ISO 27001:2022 Annex A 7.7 Checklist Guide •

ISO 27001:2022 Annex A 7.7 Checklist Guide

See how ISMS.online can help your business

See it in action
By Max Edwards | Updated 15 August 2024

Using a checklist for A.7.7 Clear Desk and Clear Screen ensures systematic compliance, reduces the risk of data breaches, and promotes a culture of security awareness and operational efficiency within the organisation. Achieving compliance supports regulatory adherence and protects confidential information from unauthorised access.

Jump to topic

ISO 27001 A.7.7 Clear Desk and Clear Screen Checklist

A.7.7 Clear Desk and Clear Screen is a control under the Physical Controls category in ISO 27001:2022. This control focuses on ensuring that sensitive information is not left exposed and that workspaces are kept secure. Effective implementation of this control is crucial for maintaining the confidentiality, integrity, and availability of information within an organisation.

Below, you will find a detailed introduction, implementation guidelines, common challenges, ISMS.online features for demonstrating compliance, and a comprehensive compliance checklist to ensure robust adherence to this control.

Scope of Annex A.7.7

Implementing a clear desk and clear screen policy is an essential component of a comprehensive information security management system (ISMS). This policy mandates that all sensitive information, whether in physical or digital form, is securely stored or hidden when not in use.

The primary goal is to prevent unauthorised access, accidental loss, or exposure of sensitive data. This practice not only enhances security but also supports regulatory compliance and promotes a culture of security awareness within the organisation.

Key Objectives of Annex A.7.7

  • Prevent Unauthorised Access: By ensuring that desks are cleared of sensitive documents and screens are locked or turned off when unattended, the risk of unauthorised access is minimised.
  • Protect Confidential Information: Helps in protecting both physical and digital information from being viewed, accessed, or taken by unauthorised individuals.
  • Maintain Clean and Organised Workspaces: Encourages employees to keep their workspaces tidy, which can also improve overall efficiency and productivity.


Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

Why Should You Comply With Annex A.7.7? Key Aspects and Common Challenges

Clear Desk Policy

Implementation: Employees should clear their desks of all documents and materials that contain sensitive information when they are not present.

Common Challenges:

    Resistance to Change: Employees may resist adopting new habits, especially if they are accustomed to keeping documents readily available on their desks.

    • Solution: Implement a robust change management process. Engage employees through training programmes, and clearly communicate the benefits and necessity of the policy.

    Inadequate Storage Solutions: Lack of secure storage solutions can make it difficult for employees to comply with the policy.

    • Solution: Provide adequate secure storage options, such as lockable cabinets or drawers. Ensure resources are identified and allocated appropriately.

    Monitoring Compliance: Regular checks to ensure compliance can be resource-intensive and may face resistance from staff.

    • Solution: Integrate compliance checks into regular audits. Use automated tools for monitoring and reporting.

Clear Screen Policy

Implementation: Employees should lock their computers or turn off their screens when leaving their workstations unattended.

Common Challenges:

    Inconsistent Adherence: Employees may forget to lock screens or may not perceive the importance of this action, leading to inconsistent adherence.

    • Solution: Automate screen locking after a defined period of inactivity. Reinforce the importance of screen locking through regular awareness programmes.

    Technical Limitations: Older systems or software may not support automatic screen locking or may have limited functionality in this area.

    • Solution: Upgrade systems and software to support necessary security features. Ensure that technical requirements are included in the information security risk treatment plan.

    Balancing Security and Usability: Ensuring security without impacting usability and employee efficiency can be challenging, especially in high-paced environments.

    • Solution: Conduct a thorough risk assessment to determine the optimal balance. Implement user-friendly solutions and gather employee feedback for continual improvement.

Benefits of Compliance

  • Enhanced Security: Reduces the risk of data breaches by ensuring sensitive information is not left exposed.
  • Compliance: Helps in meeting regulatory and legal requirements for data protection.
  • Improved Awareness: Encourages a culture of security awareness among employees.


Compliance doesn't have to be complicated.

