Policy on Use of Information Communication & TechnologyResources

PURPOSE:In line with the UNDP Global ICT policy, this document serves as a policy on use of Information Communication and Technology Resources. Access to UNDP computer systems and network is a privilege afforded to UNDP staff, affiliates and contractors under certain conventions. This policyoutlines everyone’s responsibilities to safeguard UNDP / PAPP’s data, intellectual property and network. Furthermore this policy discusses specific access provisions and responsibilities of users.

TABLE OF CONTENTS

  1. Introduction……………………………………………………...……….....…………2-3
  2. Conditions applicable to use of ICT Resources and Data…………..…...…………...4-11
  3. Rights of users of ICT Resources…….....………………………………………..…11-14
  4. ICT Security…………………...……………………………………………………14-16
  5. ICT Record Retention and Disposition………………………………………………...... 17
  6. Final Provision………………………………………………………………………17-19
  7. Annex A: Definitions…………………………………………………………….….20 - 22

1 INTRODUCTION

As per the UNDP mandate, the United Nations Development Programme / Programme of Assistance to the Palestinian People (UNDP / PAPP) promotes the use of Information and Communication Technology (ICT) to share information and knowledge in support of UNDP's mandate and to conduct UNDP's business activities. This document establishes the framework for the overall policy and the standards for UNDP / PAPP regarding the use of ICT resources and data and is to be applied within the relevant context of UNDP / PAPP:

  • UNDP / PAPP Prescriptive Content on Accountability, Disciplinary Measures and Procedures; and
  • UNDP / PAPPPrescriptive Content on Records Management.

In addition this policy reflects certain provisions of:

  • United Nations (UN) Secretary-General’s Bulletin on Use of Information and Communication Technology Resourcesand Data, ST/SGB/2004/15;
  • United Nations (UN) Staff Regulations and Rules 100/200/300 Series (ST/SGB/2004/1, ST/SGB/2004/2,ST/SGB/2004/3);
  • UN Status, Basic Rights and Duties of United Nations Staff Members (ST/SGB/2002/13);

1.1 General Provisions

1.2 Reason for Issue (In line with HQ directions):

ICT resources are intended to support UNDP / PAPP business activities and to enable closer and timelier communications,within UNDP / PAPP and between UNDP / PAPP and its clients and partners. Inappropriate use of these resources can, however,harm UNDP / PAPP. This policy is intended to minimize the likelihood of such harm by educating UNDP / PAPP users and byestablishing principles that will limit potential financial, operational or legal risk to any UNDP / PAPP entity. The mainpurposes of this Policy are to:

a. Ensure that UNDP / PAPP ICT resources and data are used for purposes appropriate to UNDP's mandate;

b. Inform UNDP / PAPP users about applicable UNDP / PAPP policies related to the utilization of ICT resources and data andensure that users comply with them;

c. Establish Policy on confidentiality, integrity, availability, and privacy, of ICT resources and data; and,

d. Prevent disruptions to and misuse of, UNDP / PAPP ICT resources, services, and activities.

1.3 Scope

This Policy shall apply to:

a. All UNDP / PAPPstaff members and non-staffincluding UNVs, interns, SSAs, SCs, vendors and other persons affiliates with UNDP/ PAPP.

b. All ICT resources owned or managed by UNDP / PAPP or provided by UNDP / PAPPthrough contracts and other agreements with UNDP / PAPP;

c. All UNDP / PAPP ICT records in the possession of UNDP / PAPP staff and non-staff or of other users of ICT resources provided by UNDP / PAPP;

d. Emerging technologies such as Voice over IP, Skype, Bluetooth, etc. that supplement or extend the capabilities of the ICT resources;

e. All ICT resources of other UN departments or partner agencies managed by UNDP / PAPP, or to users of such ICT resources who are employees and agents of those divisions or partner agencies, to the extent that such individuals are bound by the spirit of this policy when they do not conform to its provisions; and

f. All ICT contents and to the electronic attachments and transactional informationassociated with such communications. Although this Policy addresses ICT records in electronic form, it must be noted that ICT records in either printed or electronic form are also subject to UNDP / PAPPrecords management policies, as defined in the Prescriptive Content on Records Management, including any provisions regarding retention and disclosure except where privileged or otherwise excluded by law.

