},"Templates","/templates/",[31,32,33],{"label":28,"url":29},{"label":18,"url":19},{"label":34,"url":35},"Workplace Policies","/templates/workplace-policies/",[37,41,45,49,53,57,61,65,69,73,77,81,85,100,113,127,143,155],{"label":38,"url":39,"thumb":40,"extension":10},"AI Policy","/template/ai-policy-D13598","https://templates.business-in-a-box.com/imgs/250px/13598.png",{"label":42,"url":43,"thumb":44,"extension":10},"Application Policy","/template/application-policy-D13439","https://templates.business-in-a-box.com/imgs/250px/13439.png",{"label":46,"url":47,"thumb":48,"extension":10},"Attendance Policy","/template/attendance-policy-D12625","https://templates.business-in-a-box.com/imgs/250px/12625.png",{"label":50,"url":51,"thumb":52,"extension":10},"Backup Policy","/template/backup-policy-D13249","https://templates.business-in-a-box.com/imgs/250px/13249.png",{"label":54,"url":55,"thumb":56,"extension":10},"Billing Policy","/template/billing-policy-D13603","https://templates.business-in-a-box.com/imgs/250px/13603.png",{"label":58,"url":59,"thumb":60,"extension":10},"Branding Policy","/template/branding-policy-D13606","https://templates.business-in-a-box.com/imgs/250px/13606.png",{"label":62,"url":63,"thumb":64,"extension":10},"Cancellation Policy","/template/cancellation-policy-D12627","https://templates.business-in-a-box.com/imgs/250px/12627.png",{"label":66,"url":67,"thumb":68,"extension":10},"Complaint Policy","/template/complaint-policy-D12631","https://templates.business-in-a-box.com/imgs/250px/12631.png",{"label":70,"url":71,"thumb":72,"extension":10},"Cookie Policy","/template/cookie-policy-D13174","https://templates.business-in-a-box.com/imgs/250px/13174.png",{"label":74,"url":75,"thumb":76,"extension":10},"Credit Policy","/template/credit-policy-D12633","https://templates.business-in-a-box.com/imgs/250px/12633.png",{"label":78,"url":79,"thumb":80,"extension":10},"Disability Policy","/template/disability-policy-D12635","https://templates.business-in-a-box.com/imgs/250px/12635.png",{"label":82,"url":83,"thumb":84,"extension":10},"Diversity Policy","/template/diversity-policy-D12636","https://templates.business-in-a-box.com/imgs/250px/12636.png",{"description":86,"descriptionCustom":6,"label":87,"pages":88,"size":9,"extension":10,"preview":89,"thumb":90,"svgFrame":91,"seoMetadata":92,"parents":94,"keywords":93,"url":99},"ACCEPTABLE USE POLICY OVERVIEW This Acceptable Use Policy governs the use and security of all information and computer equipment from [COMPANY NAME]. It also covers the use of email, the internet, voice and mobile computing equipment. This policy applies to all information, in any form, relating to the business activities of [COMPANY NAME] worldwide, and to all information processed by [COMPANY NAME] about other organizations with which it deals. This policy also covers all IT and information communication facilities operated by or on behalf of [COMPANY NAME]. Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of [COMPANY NAME]. These systems are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations. [COMPANY NAME] is committed to protecting his employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. It is the responsibility of every [COMPANY NAME] computer user to know these guidelines, and to conduct their activities accordingly. PURPOSE The purpose of this policy is to outline the acceptable use of computer equipment at [COMPANY NAME]. These rules are in place to protect the employee and [COMPANY NAME]. Inappropriate use exposes [COMPANY NAME] to risks including virus attacks, compromise of network systems and services, and legal issues. SCOPE This policy applies to employees, contractors, consultants, temporary workers and other workers of [COMPANY NAME], including all personnel affiliated with third parties. This policy applies to all equipment owned or leased by [COMPANY NAME]. It also applies to the use of information, electronic and computer equipment and network resources to conduct business activities or interact with internal networks and business systems, whether owned or leased by [COMPANY NAME], the employee or a third party. All employees, contractors, consultants, temps and other workers of [COMPANY NAME] and its subsidiaries are responsible for exercising judgment with respect to the appropriate use of information, electronic devices and network resources in accordance with [COMPANY NAME] policies and standards and local laws and regulations. INDIVIDUAL'S RESPONSIBILITY Access to the [COMPANY NAME] IT systems is controlled by the use of User IDs, passwords and/or tokens. All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the [COMPANY NAME] IT systems. Individuals must not: Allow anyone else to use their user ID/token and password on any [COMPANY NAME] IT system. Leave their user accounts logged in at an unattended and unlocked computer. Use someone else's user ID and password to access [COMPANY NAME]'s IT systems. Leave their password unprotected (for example writing it down). Perform any unauthorised changes to [COMPANY NAME]'s IT systems or information. Attempt to access data that they are not authorised to use or access. Exceed the limits of their authorisation or specific business need to interrogate the system or data. Connect any non-([COMPANY NAME] authorised device to the [COMPANY NAME] network or IT systems. Store [COMPANY NAME] data on any non-authorized [COMPANY NAME] equipment. Give or transfer [COMPANY NAME] data or software to any person or organisation. outside [COMPANY NAME] without the authority of [COMPANY NAME]. Line managers must ensure that individuals receive clear directives on the extent and limits of their authority over computer systems and data. INTERNET AND EMAIL The use of the internet and email of [COMPANY NAME] is intended for professional purposes. Personal use is permitted when it does not affect the individual's professional performance, does not in any way harm [COMPANY NAME], does not violate any terms and conditions of employment and does not place the individual or [COMPANY NAME] in violation of legal or other obligations. All individuals are therefore responsible for their actions on the internet as well as when using email systems. Individuals must not: Use the internet or email for harassment or abuse. Use blasphemies, obscenities or disrespectful remarks in communications. Access, upload, send or receive data (including images) that [COMPANY NAME] considers offensive in any way, including sexually explicit, discriminatory, defamatory or libelous material. Use the internet or email to make personal gains or run a personal business. Use the internet or email to play. Use email systems in a way that could affect their reliability or efficiency, for example by distributing chain letters or spam. Place on the internet any information relating to [COMPANY NAME], modify any information concerning it or express any opinion on [COMPANY NAME], unless they are expressly authorized to do so. Send sensitive or confidential information that is not protected to the outside world. Use of unsolicited email originating from within [COMPANY NAME] 's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by [COMPANY NAME] or connected via 's network. Forward business email to personal email accounts (for example, Gmail account). Make official commitments by internet or email on behalf of [COMPANY NAME], unless authorized to do so. Download copyrighted material such as music media files (MP3), films and videos (non-exhaustive list) without appropriate approval. In any way, violate copyright, database rights, trademarks or other intellectual property rights. Download any software from the internet without the prior consent of the IT department. Connect [COMPANY NAME] devices to the internet using non-standard connections. GENERAL USE OWNERSHIP [COMPANY NAME] proprietary information stored on electronic and computing devices whether owned or leased by [COMPANY NAME], remains the sole property of [COMPANY NAME]. You must ensure through legal or technical means that proprietary information is protected in accordance with the data protection standards. You have a responsibility to promptly report the theft, loss or unauthorized disclosure of [COMPANY NAME] proprietary information. You may access, use or share [COMPANY NAME] proprietary information only to the extent it is authorized and necessary to perform the tasks assigned to you. ","Acceptable Use Policy","7","https://templates.business-in-a-box.com/imgs/1000px/acceptable-use-policy-D12622.png","https://templates.business-in-a-box.com/imgs/250px/12622.