Republic of Botswana

Ministry of transport and Communications

Department of Information Technology

Security Division

Clean Desk Policy

Version 1.0

Date: 2010-02-01

GOB Clean Desk Policy

 DIT SECURITY DIVISION

Organisation Department of Information Technology

Title Clean Desk Policy

Author DIT Security Division

Filename Clean desk Policy

Owner Government of Botswana

Subject Operational Policies

Protective Marking None

Review date 1-Feb-10

Revision History

Revision Reviser Previous Description of Revision

Date Version

Document Approvals

This document requires the following approvals:

Sponsor Approval Name Signature Date

Director Information Technology Joyce Mpete

Page | 2
 DIT SECURITY DIVISION

Table of Contents

1.0 Definitions……………………………….…………………………………………….4
2.0 Overview …………………………………..…………………………………………..4
3.0 Purpose …………………………………..…………………………………………….4
4.0 Responsibility ………….……………..………………………………………………..4
5.0 Scope…………………………………..………………………………………………..4
6.0 Actions…………………………………………………….……………………………5
7.0 Enforcement ……………………………………………………………………………5
8.0 Violations……………………………………………………………………………….5
9.0 Associated Policies…………………………………………...…………………………6
10.0 Policy Governance………………………………..…………………………………6
11.0 Review and revision…………………………………………………………………7
12.0 Enforcement queries and comments……………………...…………………………7
13.0 Exceptions …………………………………………………………………………..7

Page | 3
 DIT SECURITY DIVISION

1.0 Definitions

CD is an optical disc used to store digital data

PDA is a handheld computer, also known as a
palmtop computer
USB consists of flash memory data storage device
that is typically removable and rewritable
DVD also known as Digital Versatile Disc or Digital
Video Disc, is an optical disc storage media
format
ICT Information communications Technology
GDN Government Data Network

2.0 Overview

The purpose for this policy is to establish a culture of security and trust for all government
of Botswana employees. An effective clean desk effort involving the participation and
support of all government employees can greatly protect paper documents that contain
sensitive information about our clients, customers and vendors. All employees should
familiarize themselves with the guidelines of this policy.

3.0 Purpose
The main reasons for a clean desk policy are:

 A clean desk can produce a positive image when our customers visit the
company.
 It reduces the threat of a security incident as confidential information will be
locked away when unattended.
 Sensitive and confidential documents left in the open can be stolen by a
malicious entity.
 Reduction in stress with employees having a tidy desk
 Reduction in workplace accidents and spills.

It is generally accepted that a tidy desk is a sign of efficiency and effectiveness

4.0 Responsibility

All staff, employees and entities working on behalf of the government of Botswana are
subject to this policy

5.0 Scope
The purpose of this policy is to ensure the proper use of Government offices are free from
possible data and information theft and make all users aware of what government deems as
acceptable and unacceptable office management. This policy applies to employees,
Page | 4
 DIT SECURITY DIVISION

contractors, consultants, temporaries, and other workers of the government of Botswana,

including all personnel affiliated with third parties.

At known extended periods away from your desk, such as a lunch break, sensitive working
papers are expected to be placed in locked drawers.
At the end of the working day the employee is expected to tidy their desk and to put away
all office papers. The government of Botswana provides locking desks and filing cabinets
for this purpose.

6.0 Action

 Allocate time in your calendar to clear away your paperwork.

 Always clear your workspace before leaving for longer periods of time.
 If in doubt - throw it out. If you are unsure of whether a duplicate piece of sensitive
documentation should be kept - it will probably be better to place it in the shred bin.
 Do not print off emails to read them. This just generates increased amounts of
clutter
 Arrange desks such that no one will be able to see what you are typing on the
computer
 Go through the things on your desk to make sure you need them and what you don’t
need throw away (…pertinently)
 Handle any piece of paper only once - act on it, file it, or dispose of it appropriately
 Put a date and time in your diary to clear your paperwork

Consider scanning paper items and filing them electronically in your workstation.

 Use the recycling bins for non-sensitive documents when they are no
longer needed.
 Lock your desk and filing cabinets at the end of the day
 Lock away portable computing devices such as laptops or PDA devices
 Treat mass storage devices such as CD, DVD or USB flash drives as
sensitive and secure them in a locked drawer (refer to Removable Media
and Data Transfer Policy)

7.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up
to and including termination of access privileges into the GDN. Heads of sections should
see to it that this policy is put into practice.

8.0 Violation
These regulations apply subject to and in addition to the law. Any violation of these
regulations may also be subject to penalties under civil or criminal law (Cybercrime and
Computer Related Crimes Act, 2007) and such law may be invoked by DIT. Use of the

Page | 5
 DIT SECURITY DIVISION

government’s systems may be logged to permit the detection and investigation of

infringement of Policies. Monitoring of emails, internet usage, telephone calls and other
ICT may be carried out in some situations, for the purposes of;

 Investigating unauthorized use, prevention and detection of criminal activities;

 Establishing compliance with regulatory standards and governmental policies;
 And to ensure effective system operation.

The Government reserves the right to inspect any Government item owned ICT equipment.
Any equipment deemed to be breaching policy or otherwise interfering with the operation
of the network may be removed.
Infringements of this policy may be investigated under the Government’s appropriate
disciplinary procedures. Associated sanctions (with approval from Director, Permanent
Secretary or Permanent secretary to the President) may include:

 Withdrawal of Government ICT facilities

 Seizure of equipment that is in violation of the policy
 Initiation of relevant disciplinary procedure for anyone found violating the policy.
 Section 34 and 37 Part VIII, 31 Part VII and 21 Part V of the Botswana Public
Service Act of 1999 will be enforced on anyone found violating this policy
 Punishable by civil and criminal law (Cybercrime and Computer Related Crimes
Act, 2007)
 Any account found in violation of any government policies will be disabled without
prior notice.

9.0 Associated Policies

Applicable policies include those listed below. This list is not exhaustive and will be
subject to change. Below are some of the applicable policies;

 Clean Desk Policy

 Antivirus and Malware Policy
 Acceptable use Policy
 Password Policy
 Electronic mail Policy
 Remote Access Policy
 Acceptable Encryption Policy
 Privacy and Confidential Policy
 Removable Media and Data Transfer Policy
 Screen saver Policy
 Physical and Access Security policy

Page | 6
 DIT SECURITY DIVISION

10.0 Policy Governance

The following table identifies who within government is Accountable, Responsible,

Informed or Consulted with regards to this policy. The following definitions apply:
 Responsible – the person(s) responsible for developing and implementing the
policy.
 Accountable – the person who has ultimate accountability and authority for the
policy.
 Consulted – the person(s) or groups to be consulted prior to final policy
implementation or amendment.
 Informed – the person(s) or groups to be informed after policy implementation or
amendment.

Responsible Head of DIT Security

Accountable Director of Information Technology

Consulted All DIT Divisions, IT officers and managers

All Government of Botswana employees, All Temporary Staff, All

Informed
Contractors, service providers and stakeholders

11.0 Review and Revision

This policy will be reviewed as it is deemed appropriate, but no less frequently than every 3
months for the two years then once annually thereafter.
Policy review will be undertaken by the Head of Security

12.0 Enforcement queries and comments

For enforcement questions or clarification on any of the information contained in this

policy, please contact the DIT Security section: gdnsecurity@gov.bw including any
general questions about department-wide policies and procedures.

13.0 Exceptions
Any exceptions to this policy will require written authorization. Exceptions granted will be
issued a policy waiver for a defined period of time. Requests for exceptions to this policy
should be addressed to the Director of the Department of Information Technology (DIT).

Page | 7