Announcement
27. Information and Communications Technology, January 9th, 2023
The following policies have been updated to reflect UNDP’s transition to its new cloud-based management platform Quantum in January 2023, replacing its previous ATLAS system.
26. Information Security Policy, December 17th, 2022
The policy was changed in order to implement industry best practices in cybersecurity for the protection of personally identifiable information. These changes are compliant with ISO 27701 and help implement the requirements of tithe UNDP privacy policy for the protection of personal data.
- The new version of the UNDP Information Security Policy takes into account the provisions of the new UNDP Data Protection and Privacy policy as well as the recommended industry best practices for managing personally identifiable information (PII) as defined in ISO 27701.
- The new version designates the UNDP Chief Information Security Officer role as the party responsible for governance and monitoring of privacy safeguards within the BMS/ITM. It also explicitly designates BMS/ITM as a custodian (aka PII Processor) and not the owner of the PII data.
- The new policy section on PII also contains policy statements compliant with the ISO 27701 privacy standard for industry best practices.
25. ICT Standards Policy, August 24th, 2022
The ICT Standards policy, has been updated to include the following: 1. Overall review and update of the policy 2. User equipment standards update 3. Standard software section update 4. ICT Support services- section updated 5. Online Subscriptions and Cloud Services section added 6. Application development standards– section added 7. Assets Disposal section added 8. Azure cloud subsection added 9. Guidance on the use of MS Azure Annex added.
24. Personal Data Protection and Privacy Policy and Information Classification and Handling , July 26th, 2022
The purpose of the Personal Data Protection and Privacy policy and of the Information Classification and Handling policy is to guide project/programme implementation when handling data, to be embedded throughout the data lifecycle to ensure UNDP implements the highest ethical standards for data protection and privacy. Protection of personal data is essential to upholding fundamental rights to privacy and the UN system-wide personal data protection and privacy principles. Strong policies on personal data protection and privacy, and on information handling and classification are critical for operating efficiently, considering opportunities and risks in the use of personal data, including in combination with evolving technologies.
23. ICT Disaster Recovery Standards for UNDP Offices, February 11th, 2022
Paragraphs 10, 45, 46, 60 and 55 of the policy have been updated in response to UNBOA audit recommendations to clarify the responsibilities of offices in creating their disaster recovery plans, including documenting any arrangements made with cloud providers.
22. Application Development Standards & Scaling Framework, December 20th, 2021
The framework outlines the technical standards and processes that Country Offices and all UNDP Business Units should follow for application development. Furthermore, it provides a governance framework for application development in UNDP in accordance with industry standards while balancing the need of corporate standards with the need to innovate locally and across business units. This allows Business Units to access technical, advisory, and contractual corporate support resources throughout the application’s lifecycle. The framework also addresses and closes OAI audit recommendation 2277-1.
21. Electronic Funds Transfer Standards, September 20th, 2021
The Electronic Funds Transfer Starndards policy has been updated with editorial changes on paragraphs 1, 9, 10 and 13.
21. Bring Your Own Device and Acceptable Usage of ICT Resources, July 1st, 2021
The main Bring Your own Devices and Acceptable Usage of ICT Resources policy changes are as follows:
- Making undp.org email mandatory to all UNDP personnel;
- Prohibiting access to malicious hacking/cybercriminal websites and websites which contravene UN values;
- A clearer naming convention for emails addresses;
- Introduction of a new state of the art password policy, using sentences, and safe logon procedures.
These changes will also close a 2020 UNBOA recommendation.
20. ICT Standards Policy, March 22nd, 2021
The ICT Standards policy, formerly known as Minimum Standards for ICT Infrastructure and Telecommunications, has been updated to include the following:
- Overall review and update of the policy
- User equipment standards update
- Standard software section update
- Electronic signature section added
19. Electronic Signatures Policy, May 5th, 2020
The purpose of the Electronic Signatures policy and procedures is to guide UNDP units in their use of electronic signatures. The policy and procedures define the requirements for e-signatures and ask that UNDP Country Offices and business units review their business processes with the aim of eliminating handwritten signatures and replacing them with either their electronic counterparts, or with email or other system-embedded workflow approvals when possible or permitted. The policy and procedures cover e-signatures uses in UNDP’s internal operations, as well as transactions with external parties, where the use of electronic signatures has been agreed by the parties.
18. Information Security Policy, May 5th, 2020
The Electronic Signatures policy has been linked under the 2.0 Related Policies section.
17. Electronic Funds Transfer Standards Policy, April 16th, 2020
The Electronic Funds Transfer Standards policy was updated throughout to capture the FGT method of electronic payment and align with current Treasury policies. Outdated content was removed.
16. Atlas User Access Standards Policy, January 20th, 2020
Para. 13 ‘Business Units’ is deleted, as access to Atlas of UNDP staff and designated SC holders is subject to the scope of their job duties as referenced in para.2 of the policy. All paragraphs following para.13 have been renumbered accordingly.