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12622.xml",{"title":93,"description":6},"acceptable use policy",[95,97],{"label":18,"url":96},"human-resources",{"label":21,"url":98},"company-policies","/template/acceptable-use-policy-D12622",{"description":101,"descriptionCustom":6,"label":102,"pages":103,"size":9,"extension":10,"preview":104,"thumb":105,"svgFrame":106,"seoMetadata":107,"parents":109,"keywords":108,"url":112},"REMOTE WORK AGREEMENT This Remote Work Agreement (the \"Agreement\") is effective [DATE], BETWEEN: [NAME OF THE EMPLOYER], (the \"Employer\" or \"Company\"), a Company organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] AND: [NAME OF THE EMPLOYEE], (the \"Employee\"), an individual with their main address located at: [COMPLETE ADDRESS] Collectively, the Employer and the Employee shall be referred to as the \"Parties.\" WHEREAS, the Company has made an offer to the Employee to work remotely in the capacity of [JOB TITLE] at the Company; NOW THEREFORE in consideration and as a condition of the Parties entering into this Agreement and other valuable considerations, the receipt and sufficiency of which consideration is acknowledged, the Parties agree as follows: APPOINTMENT The Company hereby offers the Employee appointment, and the Employee agrees to serve the Company to work remotely in the capacity of [JOB TITLE] as of [DATE] (the \"Effective Date\"). PROBATION PERIOD The Employee will be on a Probation Period for a period of [MONTHS/DAYS]. The Employee's confirmation as a permanent employee is subject to the Employee making a positive contribution to the Company and is further subject to meeting certain standards and qualifying criteria during the Probation Period. PLACE OF WORK The Employee shall perform their duties at the location of their choice. The Employee will report to the [SPECIFY THE DESIGNATION] on a needs basis in the following manner: [SPECIFY THE MANNER OF COMMUNICATION]. REMOTE WORK While working remotely, the Employee will remain accessible during the remote work. The Employee will check in with the supervisor to discuss status and open issues and be available for video/teleconferences, scheduled on an as-needed basis. The Employee will take rest and meal breaks while working remotely in full compliance with all applicable policies or collective bargaining agreements, and request supervisor approval to use vacation or sick leave. To ensure that the Employee's performance will not suffer in a remote work arrangement, the Employee is advised to choose a quiet and distraction-free working space, have an internet connection that is adequate for their job and dedicate their full attention to their job duties during working hours. Equipment. The Company will provide the Employee with equipment that is essential to their job duties, like laptops and headsets. The Employee will install VPN and company-required software when the Employee receives their equipment. The Employee must keep their equipment password protected, follow all data encryption, protection standards and settings, and refrain from downloading suspicious, unauthorized or illegal software. NOTICE PERIOD During the Probation Period, if the Employee's performance is found to be unsatisfactory or if it does not meet the prescribed criteria, the Employee's employment can be terminated by the Company with [NUMBER OF DAYS] day's notice or salary thereof. The Employee will be required to give [NUMBER OF MONTHS] months' notice or salary thereof in case the Employee decides to leave the Company. DUTIES The Employee shall perform all such duties as may be delegated by the Company and comply with all such directions as the Managing Director and/or his/her nominated deputies may from time to time assign or give to the Employee. [SPECIFY DUTIES] WORKING HOURS The total working hours will be [SPECIFY HOURS] hours on Mondays to Saturdays. It is expected that the Employee will be flexible with the working hours and work such additional hours as might be necessary to efficiently perform duties under this Agreement. The Company reserves the right to change the working days and the working hours. The Employee shall be entitled to leave and holidays as per the Leave Policy of the Company. In the event the Employee is absent from work and unable to perform duties satisfactorily by reason of any injury, illness or other reason acceptable to the Company, the Employee will be entitled to receive salary and other benefits for up to [NUMBER OF DAYS] consecutive working days during any such absence, within a period of 12 consecutive months. REMUNERATION The Employee's starting total monthly gross salary and during the Probation Period will be as per details in the annexure, hereinafter known as Exhibit A. Any bonus is subject to review in accordance with the Company's practice and policies from time to time, however, there shall be no obligation on the Company to increase the salary or award bonuses at any point of time, save and except at its sole discretion. The Company shall pay or refund or procure to be paid or refunded all reasonable travelling and other similar out of pocket expenses necessarily and incurred by the Employee wholly in the proper performance of duties, subject to production by the Employee of such evidence of the expenses as the Company may reasonably require. The Employee will be required to fill in the claims forms in which the Employee shall provide the correct information of the expenses incurred. CONFIDENTIALITY AND INTELLECTUAL PROPERTY If at any time during the Employee's employment under this Agreement, the Employee participates in the making or discovery of any Intellectual Property directly or indirectly relating to or capable of being used by the Company, full details of the Intellectual Property shall immediately be disclosed in writing by the Employee to the Company and the Intellectual Property shall be the absolute property of the Company. At the request and expense of the Company, the Employee shall give and supply all such information, data, drawings, and assistance as may be necessary or in the opinion of the Company desirable to enable the Company to exploit the Intellectual Property to the best advantage as decided by the Company. The Employee shall execute all documents and do all things which may, in the opinion of the Company, be necessary or desirable for obtaining copyright, design or other protection for the Intellectual Property and for vesting the same in the Company, as the Company may direct. As Confidential Information will from time to time become known to the Employee, the Company considers and the Employee agrees that the restraints set forth in this Agreement are necessary for the reasonable protection by the Company of its business or the business of the Group, the clients thereof or their respective affairs. The Employee shall not at any time, either during the continuance of or after the termination of Employment with the Company, use, disclose or communicate to any person whatsoever any Confidential Information which the Employee has or of which he may have become possessed during employment with the Company nor shall he supply the names or addresses of any clients, customers, vendors or agents of the Company or any company of the Group to any person except as authorised by the Company or as ordered by a court of competent jurisdiction. The Employee consents to the Company holding and processing, both electronically and manually, the data it collects relating to the Employee in the course of employment, for the purpose of the Company's administration and management of its employees, its business and to comply with applicable procedures, laws and regulations. ","Remote Work Agreement","8","https://templates.business-in-a-box.com/imgs/1000px/remote-work-agreement-D13282.png","https://templates.business-in-a-box.com/imgs/250px/13282.