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

ISMS.online Features for Demonstrating Compliance with A.7.7

  • Policy Management:

    • Policy Templates: Use predefined templates to create clear desk and clear screen policies.
    • Policy Pack: Bundle related policies together for easy access and management.
    • Version Control: Track changes and updates to policies over time.
  • Incident Management:

    • Incident Tracker: Record and track incidents related to non-compliance with clear desk and clear screen policies.
    • Workflow: Manage the process of incident reporting, investigation, and resolution.
    • Notifications: Set up alerts for when incidents are reported or require attention.
  • Audit Management:

    • Audit Templates: Use templates to conduct regular audits of compliance with clear desk and clear screen policies.
    • Audit Plan: Schedule and manage audits to ensure ongoing compliance.
    • Corrective Actions: Implement and track corrective actions resulting from audit findings.
  • Training and Awareness:

    • Training Modules: Develop and deliver training programmes focused on the importance and implementation of clear desk and clear screen policies.
    • Training Tracking: Monitor employee participation and completion of training programmes.
    • Assessment: Evaluate the effectiveness of training through assessments and feedback.
  • Documentation:

    • Doc Templates: Use standardised templates for documenting policies and procedures.
    • Version Control: Maintain control over document versions and ensure that the latest versions are accessible.
    • Collaboration: Facilitate collaboration on document creation and updates.
  • Compliance:

    • Regs Database: Access a comprehensive database of regulations to ensure policies align with legal requirements.
    • Alert System: Receive alerts on regulatory changes that may impact clear desk and clear screen policies.
    • Reporting: Generate compliance reports to demonstrate adherence to policies.

Detailed Annex A.7.7 Compliance Checklist

Clear Desk Policy

  • Policy Creation: Develop a comprehensive clear desk policy using ISMS.online policy templates.
  • Policy Communication: Communicate the policy to all employees through training modules and targeted communication.
  • Secure Storage Solutions: Ensure secure storage solutions are available for sensitive documents.
  • Regular Checks: Schedule and conduct regular checks to ensure compliance with the clear desk policy.
  • Audit Documentation: Use audit templates to document compliance checks and findings.
  • Corrective Actions: Implement and track corrective actions for any non-compliance issues identified.

Clear Screen Policy

  • Policy Creation: Develop a clear screen policy using ISMS.online policy templates.
  • Policy Communication: Communicate the policy to all employees through training modules and targeted communication.
  • Screen Lock Mechanisms: Ensure all systems have screen lock mechanisms enabled.
  • Employee Training: Provide training on the importance of locking screens and how to enable screen lock features.
  • Monitoring Compliance: Use incident tracking to monitor and document any instances of non-compliance.
  • Technical Support: Provide technical support to address any limitations or issues with screen lock functionality.
  • Regular Audits: Schedule and conduct regular audits to ensure compliance with the clear screen policy.
  • Corrective Actions: Implement and track corrective actions for any non-compliance issues identified.


Manage all your compliance in one place

ISMS.online supports over 100 standards
and regulations, giving you a single
platform for all your compliance needs.

Book a demo

Every Annex A Control Checklist Table

ISO 27001 Annex A.5 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.5.1Policies for Information Security Checklist
Annex A.5.2Information Security Roles and Responsibilities Checklist
Annex A.5.3Segregation of Duties Checklist
Annex A.5.4Management Responsibilities Checklist
Annex A.5.5Contact With Authorities Checklist
Annex A.5.6Contact With Special Interest Groups Checklist
Annex A.5.7Threat Intelligence Checklist
Annex A.5.8Information Security in Project Management Checklist
Annex A.5.9Inventory of Information and Other Associated Assets Checklist
Annex A.5.10Acceptable Use of Information and Other Associated Assets Checklist
Annex A.5.11Return of Assets Checklist
Annex A.5.12Classification of Information Checklist
Annex A.5.13Labelling of Information Checklist
Annex A.5.14Information Transfer Checklist
Annex A.5.15Access Control Checklist
Annex A.5.16Identity Management Checklist
Annex A.5.17Authentication Information Checklist
Annex A.5.18Access Rights Checklist
Annex A.5.19Information Security in Supplier Relationships Checklist
Annex A.5.20Addressing Information Security Within Supplier Agreements Checklist
Annex A.5.21Managing Information Security in the ICT Supply Chain Checklist
Annex A.5.22Monitoring, Review and Change Management of Supplier Services Checklist
Annex A.5.23Information Security for Use of Cloud Services Checklist
Annex A.5.24Information Security Incident Management Planning and Preparation Checklist
Annex A.5.25Assessment and Decision on Information Security Events Checklist
Annex A.5.26Response to Information Security Incidents Checklist
Annex A.5.27Learning From Information Security Incidents Checklist
Annex A.5.28Collection of Evidence Checklist
Annex A.5.29Information Security During Disruption Checklist
Annex A.5.30ICT Readiness for Business Continuity Checklist
Annex A.5.31Legal, Statutory, Regulatory and Contractual Requirements Checklist
Annex A.5.32Intellectual Property Rights Checklist
Annex A.5.33Protection of Records Checklist
Annex A.5.34Privacy and Protection of PII Checklist
Annex A.5.35Independent Review of Information Security Checklist
Annex A.5.36Compliance With Policies, Rules, and Standards for Information Security Checklist
Annex A.5.37Documented Operating Procedures Checklist