1.4 Definitions

Annex A contains key definitions that apply to this Policy. An understanding of these definitions is essential to fully comprehending this Policy.

2 CONDITIONS APPLICABLE TO USE OF ICT RESOURCES AND DATA

While UNDP / PAPP actively promotes the use of ICT resources and makes them widely available to its user community, UNDP / PAPPmust limit the use of ICT resources by imposing restrictions that apply to all UNDP / PAPP property and by establishing constraintsnecessary for the reliable operation of ICT systems and services. Please note that this policy is applicable to all undp.organd undp.ps domains where “ps” refers to the ISO country code applicable to that domain.All future references to undp.org shall equally apply to all undp.ps web sites as per the note provided above.

2.1 Allowable Users

2.1.1 UNDP / PAPP Users

UNDP / PAPP staff members, partner agencies, business partners and anyone else associated with UNDP / PAPP may, withauthorization by the Special Representative (SPR)/ Deputy Special Representative (Operations) (DSPR(O)) useUNDP / PAPP Policy on Use of ICT resources and services for any purpose in accordance with this Policy. UNDP / PAPP users are granted accessto ICT resources and data through established access control procedures. The principles outlined in this sectionare applicable to any form of electronic communication. Specific standards and guidelines for users of ICTResources are as follows:

a. There are two types of user identities; User Accounts and Service Accounts:

  • User Accounts are accounts created for official use. These accounts are setup for individual use byUNDP / PAPP Staff Members or Non-Staff Members (UNVs, SSAs, SCs, etc.); and
  • Service Accounts are accounts created specifically to enable a group of authorized user account holdersgain access to messages or services addressing organizational needs rather than those of a specificindividual. The establishment of these accounts requires the prior approval of the SPR or DSPR(O) and should be forwarded to PAPP / ICT Associate office.

b. There are four types of email address classifications of UNDP / PAPP Staff Members and Affiliates:

  • All UNDP / PAPP Staff Members (100, 200 and 300 series contract holders), all SC/SSAs who will be managedthrough the ATLAS HR module and interns shall ;
  • All UNDP / PAPP staff members who have reached retirement age and are not in active employment withinUNDP / PAPP as well as any former UNDP / PAPP staff independent of their retirement status shall

c. User accounts are setup specifically for the purpose of performance of UNDP / PAPP’s business. As such, theseaccounts shall be, at a minimum, kept as long as the person to whom the account is assigned is continuing toconduct UNDP / PAPP business. Closing the account will be effected only as stated below and shall apply to theundp.org and undp.ps domains (where ‘ps’ denotes the ISO standard country code for that domain).

For UNDP Staff Members, the following shall apply:

  • When on Approved Special Leave with Pay (SLWP), the account will remain active;
  • When staff member is suspended or on SLWP they may retain their ability to only read email;
  • When on Approved Special Leave without Pay (SLWOP), the account will remain active;
  • When on Secondment to another UN Agency, the account will remain active;
  • When being terminated due to early or normal expiration of contract, the account will be kept activefor a period of 60 days as of the date of separation;
  • When being terminated subject to dismissal or separation for disciplinary actions, the account will beclosed on the date of termination;
  • When separating from the Organization, the account will be kept active for a period of 60 days as ofthe date of separation; and
  • When retiring from the Organization, the account will be kept active for a period of 180 days fromthe date of retirement;
  • For Special Service Agreement Holders (SSAs), Interns, Service Contract Holders, Consultants and otherassociates ; the account will be terminated two weeks after the termination of the associated contract orassignment;

It is the responsibility of the UNDP / PAPP Team Leaders, to which theUNDP Staff Member or Affiliate belonged, to coordinate with the Human Resources office and IT unitto ensure that the necessary user account actions are promptly taken. Service accounts should contain reference toan active User Account designated as the primary contact and an expiration date equal or less to the contractexpiration date of the staff member designated as the primary contact. Notification of account changes orexpiration should be sent to both primary and secondary help desk contact.

2.1.2 Public Users

Persons and organizations that are not UNDP / PAPP Users may only access UNDP ICT resources or services that havebeen made available as “public access”. This provision applies to portal web sites and other publicly available websites that may be used to access other programs or information that said users may have rights to access.