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13282.xml",{"title":108,"description":6},"remote work agreement",[110,111],{"label":18,"url":96},{"label":21,"url":98},"/template/remote-work-agreement-D13282",{"description":114,"descriptionCustom":6,"label":115,"pages":116,"size":117,"extension":10,"preview":118,"thumb":119,"svgFrame":120,"seoMetadata":121,"parents":122,"keywords":125,"url":126},"Employee Handbook Understanding employment at [YOUR COMPANY NAME] Revised on [DATE] Prepared By: [YOUR NAME] [YOUR JOB TITLE] Phone 555.555.5555 Email info@yourbusiness.com www.yourbusiness.com Table of Content Table of Content 2 Welcome to [YOUR COMPANY NAME]! 5 1. Organization Description 6 1.1 Introductory Statement 6 1.2 Customer Relations 6 1.3 Products and Services Provided 7 1.4 Facilities and Location(s) 7 1.5 The History of [YOUR COMPANY NAME] 7 1.6 Management Philosophy 7 1.7 Goals 8 2. The Employment 9 2.1 Nature of Employment 9 2.2 Employee Relations 9 2.3 Equal Employment Opportunity 10 2.4 Diversity 10 2.5 Business Ethics and Conduct 12 2.6 Personal Relationships in the Workplace 13 2.7 Conflicts of Interest 13 2.8 Outside Employment 14 2.9 Non-Disclosure 15 2.10 Disability Accommodation 16 2.11 Job Posting and Employee Referrals 17 2.12 Whistleblower Policy 18 2.13 Accident and First Aid 20 3. Employment Status and Records 21 3.1 Employment Categories 21 3.2 Access to Personnel Files 22 3.3 Personnel Data Changes 23 3.4 Probation Period 23 3.5 Employment Applications 24 3.6 Performance Evaluation 24 3.7 Job Descriptions 25 3.8 Salary Administration 25 3.9 Professional Development 26 4. Employee Benefit Programs 27 4.1 Employee Benefits 27 4.2 Vacation Benefits 27 4.3 Military Service Leave 29 4.4 Religious Observance 29 4.5 Holidays 29 4.6 Workers Insurance 30 4.7 Sick Leave Benefits 31 4.8 Bereavement Leave 32 4.9 Relocation Benefits 33 4.10 Educational Assistance 33 4.11 Health Insurance 34 4.12 Life Insurance 35 4.13 Long Term Disability 35 4.14 Marriage, Maternity and Parental Leave 36 5. Timekeeping / Payroll 40 5.1 Timekeeping 40 5.2 Paydays 40 5.3 Employment Termination 41 5.4 Administrative Pay Corrections 42 6. Work Conditions and Hours 43 6.1 Work Schedules 43 6.2 Absences 43 6.3 Jury Duty 45 6.4 Use of Phone and Mail Systems 45 6.5 Smoking 46 6.6 Meal Periods 46 6.7 Overtime 46 6.8 Use of Equipment 47 6.9 Telecommuting 47 6.10 Emergency Closing 48 6.11 Business Travel Expenses 49 6.12 Visitors in the Workplace 51 6.13 Computer and Email Usage 51 6.14 Internet Usage 52 6.15 Workplace Monitoring 54 6.16 Workplace Violence Prevention 55 7. Employee Conduct & Disciplinary Action 57 7.1 Employee Conduct and Work Rules 57 7.2 Sexual and Other Unlawful Harassment 58 7.3 Attendance and Punctuality 60 7.4 Personal Appearance 60 7.5 Return of Property 61 7.6 Resignation and Retirement 61 7.7 Security Inspections 62 7.8 Progressive Discipline 62 7.9 Problem Resolution 64 7.10 Workplace Etiquette 65 7.11 Suggestion Program 67 Acknowledgement of Receipt 68 Welcome to [YOUR COMPANY NAME]! On behalf of your colleagues, we welcome you to [YOUR COMPANY NAME] and wish you every success here. At [YOUR COMPANY NAME], we believe that each employee contributes directly to the growth and success of the company, and we hope you will take pride in being a member of our team. This handbook was developed to describe some of the expectations of our employees and to outline the policies, programs, and benefits available to eligible employees. Employees should become familiar with the contents of the employee handbook as soon as possible, for it will answer many questions about employment with [YOUR COMPANY NAME]. We believe that professional relationships are easier when all employees are aware of the culture and values of the organization. This guide will help you to better understand our vision for the future of our business and the challenges that are ahead. We hope that your experience here will be challenging, enjoyable, and rewarding. Again, welcome! [PRESIDENT NAME] President & CEO 1. Organization Description 1.1 Introductory Statement This handbook is designed to acquaint you with [YOUR COMPANY NAME] and provide you with information about working conditions, employee benefits, and some of the policies affecting your employment. You should read, understand, and comply with all provisions of the handbook. It describes many of your responsibilities as an employee and outlines the programs developed by [YOUR COMPANY NAME] to benefit employees. One of our objectives is to provide a work environment that is conducive to both personal and professional growth. No employee handbook can anticipate every circumstance or question about policy. As [YOUR COMPANY NAME] continues to grow, the need may arise and [YOUR COMPANY NAME] reserves the right to revise, supplement, or rescind any policies or portion of the handbook from time to time as it deems appropriate, in its sole and absolute discretion. Employees will be notified of such changes to the handbook as they occur. 1.2 Customer Relations Customers are among our organization's most valuable assets. Every employee represents [YOUR COMPANY NAME] to our customers and the public. The way we do our jobs presents an image of our entire organization. Customers judge all of us by how they are treated with each employee contact. Therefore, one of our first business priorities is to assist any customer or potential customer. Nothing is more important than being courteous, friendly, helpful, and prompt in the attention you give to customers. [YOUR COMPANY NAME] will provide customer relations and services training to all employees with extensive customer contact. Customers who wish to lodge specific comments or complaints should be directed to the [TITLE AND NAME OF THE PERSON RESPONSIBLE] for appropriate action. Our personal contact with the public, our manners on the telephone, and the communications we send to customers are a reflection not only of ourselves, but also of the professionalism of [YOUR COMPANY NAME]. Positive customer relations not only enhance the public's perception or image of [YOUR COMPANY NAME], but also pay off in greater customer loyalty and increased sales and profit. 1.3 Products and Services Provided You will find more information about our products and services by reading the [YOUR COMPANY NAME] Corporate Brochures. 1.4 Facilities and Location(s) Head Office: [ADDRESS] [CITY], [STATE] [ZIP/POSTAL CODE] [COUNTRY] 1.5 The History of [YOUR COMPANY NAME] [DESCRIBE THE HISTORY OF YOUR COMPANY HERE] 1.6 Management Philosophy [YOUR COMPANY NAME] management philosophy is based on responsibility and mutual respect. Our wishes are to maintain a work environment that fosters on personal and professional growth for all employees. Maintaining such an environment is the responsibility of every staff person. Because of their role, managers and supervisors have the additional responsibility to lead in a manner which fosters an environment of respect for each person. People who come to [YOUR COMPANY NAME] want to work here because we have created an environment that encourages creativity and achievement. [YOUR COMPANY NAME] aims to become a leader in [DESCRIBE YOUR COMPANY'S FIELD OF EXPERTISE]. The mainstay of our strategy will be to offer a level of client focus that is superior to that offered by our competitors. To help achieve this objective, [YOUR COMPANY NAME] seeks to attract highly motivated individuals that want to work as a team and share in the commitment, responsibility, risk taking, and discipline required to achieve our vision. Part of attracting these special individuals will be to build a culture that promotes both uniqueness and a bias for action. While we will be realistic in setting goals and expectations, [YOUR COMPANY NAME] will also be aggressive in reaching its objectives. This success will in turn enable [YOUR COMPANY NAME] to give its employees above average compensation and innovative benefits or rewards, key elements in helping us maintain our leadership position in the worldwide marketplace. 