15. Atlas User Access Standards Policy, January 20th, 2020
The Atlas User Access Standards policy is available in French. To access the document, click the French language tab.
14. ICT Disaster Recovery Standards for UNDP Offices, January 15th, 2020
The ICT Disaster Recovery Standards for UNDP Offices policy is available in French. To access the document, click the French language tab.
13. Information Security Policy, January 15th, 2020
The Information Security policy is available in French. To access the document, click the French language tab.
12. Atlas User Access Standards Policy, December 4th, 2019
The Atlas User Access Standards policy is available in Spanish. To access the document, click the Spanish language tab.
11. Electronic Funds Transfer Standards Policy, December 4th, 2019
The Electronic Funds Transfer Standards policy is available in Spanish. To access the document, click the Spanish language tab.
10. ICT Disaster Recovery Standards for UNDP Offices, December 4th, 2019
The ICT Disaster Recovery Standards for UNDP Offices policy is now available in Spanish. To access the document, click on the Spanish language tab
9. Information Security Policy, December 4th, 2019
The Information Security policy is available in Spanish. To access the document, click the Spanish language tab.
8. Electronic Funds Transfer Standards, November 13th, 2019
The Electronic Funds Transfer Standards policy is available in French. To access the document, click the French language tab.
7. Standard on the Acceptable Usage of UNDP ICT Resources, February 15th, 2012
The ITM chapter has been updated with the revised Standard on the Acceptable Usage of UNDP ICT Resources. Among the changes are: Explicit prohibitions against the use, transmission, distribution, or storage of any material in violation of UN Staff Regulations and Rules or UNDP policies and procedures; Reduction in the number of email account types from four to one ("undp.org"); Suspension of email and access to UNDP resources on a staff member's last contract day; and guidance on password setting in line with information security best practices.
6. Information Management Strategy and ICT Roadmap, February 15th, 2012
The Information and Communications Technology chapter has been updated with the revised Information Management Strategy which is extended to 2013 and ICT Roadmap 2012-2013.
5. ICT Policies and Guidelines, October 15th, 2009
Updated ICT Policies, Standards, Guidelines, Best Practices, and White Papers are now available in Information Technology Management chapter of POPP. Most of you are familiar with these documents from the ICT website. However, now they are provided within the context of other UNDP business policies and procedures, and in some cases with updates to current ICT environments and reviews from ICT experts and authorities.
To simplify user understanding of standards and to facilitate the utilization of international ICT best practices, including ISO standards for information security, all updated documents are grouped under two categories 1) mandatory policies and standards; as opposed to 2) non-mandatory guidelines, best practices, and informational material.
4. HQs Telecommunication Guidelines, CISO Delegation, etc., July 11th, 2009
The following ICM Policies and Procedures are under preparation to be launched in third quarter of 2009:
POLICIES
- HQs Telecommunication Guidelines
- CISO Delegation
- Electronic Funds Transfer
- Business Continuity
- Computer Disposal
- ICT Security Manual
- ICT Security and Awareness Policy
- System Logon Banner
- IM Strategy 2008-2011
- ICT Board Terms of Reference
- ICT Roadmap 2009
- Change Control and Release Management
PROCEDURES
- Hardening Guidelines
- Mobile Messaging Guidelines
- MS Exchange Server 2007 Planning Guide
- MS Windows Server 2003 Installation Guide
- Domain Controller Deployment Guide
- MS Exchange Server 2007 Deployment Guide
- Anti-spam and Antivirus Deployment
- SunONE Migration to AD + MS Exchange 2007
- MS Exchange Server 2007 Security with ISA
- MS Exchange 2007 Edge Server Deployment
- MS Active Directory Naming Conventions
- UNDP Email Migration Guide
- Skype Management Use
- IDM User Guide
- ARGUS User Guide
- Electronic Banking System Guidelines
- Atlas Development Standards
3. ICT Usage Policy, July 9th, 2009
UNDP promotes the use of Information and Communication Technology (ICT) to share information and knowledge in support of UNDP's mandate and to conduct UNDP's business activities. The ICT Usage Policy launched in first quarter of 2009 establishes the framework for the overall policy and the standards for UNDP regarding the use of ICT resources and data.
2. Information Security Guidelines, July 9th, 2009
The CO and RO ICT Security Guidelines have been launched in first quarter of 2009. They provide security guidelines for UNDP Country and Regional Offices. ICT managers, in cooperation with administrative officers, RIOs or RRs and other appropriate personnel, must conduct an annual review of user and system operation practices to evaluate compliance against existing BOM OIST security protocols and procedures. These security best practices and protocols may also assist regionally-based personnel (for example, RIM, Regional Director, etc.) and OAI/LSO personnel when visiting Country Offices.
1. Better use of ICT to integrate POPP content, June 30th, 2009
Software constraints inhibit many of the improvements that many POPP users would like to see. For instance, the absence of a clear way to tag content makes it impossible to cross-tabulate and pull up different parts of the POPP into combinations of content that meet the needs of individual users.
We welcome your suggestions on the sort of interface that would help you make better use of the POPP.