2.1.3 Transient Users

Users whose electronic communication merely transits UNDP / PAPP facilities as a result of network routing protocols arenot considered "Users" for the purposes of this policy. However, the provisions outlined in this policyare stillapplicable as is UNDP / PAPP’s right to inspect passing traffic. UNDP / PAPP retains its rights to inspect any traffic traversing theUNDP / PAPP network.

2.2 Restrictions

ICT resources may be provided by UNDP / PAPP units, sub-units or partner agencies in support of UNDP / PAPP and Partner Agencymissions and of administrative functions that support these missions adhering to the following provisions:

2.2.1 Violation of Policies and Guidelines

Users shall not use ICT resources in violation of other UNDP / PAPP policies or guidelines. This includes, but is notlimited to policies and guidelines regarding;

a. workplace harassment, sexual harassment and abuse of authority or other forms of behavior that create ahostile working environment;

b. Sexually explicit messages, images, cartoons or jokes;

c. Unwelcome or harassing propositions;

d. Offensive, insulting, or profane language;

e. Defamatory or derogatory comments about individuals or organizations;

f. Ethnic, cultural, religious, gender or racial slurs;

g. Advocate or overtly promote personal political beliefs or those of a political organization; or

h. Perform unlawful activities.

i. The use of UNDP / PAPPICT resources for commercial purposes not under the explicit auspices of the UNDP / PAPP isstrictly prohibited as is any activity resulting in personal financial gain such as operating a business utilizingUNDP / PAPPequipment.

j. Use of streaming audio/video facilities for entertainment purposes except those provided by UNDP / PAPP such asUN special events and online news sources;

k. Download of music and video files, such as MP3s, except those that are for official use ;

l. Participating in peer-to-peer (P2P) file exchange networks not related to official duties;

m. Frequent or extended “web-surfing” unrelated to UNDP / PAPP business;

n. Hosting sites that are not under the auspices of UNDP / PAPP; or

o. Installation of non-approved software.

p. Any personal use for enjoyment, profit or diversion

2.2.2 Representation of UNDP / PAPP

Any usage of UNDP / PAPP ICT resources is directly traceable to UNDP / PAPP and therefore, whether intended by the user ornot, represents UNDP / PAPP. In this regard:

  1. Users of UNDP / PAPP ICT resources shall not use aUN-assigned electronic identity (e.g., containing "UNDP.org”) to register with or participate in on line-auctions, sales, or commercial servicesand/or investment transactions which are not under the auspices of UNDP or to register with or participate indiscussion groups, chat rooms, bulletin board, web-based games or competitions that are not related to officialUNDP business.
  1. Users of UNDP / PAPP ICT resources shall not give the impression that they are representing, giving opinions, orotherwise making explicit or implicit statements in publicly-accessible electronic forums on behalf of UNDP / PAPPor any unit, sub-unit or partner agency of UNDP / PAPP without either being so entitled by virtue of their official role,or by having obtained the prior approval of the SPR. UNDP / PAPP Users are reminded of their duty of discretion in accordance to the UNDP / PAPP Staff Rules.
  1. Users of UNDP / PAPP ICT resources may employ an electronic signature that reflects their official title and functionin UNDP.

2.2.3 Endorsements

Users of UNDP / PAPP ICT resources must abide by UNDP / PAPPpolicy regarding endorsements. References or pointers toany non-UNDP / PAPP entity contained within UNDP / PAPP ICT shall not constitute, either explicitly or implicitly, UNDP / PAPP’sendorsement of the products or services of that entity.

2.2.4 False Identity and Anonymity

Users of UNDP / PAPP ICT resources shall not, either directly or by implication, employ a false identityunless withexplicit authority from SPR or DSPR(O). A supervisor may delegate his/her identity to an employee totransact UNDP / PAPPbusiness for which the supervisor is responsible. In such cases, an employee's use of thesupervisor's electronic identity does not constitute a false identity. When identity is delegated the supervisor andemployee are both responsible for all actions performed using the supervisor’s identity.