1.7 Goals [DESCRIBE YOUR COMPANY'S GOALS HERE] 2. The Employment 2","Employee Handbook","34",280,"https://templates.business-in-a-box.com/imgs/1000px/employee-handbook-D712.png","https://templates.business-in-a-box.com/imgs/250px/712.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#712.xml",{"title":6,"description":6},[123,124],{"label":18,"url":96},{"label":21,"url":98},"employee handbook","/template/employee-handbook-D712",{"description":128,"descriptionCustom":6,"label":129,"pages":8,"size":9,"extension":10,"preview":130,"thumb":131,"svgFrame":132,"seoMetadata":133,"parents":135,"keywords":134,"url":142},"NON-DISCLOSURE AGREEMENT (NDA) This Non-Disclosure Agreement (the \"Agreement\") is made and effective [DATE], BETWEEN: [YOUR COMPANY NAME] (the \"Disclosing Party\"), a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [YOUR COMPLETE ADDRESS] AND: [RECEIVING PARTY NAME] (the \"Receiving Party\"), an individual with his main address located at OR a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] WHEREAS, Receiving Party has been or will be engaged in the performance of work on [DESCRIBE]; and in connection therewith will be given access to certain confidential and proprietary information; and WHEREAS, Receiving Party and Disclosing Party wish to evidence by this Agreement the manner in which said confidential and proprietary material will be treated. NOW, THEREFORE, it is agreed as follows: NON-DISCLOSURE OF CONFIDENTIAL INFORMATION Both Parties understand and agree that each Party may have access to the confidential information of the other party. For the purposes of this Agreement, \"Confidential Information\" means proprietary and confidential information about the Disclosing Party's (or it's suppliers') business or activities. Such information includes all business, financial, technical, and other information marked or designated by such Party as \"confidential\" or \"proprietary.\" Confidential Information also includes information which, by the nature of the circumstances surrounding the disclosure, ought in good faith to be treated as confidential. For the purposes of this Agreement, Confidential Information does not include: Information that is currently in the public domain or that enters the public domain after the signing of this Agreement. Information a Party lawfully receives from a third Party without restriction on disclosure and without breach of a non-disclosure obligation. Information that the Receiving Party knew prior to receiving any Confidential Information from the Disclosing Party. Information that the Receiving Party independently develops without reliance on any Confidential Information from the Disclosing Party. Each Party agrees that it will not disclose to any third Party or use any Confidential Information disclosed to it by the other Party except when expressly permitted in writing by the other Party. Each Party also agrees that it will take all reasonable measures to maintain the confidentiality of all Confidential Information of the other Party in its possession or control. TERM The term of this Agreement is [number] of [years/months] from the date of execution by both Parties. TITLE The Receiving Party agrees that all Confidential Information furnished by the Disclosing Party shall remain the sole property of the Disclosing Party. DISCLAIMER","Non Disclosure Agreement Nda","https://templates.business-in-a-box.com/imgs/1000px/non-disclosure-agreement-nda-D12692.png","https://templates.business-in-a-box.com/imgs/250px/12692.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12692.xml",{"title":134,"description":6},"non disclosure agreement nda",[136,139],{"label":137,"url":138},"Legal Agreements","business-legal-agreements",{"label":140,"url":141},"Confidentiality Agreements","confidentiality-agreement","/template/non-disclosure-agreement-nda-D12692",{"description":144,"descriptionCustom":6,"label":145,"pages":8,"size":9,"extension":10,"preview":146,"thumb":147,"svgFrame":148,"seoMetadata":149,"parents":151,"keywords":150,"url":154},"TECHNOLOGY POLICY INTENT The primary intent of this Policy is to increase protection of Technology Resources to assure the usability and availability of those resources to all users at [COMPANY NAME] (the \"Company\"). The Policy also addresses privacy and usage guidelines for those who access the Company's Technology Resources. SCOPE The Company recognizes the vital role technology plays in effecting Company business as well as the importance of protecting information in all forms. As more information is being used and shared in digital format by authorized users, the need for an increased effort to protect the information and the Technology Resources that support it, is felt by the Company, and hence this Policy. Since a limited amount of personal use of these facilities is permitted by the Company for users, including computers, printers, email, software and Internet access, therefore, it is essential that these facilities are used responsibly by users, as any abuse has the potential to disrupt Company business and interfere with the work and/or rights of other users. It is therefore expected of all users to exercise responsible and ethical behavior while using the Company's technology facilities. DEFINITION Information Technology. Information Technology Resources for the purposes of this Policy include but are not limited to the Company's owned or those used under license or contract, or those devices not owned by the Company but intentionally connected to the Company's owned Technology Resources such as computer hardware, printers, fax machines, voicemail, software, email and Internet and intranet access. User. Anyone who has access to Company's Technology Resources, including but not limited to, all employees, temporary employees, probationers, contractors, vendors, and suppliers. ACCESS CONTROL All the Company's computers that are either permanently or temporarily connected to the internal computer networks must have a password-based access control system. Regardless of the network connections, all computers handling confidential information must also employ appropriate password-based access control systems. All in-bound connections to the Company's computers from external networks must be protected with an approved password or ID access control system. Modems may only be used after receiving the written approval of the IT Head and must be turned off when not in use. All access control systems must utilize user-IDs, passwords, and privilege restrictions unique to each user. Users are prohibited from logging into any Company's system anonymously. To prevent unauthorized access, all vendor-supplied default passwords must be changed before use. Access to the server room is restricted with an RFID lock and only recognized IT staff or someone with due authorization from the IT Head is permitted to enter the room. Users shall not make copies of system configuration files (e.g., passwords) for their own, unauthorized personal use or to provide to other users for unauthorized uses.","Technology Policy","https://templates.business-in-a-box.com/imgs/1000px/technology-policy-D13285.png","https://templates.business-in-a-box.com/imgs/250px/13285.