Purpose
10 The Telephony Usage Policy (hereafter referred to as the Policy) outlines acceptable and unacceptable practices in the use of telephony services and devices. The Policy seeks to promote the efficient, ethical, and lawful use of telephony.
11 For the purposes of this policy, a telephony device is any device which utilizes WHO telephony services (audio and video).
12 The protection of WHO's information and communication systems is an essential priority for the Organization given the high reliance on telephony for the conduct of its work. The Policy is established within the context of, and should be read in conjunction with, the WHO policy on Acceptable Use of Information and Communication Systems (eManual XIV.1.1), which outlines entitlements and responsibilities for the use of these systems throughout the Organization.
Scope
13 The Policy applies to all users at all WHO locations that access and/or use a WHO-owned or issued telephony device.
Policy
General
14 Telephony shall be used for purposes that do not conflict with the interests of WHO.
15 Telephony users shall be aware that all WHO communications reflect on the Organization as an institution. Users shall ensure that nothing they communicate could harm the reputation of the Organization or impede its work.
16 The Organization reserves the right to review, intercept, and access communications sent or received through the WHO telephony services.
17 Users must not impersonate others or otherwise use a false identity; or access other accounts or lines without authorization. Moreover, users must not conceal their identities when calling out, except when the option of anonymous use is explicitly authorized.
Personal Use
18 Occasional personal use of telephony for private purposes is permitted if the use does not negatively affect the user's work performance, and does not conflict with the interests of the Organization or WHO's policy on Acceptable Use of Information and Communication Systems (see eManual XIV.1.1, specifically paragraph 100).
19 Occasional use of WHO telephony devices for the storage of personal files or the transmission of personal messages is a courtesy allowed to staff. Personal use of telephony and storage space, to the extent to which it is permitted, must be kept to a minimum to conserve shared resources. WHO cannot guarantee the privacy of such files or messages.
20 Users of WHO telephony devices, including fixed desktop phones and mobile phone devices are accountable for all private calls made. They must observe any policy, including that relating to the self-certification of private calls and reimbursement of the related costs, if any, which applies in their workplace.
21 Any additional costs generated against the Organization as a result of personal use of telephony services shall be covered by the user. Moreover, the user must certify private calls and official calls, as may be requested by the Organization.
Responsibilities
22 Users are responsible for adhering to guidelines issued by the Department of Information Management and Technology (IMT) and Regional Information Technology (IT) departments. This includes device Operating System software updates which must be kept current, unless explicitly directed otherwise by IMT or Regional IT.
23 WHO supports the lawful use of telephony devices. Illegal use of telephony devices – that is, use in violation of civil or criminal law at the international or national levels – is prohibited. Telephony users are responsible for the appropriate use and safekeeping of telephony devices, in accordance with manufacturer's recommendations, locally applicable legislation, and the rules and procedures established in the WHO eManual and applicable standard operating procedures.
24 No WHO telephony device shall be subject to users' hacking, jail breaking, tampering, or non-approved usage. Moreover, users must exercise caution when physically or electrically attaching any additional devices and should not install any software that could potentially impair the performance, integrity, or security of any WHO network, information, or communication system.
Operational Guidelines
25 Guidelines may be issued separately by WHO headquarters, regional offices, and country offices for the administration and technical operation of telephony systems and in compliance with the Policy. These guidelines shall provide details of security instructions, review, interception, access, audit, archiving and disclosure of communications, best telephony practice, and certain technical limits. Telephony device security measures shall be enhanced any time technical means for implementation become available to the Organization. For additional guidance, please refer to the Acceptable Use of Information and Communication Systems Policy (eManual section XIV.1.1).
Security
26 The confidentiality and integrity of telephony communications is enhanced through the use of passwords (and/or passcode) for each user. It is the user's responsibility to keep the password confidential, and to immediately change it whenever the password may have been divulged or compromised. Through the use of passwords, users are ultimately responsible and accountable for the security of communications issued via their accounts.
27 In addition to passwords for official WHO devices and software, any telephony device with access to WHO resources requires a passcode.
28 WHO issued telephony devices must be kept secure at all times.
29 Access to staff telephony accounts shall not be granted by the responsible systems administrator to any other person, except in exceptional circumstances and following predefined official procedures listed in the operational guidelines applicable to the relevant WHO office.
30 Users are required to report promptly any breaches of telephony security, loss, theft, and/or damage of a device to the Global Service Desk or Regional Service Desk, or as defined in the Operational Guidelines of the WHO Telephony Usage Policy and also the Management of Fixed Assets (eManual XIII.2.3).
Confidentiality and Privacy
31 Internal WHO correspondence and material of a restricted or confidential nature shall not be forwarded to external parties or unauthorized persons without the explicit written authorization of the originator and adequate care given to avoid potential compromise of WHO's reputation. Although the WHO telephony system has built-in security features designed to protect the confidentiality of communications, confidentiality cannot be assured when communications are sent within the WHO system or through outside networks, such as the Internet.
32 All WHO communications, including the contents of all files stored on WHO systems, are the property of WHO. WHO reserves the right to access all such information. Any specific regulations or related procedures may be listed in the operational guidelines applicable to the relevant WHO office.
Compliance
33 Reporting of alleged violations: All alleged violations of this policy should be reported to the Global or Regional Service Desk or the appropriate information and communication systems authority responsible for administering this policy in the WHO location involved, who will investigate the allegation and refer the matter to the relevant WHO authorities.
34 Disciplinary procedures: For non-staff members, failure to comply with this policy may result in various measures being taken against the individual or entity concerned, including ongoing compliance measures, removal of access, or for serious cases, termination of contract or initiation of legal proceedings. For staff members, such failure may result in disciplinary proceedings being initiated, which could ultimately result in a disciplinary measure up to and including dismissal in accordance with WHO Staff Regulations and Rules.