Skip Ribbon Commands
Skip to main content
SharePoint

Purpose

10   The E-mail Usage policy has been developed to outline acceptable and unacceptable practices in the use of Electronic Mail (E-mail) in the Organization and to assist users in making the most productive use of E-mail in their work.

20   E-mail is a critical tool supporting WHO's technical and administrative functions that provides for a fast and effective means of communication within and outside WHO.

30   The protection of WHO's information and communication systems is an essential priority for the Organization given the high reliance on the E-mail for the conduct of its work. This policy is established within the context of the WHO Policy on Acceptable use of Information and Communication Systems, which outlines entitlements and responsibilities for the use of these systems throughout the Organization (see section XIV.1.1).

Scope

40   The policy applies to all users who have been authorized to use WHO E-mail system, including but not limited to, WHO staff members, interns, consultants, contractors and visitors.

Policy

General

50   E-mail shall be used for purposes that do not conflict with the interests and purposes of WHO.

60   E-mail users shall be aware that all correspondence sent out from WHO reflects on the Organization as an institution; users shall ensure that nothing they send out could harm the reputation of the Organization or could impede its work.

70   The Organization reserves the right to review, intercept, access, and disclose E-mails sent or received through the WHO E-mail systems. Any specific rules or related procedures in this regard may be listed in the operational guidelines referred to in section XIV.1.4 paragraph 240, as applicable to WHO headquarters or the relevant regional office.

80   E-mails, like all other communication documents, have differing levels of importance. Some will be needed for ongoing business, some will have only ephemeral value. The value of an electronic message will be determined by whether it relates to an official communication, is an informal information message, or is purely private, as follows:

  • An official communication might be a directive or an approval for a particular course of action, an interchange of messages about a case or policy issue, or data interchange with another organization or individual;
  • An informal information message will have a work context without being an official communication. Examples include an internal meeting notification, a message used as a carrier for an attached internal draft document, or an invitation for a department's Christmas party;
  • A private message will refer to non-work matters, and these messages are further dealt with under section XIV.1.4 paragraphs 140 - 160.

90   Users must not conceal their identities when sending an E-mail or posting to a collaboration site for WHO work, except when the option of anonymous use, e.g. generic E-mail address, is explicitly authorized.

100   Impersonating others, using false identity (e.g. forging of E-mail header information) or unauthorized access to other E-mail accounts (user or generic) is prohibited.

110   Auto-forwarding of E-mails intended for WHO mailboxes to non-WHO accounts is prohibited due to reasons of information security and technical issues.

Official use

120   E-mail provides a fast and effective means of communication in WHO as well as with the outside world via the Internet. It is a valued tool which provides support to WHO's technical and administrative functions.

130   E-mails sent or received as official communications are WHO records and must be retained for as long as they are needed for WHO administrative and legal requirements. Those that have documentary and/or historical value must be transferred when no longer needed for WHO daily work to the WHO archives.

Personal use

140   Occasional personal use of E-mail for private purposes is tolerated if this use does not negatively affect the user's work performance and the content does not conflict with the interests of the Organization or WHO's policy on Acceptable Use of Information Systems (see section XIV.1.1).

150   The occasional use of WHO computer systems for the storage of personal files or the transmission of personal messages is also a convenience allowed to staff as a courtesy. However, WHO cannot guarantee the privacy of such files or messages.

160   To conserve shared resources, personal use of E-mail and storage space, to the extent to which it is permitted, must be kept to a minimum.

Responsibilities

170   Like other forms of official correspondence and communications, E-mail messages must be prepared carefully, as one would for a letter or memorandum, and copies must be sent only to those with a need to know. When responding, consider the content and tone of your reply and decide whether you would want that response to be part of a permanent record or file. In general, it is preferable not to include all the original addressees routinely in your responses.

180   Additionally, users should ensure that:

  • E-mail messages are accurate;
  • The subject field of the E-mail message allows the recipient to easily identify the purpose of the E-mail;
  • Messages are read and responded to in a timely manner;
  • Important messages relating to official communications are filed in the relevant file or captured in WHO's record-keeping system;
  • The E-mail system is not used to send or receive (download) materials protected by intellectual property rights without prior authorization, since such handling may constitute infringement.

190   E-mail users are responsible for ensuring that necessary clearances/authorizations are obtained prior to transmission, and that a record of the clearance or authorization is available.

Operational Guidelines

200   Guidelines may be issued separately by WHO headquarters and each WHO regional office for the administration and technical operation of the E-mail system and compliance with this WHO E-mail policy. These guidelines, which may be updated as necessary, may provide details of security instructions, review, interception, access, audit, archiving and disclosure of E-mails, best E-mail practice and certain technical limits, such as size of mailbox and maximum message size.

Security

210   The confidentiality and integrity of E-mail messages is enhanced through the use of passwords for each user. It is the user's responsibility to keep the password confidential, and to change it whenever it is thought the password may have been divulged or compromised. Through the use of the passwords, users are ultimately responsible and accountable for messages sent from their E-mail accounts.

220   Access to staff E-mail accounts shall not be granted by the responsible IT systems administrator to any other person except in exceptional circumstances and following a predefined official procedure, as may be listed in the operational guidelines applicable to the relevant WHO office.

230   Users should be extremely careful with E-mail attachments received from unknown senders, as they may contain viruses, malicious code, or other security threats. In case of doubt, the Global Services Desk should be contacted for advice.

240   Staff are urged to report promptly any breaches of E-mail security to the Global Services Desk or as defined in operational guidelines.

Confidentiality and privacy

250   As a general rule, internal WHO correspondence and material of a restricted or confidential nature shall not be forwarded to external parties or unauthorized persons without the explicit written authorization of the originator. This includes material in E-mail format. Although the WHO E-mail system has certain built-in security features designed to protect the confidentiality of E-mail messages, confidentiality cannot be assured when messages are sent within the WHO system or through outside networks such as the Internet.

260   All WHO electronic messages, including the contents of all files stored on WHO systems, are the property of WHO. WHO reserves the right to access all such information. Any specific regulations or related procedures may be listed in the operational guidelines applicable to the relevant WHO office.

Compliance

270   Reporting of alleged violations. All alleged violations of this policy should be reported to the Global or Regional Service Desk or the appropriate information and communication systems authority responsible for administering this policy in the WHO location involved, who will investigate the allegation and (if appropriate) refer the matter to the relevant WHO authorities.

280   Disciplinary procedures: for non-staff members, failure to comply with this policy may result in various measures being taken against the individual or entity concerned, including ongoing compliance measures, removal of access, or for serious cases, termination of contract or initiation of legal proceedings. For staff members, such failure may result also in disciplinary proceedings being initiated, which could ultimately result in a disciplinary measure up to and including dismissal in accordance with WHO Staff Regulations and Rules.

Related Content
There is no related content specified for this page.
Publishing information
Version: 2.0
Published: 15/12/2011 17:56
View History  (Requires sign-in)