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13285.xml",{"title":150,"description":6},"technology policy",[152,153],{"label":137,"url":138},{"label":137,"url":138},"/template/technology-policy-D13285",{"description":156,"descriptionCustom":6,"label":157,"pages":8,"size":9,"extension":10,"preview":158,"thumb":159,"svgFrame":160,"seoMetadata":161,"parents":163,"keywords":166,"url":167},"DATA BREACH RESPONSE & NOTIFICATION POLICY INTRODUCTION The Data Breach Response and Notification Policy of [COMPANY NAME] outlines the procedures and responsibilities for responding to data breaches and ensuring that affected individuals and regulatory authorities are promptly and accurately informed. This Policy is designed to minimize the impact of data breaches, protect sensitive information, and comply with applicable data protection laws and regulations. PURPOSE The purpose of this Policy is to: Establish a framework for detecting, assessing, and responding to data breaches. Define the process for notifying affected individuals, regulatory authorities, and other relevant parties. Ensure that data breaches are managed in a transparent, responsible, and compliant manner. DEFINITIONS Data Breach: The unauthorized access, acquisition, use, disclosure, or destruction of personal or sensitive information that compromises its security, confidentiality, or integrity. DATA BREACH RESPONSE TEAM [COMPANY NAME] will establish a Data Breach Response Team (DBRT) consisting of designated individuals responsible for managing data breaches. The DBRT may include representatives from IT, Legal, HR, and other relevant departments. DETECTION AND ASSESSMENT The DBRT will promptly investigate and assess suspected or confirmed data breaches to determine their scope, impact, and severity. The assessment will include identifying the type of data involved, the number of affected individuals, potential risks, and applicable data protection regulations. CONTAINMENT AND MITIGATION ","Data Breach Response and Notification Policy","https://templates.business-in-a-box.com/imgs/1000px/data-breach-response-and-notification-policy-D13650.png","https://templates.business-in-a-box.com/imgs/250px/13650.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13650.xml",{"title":162,"description":6},"data breach response and notification policy",[164,165],{"label":18,"url":96},{"label":21,"url":98},"data breach response notification policy","/template/data-breach-response-and-notification-policy-D13650",false,{"seo":170,"reviewer":180,"quick_facts":184,"at_a_glance":186,"personas":190,"variants":215,"glossary":241,"sections":271,"how_to_fill":322,"common_mistakes":358,"faqs":375,"industries":403,"comparisons":420,"diy_vs_pro":433,"educational_modules":446,"related_template_ids_curated":449,"schema":458,"classification":460},{"meta_title":171,"meta_description":172,"primary_keyword":173,"secondary_keywords":174},"Clean Desk Policy Template (Free Word)","Free clean desk policy template for offices and remote teams. Covers document handling, screen locking, secure storage, and compliance. Used in 190+ countries. Free Word and PDF download.","clean desk policy template",[15,175,176,177,178,179],"clean desk policy example","clean desk policy word","office security policy template","clean desk and clear screen policy","clean desk policy iso 27001",{"name":181,"credential":182,"reviewed_date":183},"Bruno Goulet","CEO, Business in a Box","2026-05-02",{"difficulty":185,"legal_review_recommended":168,"signature_required":168},"medium",{"what_it_is":187,"when_you_need_it":188,"whats_inside":189},"A Clean Desk Policy is a written workplace rule requiring employees to clear their workstations of sensitive documents, removable media, and confidential materials at the end of each working day or when leaving their desk unattended. This free Word download gives you a ready-to-edit template covering physical document handling, screen-locking requirements, secure storage, and visitor access controls — exportable as PDF and ready to distribute to staff.\n","Use it when implementing or renewing an information security program, preparing for ISO 27001 or SOC 2 certification, onboarding employees in roles that handle confidential data, or responding to an audit finding that physical security controls are undocumented.\n","Purpose and scope, definitions of sensitive materials, desk and workstation rules, clear screen requirements, secure storage procedures, visitor and shared-space protocols, compliance and enforcement steps, and an employee acknowledgement section.\n",[191,195,199,203,207,211],{"title":192,"use_case":193,"icon_asset_id":194},"IT and information security managers","Documenting physical security controls for ISO 27001 or SOC 2 audits","persona-it-manager",{"title":196,"use_case":197,"icon_asset_id":198},"HR managers","Incorporating workspace conduct rules into the employee handbook","persona-hr-manager",{"title":200,"use_case":201,"icon_asset_id":202},"Office managers","Setting consistent workstation standards across open-plan or hot-desk offices","persona-office-manager",{"title":204,"use_case":205,"icon_asset_id":206},"Compliance officers","Meeting HIPAA, GDPR, or PCI-DSS physical safeguard requirements","persona-compliance-officer",{"title":208,"use_case":209,"icon_asset_id":210},"Small business owners","Establishing a baseline security posture before client or partner audits","persona-small-business-owner",{"title":212,"use_case":213,"icon_asset_id":214},"Remote work coordinators","Extending clean desk rules to home offices and shared co-working spaces","persona-operations-director",[216,219,222,226,230,234,238],{"situation":217,"recommended_template":7,"slug":218},"General office environment with assigned desks","clean-desk-policy-D12629",{"situation":220,"recommended_template":221,"slug":218},"Hot-desking or flexible seating arrangement","Hot Desk Clean Desk Policy",{"situation":223,"recommended_template":224,"slug":225},"Remote or hybrid workforce working from home","Remote Work Security Policy","remote-work-agreement-D13282",{"situation":227,"recommended_template":228,"slug":229},"Healthcare organization subject to HIPAA","HIPAA Workstation Security Policy","security-policy-D12645",{"situation":231,"recommended_template":232,"slug":233},"Organization pursuing ISO 27001 certification","ISO 27001 Information Security Policy","information-security-policy-D13552",{"situation":235,"recommended_template":236,"slug":237},"Office with frequent external visitors or contractors","Visitor Access and Security Policy","workplace-security-and-access-control-policy-D13865",{"situation":239,"recommended_template":87,"slug":240},"Combined physical and digital security rollout","acceptable-use-policy-D12622",[242,244,247,250,253,256,259,262,265,268],{"term":7,"definition":243},"A workplace rule requiring employees to secure or remove sensitive materials from their workstation whenever they are away from their desk.",{"term":245,"definition":246},"Clear Screen Policy","A companion rule requiring employees to lock or log off their computer screen when leaving their workstation, preventing unauthorized viewing of on-screen data.",{"term":248,"definition":249},"Sensitive Information","Any data — paper or digital — that could cause harm if disclosed to unauthorized parties, including personally identifiable information, financial records, and trade secrets.",{"term":251,"definition":252},"Removable Media","Portable storage devices such as USB drives, external hard drives, SD cards, and optical discs that can carry data off-premises.",{"term":254,"definition":255},"ISO 27001","An international standard for information security management systems that explicitly references clean desk and clear screen controls as physical security measures.",{"term":257,"definition":258},"SOC 2","An auditing framework for service organizations that evaluates security, availability, and confidentiality controls — physical workstation security is often reviewed.",{"term":260,"definition":261},"Need-to-Know Principle","The practice of restricting access to confidential information only to individuals whose role requires it.",{"term":263,"definition":264},"Tailgating","A physical security breach where an unauthorized person enters a secured area by following an authorized employee through a controlled door.",{"term":266,"definition":267},"Data Classification","A system that