ISO 27001 Annex A.6 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.6.1Screening Checklist
Annex A.6.2Terms and Conditions of Employment Checklist
Annex A.6.3Information Security Awareness, Education and Training Checklist
Annex A.6.4Disciplinary Process Checklist
Annex A.6.5Responsibilities After Termination or Change of Employment Checklist
Annex A.6.6Confidentiality or Non-Disclosure Agreements Checklist
Annex A.6.7Remote Working Checklist
Annex A.6.8Information Security Event Reporting Checklist


ISO 27001 Annex A.7 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.7.1Physical Security Perimeters Checklist
Annex A.7.2Physical Entry Checklist
Annex A.7.3Securing Offices, Rooms, and Facilities Checklist
Annex A.7.4Physical Security Monitoring Checklist
Annex A.7.5Protecting Against Physical and Environmental Threats Checklist
Annex A.7.6Working in Secure Areas Checklist
Annex A.7.7Clear Desk and Clear Screen Checklist
Annex A.7.8Equipment Siting and Protection Checklist
Annex A.7.9Security of Assets Off-Premises Checklist
Annex A.7.10Storage Media Checklist
Annex A.7.11Supporting Utilities Checklist
Annex A.7.12Cabling Security Checklist
Annex A.7.13Equipment Maintenance Checklist
Annex A.7.14Secure Disposal or Re-Use of Equipment Checklist


ISO 27001 Annex A.8 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.8.1User Endpoint Devices Checklist
Annex A.8.2Privileged Access Rights Checklist
Annex A.8.3Information Access Restriction Checklist
Annex A.8.4Access to Source Code Checklist
Annex A.8.5Secure Authentication Checklist
Annex A.8.6Capacity Management Checklist
Annex A.8.7Protection Against Malware Checklist
Annex A.8.8Management of Technical Vulnerabilities Checklist
Annex A.8.9Configuration Management Checklist
Annex A.8.10Information Deletion Checklist
Annex A.8.11Data Masking Checklist
Annex A.8.12Data Leakage Prevention Checklist
Annex A.8.13Information Backup Checklist
Annex A.8.14Redundancy of Information Processing Facilities Checklist
Annex A.8.15Logging Checklist
Annex A.8.16Monitoring Activities Checklist
Annex A.8.17Clock Synchronisation Checklist
Annex A.8.18Use of Privileged Utility Programs Checklist
Annex A.8.19Installation of Software on Operational Systems Checklist
Annex A.8.20Networks Security Checklist
Annex A.8.21Security of Network Services Checklist
Annex A.8.22Segregation of Networks Checklist
Annex A.8.23Web Filtering Checklist
Annex A.8.24Use of Cryptography Checklist
Annex A.8.25Secure Development Life Cycle Checklist
Annex A.8.26Application Security Requirements Checklist
Annex A.8.27Secure System Architecture and Engineering Principles Checklist
Annex A.8.28Secure Coding Checklist
Annex A.8.29Security Testing in Development and Acceptance Checklist
Annex A.8.30Outsourced Development Checklist
Annex A.8.31Separation of Development, Test and Production Environments Checklist
Annex A.8.32Change Management Checklist
Annex A.8.33Test Information Checklist
Annex A.8.34Protection of Information Systems During Audit Testing Checklist


How ISMS.online Help With A.7.7

Ready to elevate your organisation’s information security to the next level?

Discover how ISMS.online can streamline your compliance with ISO 27001:2022, including the essential A.7.7 Clear Desk and Clear Screen control. Contact ISMS.online today to book a personalised demo and see firsthand how our comprehensive platform can transform your ISMS management.

Take the first step towards achieving unparalleled security and compliance by reaching out now!

complete compliance solution

Want to explore?
Start your free trial.

Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer

Find out more

Explore ISMS.online's platform with a self-guided tour - Start Now