2.2.5 Interference

UNDP / PAPPICT resources shall not be used for purposes that could reasonably be expected to directly or indirectlycause excessive strain on its ICT resources, or unsolicited interference with others’ use of ICT resources. Users ofICT services shall not engage in the following:

a. Initiate or forward electronic mail chain letters or their equivalents in other services;

b. Exploit ICT systems for purposes beyond their intended scope such as further distributing of unsolicitedelectronic communication such as spam, chain letters or anything that does not constitute an official function;

c. As suggested by the UNDP / PAPP Staff Rules; send an extremely large message (>5MG) or send multiple electroniccommunications to one or more recipients intentionally with the purpose of interfering with the recipients' useof ICT systems and services;

d. Intentionally engage in other practices such as denial-of-service attacks that impede the availability of ICTservices; or

e. Gain unauthorized access to computers e.g., by means such as spoofing.

f. Exploit bandwidth

g. Attempt to tap in or in any way monitor the traffic of the network without the appropriate authorization

2.2.6 Personal Use

Limited personal use of UNDP / PAPP ICT resources is permissible as long as it does not:

1. Directly or indirectly interfere with the UNDP / PAPP's operation of ICT resources;

2. Interfere with performance of official duties;

3. Burden UNDP with noticeable incremental costs. When noticeable incremental costs for personal use areincurred, users shall follow UNDP guidelines and procedures for reimbursement to UNDP (e.g., $5 limit onpersonal calls); or

4. Violate the terms of this Policy.

Personal usage of email accountsand stored data are subject to the same policies and monitoring procedures asthose applied to official use. Users do not have a right to privacy but they should have an expectation for privacywhile using UNDP / PAPP ICT resources. UNDP / PAPP is not responsible for any loss or damage of data incurred to or by anindividual as a result of personal use of UNDP / PAPP ICT resources.

2.2.7 Accessibility

Electronic communication intended to accomplish the mission and administrative tasks of UNDP / PAPP shall beaccessible to users in special cases with disabilities in compliance with UN and UNDP policies. Alternateaccommodations shall conform to UN and UNDP / PAPP policies and guidelines.

2.2.8 Intellectual Property

UNDP / PAPP respects intellectual property rights and strictly adheres to all product-licensing obligations. The contentsof all electronic communication shall conform to UNDP / PAPP policies regarding protection of intellectual property.Using, downloading, copying or transferring any applications, documents, or programs for which UNDP / PAPP does nothave a valid license is prohibited.

Users should not download, copy, transfer applications they do not have a license for. Users can installapplications they have a license for as long as they do not interfere with the proper operation of UNDP / PAPP applicationsand network.

Users are restricted from violating the rights of any person or company protected by copyright, trade secret, patentor other intellectual property, or similar laws or regulations, including, but not limited to, the installation ordistribution of "pirated" or other software products that are not appropriately licensed for use by UNDP / PAPP.

Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution ofphotographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of anycopyrighted software for which UNDP / PAPP or the end user does not have an active license is strictly prohibited.

2.2.9 Software Exportation

Exporting software, technical information, encryption software or technology, in violation of international orregional export control laws, is illegal. The appropriate management should be consulted prior to export of anymaterial that is in question.

2.2.10 Electronic Approvals/Authorizations

Electronic approvals authorizations such as financial approvals and/or authorizations or the provisioning of ICTsystem or service access issued using UNDP / PAPPICT resources which generate a financial or legal commitment forUNDP / PAPPare subject to UNDP / PAPP policies and procedures governing such transactions.

2.3 Access Restriction

Access to and use of UNDP / PAPP ICT services or ICT resources may be wholly or partially restricted or rescinded by UNDP / PAPPwithout prior notice and without the consent of the user as set forth in the Access Without Notification or Consent sectionbelow. Restriction of access and use under such conditions is subject to the approval of the SPR or DSR(O).

2.4 Ownership of Assets

UNDP / PAPP ICT resources, systems and services are the property of UNDP. UNDP / PAPP retains the right to seize and search any ICTresources and records it owns. This applies to records that are in paper, digital, or other format. UNDP / PAPP also owns all ICTrecords pertaining to the activities of UNDP / PAPP created by UNDP / PAPP Staff or business partners, whether or not UNDP owns theICT resources, systems or services used to create or use it. If management believes that there is a need to seize ICTresources and records then it must request approval from the Office of Legal Procurement and Support (OLPS) or the Officeof Audit and Performance Review (OAPR).