labels information by sensitivity level — such as public, internal, confidential, and restricted — to guide handling and storage requirements.",{"term":269,"definition":270},"Secure Disposal","The destruction of physical documents or digital media in a way that makes recovery impossible, typically through cross-cut shredding or certified media wiping.",[272,277,282,287,292,297,302,307,312,317],{"name":273,"plain_english":274,"sample_language":275,"common_mistake":276},"Purpose and objectives","Explains why the policy exists — protecting sensitive information from unauthorized access, supporting regulatory compliance, and reducing the risk of data breaches caused by physical exposure.","This Clean Desk Policy establishes minimum standards for securing physical and digital information at [COMPANY NAME] workstations. Its purpose is to reduce the risk of unauthorized access, loss, or theft of confidential information and to support compliance with [APPLICABLE FRAMEWORKS / REGULATIONS].","Writing a purpose statement so generic it could apply to any policy. Name the specific risks — a visitor photographing a whiteboard, a cleaner seeing a printed contract — so employees understand the real-world threat.",{"name":278,"plain_english":279,"sample_language":280,"common_mistake":281},"Scope and applicability","Defines which employees, locations, and workspace types the policy covers — including remote workers, contractors, and shared co-working spaces.","This policy applies to all [COMPANY NAME] employees, contractors, and third-party personnel who access company premises or use company-issued equipment, including those working from home or co-working facilities.","Limiting scope to the main office only. Remote employees handling confidential data on home desks present the same physical security risk and must be explicitly included.",{"name":283,"plain_english":284,"sample_language":285,"common_mistake":286},"Definitions of sensitive materials","Lists the categories of information covered — printed documents, removable media, access credentials, physical keys, and any materials marked confidential or restricted.","Sensitive materials include, but are not limited to: printed documents classified as [CONFIDENTIAL / RESTRICTED], USB drives and removable media containing company data, written passwords or access codes, physical keys or access cards, and client or patient records.","Omitting written passwords and access cards from the definition. Sticky notes with login credentials left on a monitor are among the most common physical security lapses.",{"name":288,"plain_english":289,"sample_language":290,"common_mistake":291},"Workstation rules during working hours","Specifies what employees must do while at their desk — keeping only active work materials on the surface, not leaving printed documents unattended, and immediately collecting items from shared printers.","Employees shall: keep only documents actively in use on their desk surface; retrieve printed materials from shared printers immediately after printing; not leave client files, contracts, or personnel records visible when speaking with visitors; and store inactive documents in designated locked storage.","Focusing only on end-of-day rules and ignoring daytime behavior. A printed client list left unattended at lunch creates the same exposure as one left overnight.",{"name":293,"plain_english":294,"sample_language":295,"common_mistake":296},"End-of-day desk clearance requirements","States exactly what must be secured, stored, or shredded before an employee leaves for the day — the core enforcement rule of the policy.","Before leaving the office at end of day or for an extended absence, employees must: file or lock all documents in [LOCKED DRAWER / FILING CABINET]; shred documents containing sensitive information that are no longer needed; remove all removable media and store in a locked location; and clear whiteboards and physical notepads of confidential content.","Saying 'secure all sensitive documents' without specifying how or where. Employees need a named storage location — a locked drawer, a filing cabinet room, a secure drop box — to comply consistently.",{"name":298,"plain_english":299,"sample_language":300,"common_mistake":301},"Clear screen and device locking rules","Requires employees to lock their computer screen whenever they leave their desk, even briefly, and to set an automatic screen lock after a defined idle period.","Employees must lock their workstation screen (Windows: Win+L; Mac: Ctrl+Cmd+Q) whenever leaving their desk for any reason. Screens must be configured to lock automatically after [5–10] minutes of inactivity. Laptop screens must be closed when left unattended in public spaces.","Setting the auto-lock timeout too long — 30 minutes is the most common misconfiguration. A 10-minute window is sufficient for most roles; high-security environments should use 5 minutes.",{"name":303,"plain_english":304,"sample_language":305,"common_mistake":306},"Visitor and shared-space protocols","Covers how employees should handle sensitive materials when external visitors, clients, or contractors are present in work areas.","When visitors are present in work areas, employees must: turn face-down or remove any documents classified as [CONFIDENTIAL / RESTRICTED]; not leave visitors unaccompanied near workstations containing sensitive materials; and escort visitors through access-controlled areas at all times.","Treating visitor protocols as optional courtesy rather than mandatory procedure. A single unescorted visitor walking through an open office can photograph dozens of documents in seconds.",{"name":308,"plain_english":309,"sample_language":310,"common_mistake":311},"Secure storage and disposal procedures","Describes the approved storage locations for sensitive documents and the required disposal method — cross-cut shredding, locked shred bins, or certified destruction services.","Sensitive documents must be stored in [LOCKED FILING CABINETS / SECURE DOCUMENT ROOM] when not in active use. Documents no longer required must be disposed of using [CROSS-CUT SHREDDER / LOCKED SHRED BIN serviced by VENDOR NAME]. Removable media must be wiped using [APPROVED SOFTWARE] or physically destroyed before disposal.","Relying on a single communal shred bin with no lock. Unlocked shred bins in open areas are accessible to anyone in the building, defeating the purpose of the disposal control.",{"name":313,"plain_english":314,"sample_language":315,"common_mistake":316},"Compliance, enforcement, and exceptions","States how compliance will be monitored — spot checks, audit walkthroughs, or automated screen-lock reports — and what happens when the policy is violated.","Compliance with this policy will be verified through [SCHEDULED / RANDOM] desk audits conducted by [ROLE / DEPARTMENT]. Violations will be addressed in accordance with [COMPANY NAME]'s disciplinary procedure. Requests for exceptions must be submitted to [IT SECURITY MANAGER / HR] with documented business justification.","Defining violations with no graduated consequence. A single 'termination for any breach' clause discourages reporting and makes enforcement inconsistent — use a tiered system from verbal warning to formal disciplinary action.",{"name":318,"plain_english":319,"sample_language":320,"common_mistake":321},"Employee acknowledgement","A sign-off section where the employee confirms they have read, understood, and agreed to comply with the policy — creating a documented record for HR and compliance purposes.","I, [EMPLOYEE NAME], acknowledge that I have read and understood the Clean Desk Policy and agree to comply with its requirements. Signature: _______________ Date: [DATE] Manager: _______________","Making acknowledgement optional or collecting it only at onboarding. Re-acknowledgement should be required after any material policy update, typically on an annual cycle.",[323,328,333,338,343,348,353],{"step":324,"title":325,"description":326,"tip":327},1,"Customize the scope and applicability section","Enter your company name and define which locations, employee types, and work arrangements the policy covers. Explicitly include remote workers, contractors, and anyone who handles company data off-site.","If you operate in multiple countries, note any jurisdiction-specific data protection rules (e.g., GDPR for EU employees) that reinforce the policy rationale.",{"step":329,"title":330,"description":331,"tip":332},2,"Define your data classification levels","List the sensitivity categories used in your organization — such as public, internal, confidential, and restricted — and map each category to the storage and handling requirements in the policy.","Align your classification labels with those already used in your IT acceptable-use or data-handling policy so employees see a consistent framework.",{"step":334,"title":335,"description":336,"tip":337},3,"Specify storage locations by name","Replace generic references to 'secure storage' with the actual locations available to employees — a locked desk drawer, a key-coded filing room, or a shared secure cabinet. Vague instructions produce inconsistent behavior.","Walk the office before finalizing this section. If the named storage location is inconvenient to use, employees will ignore it.",{"step":339,"title":340,"description":341,"tip":342},4,"Set the screen-lock idle timeout","Enter the maximum idle time before automatic screen lock — 5 minutes for high-security environments, 10 minutes for standard offices. Confirm with IT that this setting can be enforced via Group Policy or MDM.","Coordinate the policy timeout with the IT team's GPO settings before publishing, so the stated rule matches the technical control already in place.",{"step":344,"title":345,"description":346,"tip":347},5,"Define the disposal method and vendor","Name the shredder model or shred-bin vendor used at each location. If you use a certified destruction service, add their name and the collection schedule so employees know when bins are emptied.","Include a note on electronic media disposal — employees often overlook USB drives and printed reports equally, but physical media destruction is frequently missed in audit findings.",{"step":349,"title":350,"description":351,"tip":352},6,"Set the enforcement and audit schedule","Decide whether desk audits will be scheduled (monthly) or random, name the role responsible for conducting them, and define the consequence tiers for violations — from verbal reminder to formal disciplinary action.","Unannounced audits are significantly more effective than scheduled ones. Announcing a 'clean desk week' in advance tells employees to tidy up temporarily rather than change behavior.",{"step":354,"title":355,"description":356,"tip":357},7,"Distribute, collect acknowledgements, and store records","Share the final policy with all in-scope employees, collect signed acknowledgement forms, and store them in the relevant HR files or your compliance management system.","Set a calendar reminder to re-distribute the policy annually or whenever a material change is made, and collect fresh acknowledgements each time.",[359,363,367,371],{"mistake":360,"why_it_matters":361,"fix":362},"Excluding remote workers from scope","Home offices and co-working spaces present the same physical exposure risk as corporate offices — unsecured printed documents, visible screens, and removable media are just as vulnerable.","Explicitly name remote and hybrid workers in the scope section and add a paragraph covering home-office storage, screen positioning, and guest access restrictions.",{"mistake":364,"why_it_matters":365,"fix":366},"Using vague storage instructions","Telling employees to 'store documents securely' without naming a specific location results in inconsistent behavior — some lock up documents, others slide them into a bag or pile them face-down.","Name the exact storage location available to each team or floor, confirm it is accessible during normal working hours, and include instructions for what to do when the location is full.",{"mistake":368,"why_it_matters":369,"fix":370},"Setting the screen-lock timeout too long","A 30-minute auto-lock is the most common default — it leaves screens readable for the entire duration of a meeting, a lunch break, or an unescorted visitor walkthrough.","Set the timeout to 10 minutes maximum for standard environments and 5 minutes for roles handling regulated data. Enforce it via IT policy, not just by asking employees to configure it themselves.",{"mistake":372,"why_it_matters":373,"fix":374},"Collecting acknowledgements only at onboarding","A policy signed once at hiring does not cover updates. If the policy changes and an employee breaches a new requirement, a single historic signature is difficult to rely on for disciplinary action.","Require re-acknowledgement annually and after any material revision. Track acknowledgement dates in your HR system so compliance is auditable.",[376,379,382,385,388,391,394,397,400],{"question":377,"answer":378},"What is a clean desk policy?","A clean desk policy is a workplace rule requiring employees to secure sensitive documents, removable media, and confidential materials on their workstation whenever they step away from their desk — and to fully clear their workspace at the end of each working day. It is a physical information security control designed to prevent unauthorized access to confidential data by colleagues, visitors, cleaners, or anyone else who passes through the workspace.\n",{"question":380,"answer":381},"Why do companies implement a clean desk policy?","Companies implement a clean desk policy to reduce the risk of confidential information being seen, photographed, or taken by unauthorized individuals. It also supports compliance with data protection frameworks including ISO 27001, SOC 2, HIPAA, and GDPR, which require documented physical security controls. Beyond compliance, a clean desk policy reduces the likelihood of internal data leaks and supports a culture of information security awareness.\n",{"question":383,"answer":384},"Is a clean desk policy required by ISO 27001?","ISO 27001 Annex A includes a control (A.11.2.9 in the 2013 version, referenced in the 2022 revision under physical and environmental security) that explicitly references clean desk and clear screen practices. Organizations pursuing ISO 27001 certification are expected to have a documented clean desk policy as evidence that this control has been implemented. A well-structured template that is actively enforced satisfies this audit requirement in most certification assessments.\n",{"question":386,"answer":387},"Does a clean desk policy apply to remote workers?","Yes — remote and hybrid employees handling confidential data at home face the same physical security risks as office workers. A clean desk policy should explicitly include remote workers and address home-office specifics: screen positioning to prevent shoulder surfing, secure disposal of printed documents, locked storage for physical materials, and restrictions on accessing confidential work in shared or public spaces.\n",{"question":389,"answer":390},"How do you enforce a clean desk policy?","Enforcement typically combines periodic desk audits (scheduled or unannounced), automatic screen-lock configuration enforced via Group Policy or MDM, and a tiered disciplinary process for violations. The most effective enforcement approach is unannounced spot checks rather than announced 'clean desk weeks,' which prompt temporary compliance rather than lasting behavior change. Tying audit results to team metrics rather than individual naming can also improve adoption.\n",{"question":392,"answer":393},"What is the difference between a clean desk policy and a clear screen policy?","A clean desk policy governs physical materials on and around the workstation — printed documents, removable media, keys, and notebooks. A clear screen policy specifically addresses on-screen data, requiring employees to lock or log off their computer whenever they leave their desk. The two are closely related and are typically published together in a single document, since both protect against the same class of unauthorized access risk.\n",{"question":395,"answer":396},"What should be included in a clean desk policy?","A complete clean desk policy should cover: purpose and scope, definitions of sensitive materials, daytime workstation rules, end-of-day clearance requirements, clear screen and auto-lock settings, visitor and shared-space protocols, approved secure storage locations, document disposal procedures, compliance monitoring and enforcement, and an employee acknowledgement section. Omitting any of these creates gaps that will surface in audits or incident reviews.\n",{"question":398,"answer":399},"How often should a clean desk policy be reviewed?","Most organizations review and reissue their clean desk policy annually as part of a broader information security policy review cycle. An immediate review is warranted after any of the following: a security incident involving physical data exposure, a significant change in the workplace model (such as moving to hot-desking or adding remote workers), or a regulatory update affecting physical safeguard requirements.\n",{"question":401,"answer":402},"Can a clean desk policy help with GDPR compliance?","Yes. GDPR Article 32 requires organizations to implement appropriate technical and organizational measures to protect personal data. Physical security controls — including securing printed personal data and preventing unauthorized access to screens displaying personal information — are recognized organizational measures. A documented and enforced clean desk policy provides auditable evidence that physical safeguards for personal data are in place, supporting overall GDPR compliance posture.\n",[404,408,412,416],{"industry":405,"icon_asset_id":406,"specifics":407},"Financial Services","industry-fintech","Client account statements, trade confirmations, and KYC documents printed for review must be locked away or shredded within the same session to meet regulatory expectations.",{"industry":409,"icon_asset_id":410,"specifics":411},"Healthcare","industry-healthtech","HIPAA's physical safeguard rules require covered entities to restrict workstation access to authorized users, making a clean desk policy a direct compliance control for any staff handling patient records.",{"industry":413,"icon_asset_id":414,"specifics":415},"Professional Services","industry-professional-services","Law firms, accounting practices, and consultancies regularly host clients in shared spaces, making visitor-specific clean desk rules critical to protecting privileged or confidential client information.",{"industry":417,"icon_asset_id":418,"specifics":419},"Technology / SaaS","industry-saas","Engineering and product teams often print architecture diagrams and roadmaps; a clean desk policy paired with a clear screen rule closes the gap between strong digital security controls and weak physical ones.",[421,424,426,430],{"vs":87,"vs_template_id":422,"summary":423},"acceptable-use-policy-D12630","An acceptable use policy governs how employees use company technology — devices, networks, email, and software. A clean desk policy governs the physical workspace and paper-based information. Both are standard components of an information security program, but they address different threat vectors. Organizations typically need both.",{"vs":102,"vs_template_id":225,"summary":425},"A remote work agreement covers the terms under which an employee works from home — eligibility, equipment, hours, and productivity expectations. A clean desk policy sets the security rules for the physical workspace, whether in-office or remote. The clean desk policy is typically referenced within or attached to remote work agreements as a behavioral requirement.",{"vs":427,"vs_template_id":428,"summary":429},"Data Protection Policy","D{DATA_PROTECTION_POLICY_ID}","A data protection policy governs how personal and sensitive data is collected, stored, processed, and shared across the organization. A clean desk policy is a narrower, operationally focused rule covering the physical handling of information at workstations. The data protection policy sets the framework; the clean desk policy implements one specific control within it.",{"vs":115,"vs_template_id":431,"summary":432},"employee-handbook-D712","An employee handbook covers the full range of workplace policies — conduct, benefits, leave, and performance expectations. A clean desk policy is typically one section within or an appendix to the handbook. Publishing it as a standalone document allows it to be updated independently, distributed to contractors who are not given the full handbook, and cited separately in audit evidence.",{"use_template":434,"template_plus_review":438,"custom_drafted":442},{"best_for":435,"cost":436,"time":437},"Small to mid-sized businesses establishing a baseline information security policy without a dedicated security team","Free","1–2 hours to customize and distribute",{"best_for":439,"cost":440,"time":441},"Organizations preparing for ISO 27001, SOC 2, or HIPAA audit where physical control documentation will be formally assessed","$300–$800 for an information security consultant review","2–5 days including review and revisions",{"best_for":443,"cost":444,"time":445},"Regulated enterprises in financial services or healthcare with complex multi-site physical security requirements","$1,500–$4,000 for a policy drafted by a certified information security professional (CISM or CISSP)","1–3 weeks",[447,448],"iso-27001-physical-security-controls-explained","building-a-workplace-information-security-program",[240,225,431,450,451,452,237,453,454,455,456,457],"non-disclosure-agreement-nda-D12692","technology-policy-D13285","data-breach-response-and-notification-policy-D13650","bring-your-own-device-policy-byod-D12626","password-policy-D13563","document-retention-policy-D13263","checklist-customer-onboarding-D13615","employee-non-disclosure-agreement-D538",{"emit_how_to":459,"emit_defined_term":459},true,{"primary_folder":96,"secondary_folder":461,"document_type":462,"industry":463,"business_stage":464,"tags":465,"confidence":470},"workplace-policies","policy","general","all-stages",[466,467,468,461,469],"data-protection","compliance","clean-desk-policy","security",0.95,"\u003Ch2>What is a Clean Desk Policy?\u003C/h2>\n\u003Cp>A \u003Cstrong>Clean Desk Policy\u003C/strong> is a written workplace rule requiring employees to secure sensitive documents, removable media, and confidential materials on their workstation whenever they leave their desk unattended — and to fully clear their workspace at the end of each working day. It functions as a physical information security control, closing the gap between strong digital security practices and the real-world risk posed by printed documents, visible screens, and unsecured storage media. Most organizations publish a clean desk policy alongside a clear screen rule, since both address the same underlying threat: unauthorized access to confidential information through physical rather than digital means.\u003C/p>\n\u003Ch2>Why You Need This Document\u003C/h2>\n\u003Cp>Without a documented clean desk policy, even well-secured digital environments remain exposed at the physical layer — a printed client report left on a desk overnight, a whiteboard visible to a visiting contractor, or a USB drive stored in an unlocked drawer can each trigger a data breach with no digital footprint. Regulatory frameworks including ISO 27001, HIPAA, and GDPR explicitly expect physical safeguard controls to be in place and documented; an undocumented policy cannot be cited as audit evidence. Employees who have never been given a clear rule cannot be held accountable when incidents occur, complicating disciplinary action and incident response. This template gives you a complete, audit-ready policy you can customize and distribute in under two hours — creating the documented control your security program, your auditors, and your clients expect to see.\u003C/p>\n",1781185940670]