Please enable JavaScript.
Coggle requires JavaScript to display documents.
CoC Articles in the Word file <- not mentioned mentioned -> -…
CoC Articles in the Word file
<- not mentioned
mentioned ->
Comply with the Staff Rules, Staff Regulations, and all mandatory rules, policies, and
procedures, and with the terms of their employment contracts and conditions of service.
Very broad, this is the article that links all policies and procedures to staff conduct. Cannot create a scenario that refers to this since this article does not name any specific misconduct. Any scenario related to this would be indirect.
Discharge functions and act only with the interests of the Federation in view.
Even broader than the previous one.
Not act in any way likely to bring the Federation into disrepute.
This mentions reputation impact, which is broad and not specific, but at least can be the base of a scenario
Not produce, procure, distribute or use pornographic material in Federation offices or on Federation equipment, including reading/surfing pornographic websites or message boards or sending pornographic emails.
This is in contrast very specific, easily to includ in a scenario, but has no learning value, no one ever will have doubts about whether distributing pronographic material in a corporate environment is welcome or not.
Definition:
“Pornographic material” includes all sexually explicit material intended to cause sexual arousal, including photographs, videos, and writings. However, if local law provides a stricter definition of pornography than provided here, Staff must comply with local law.
Protect the confidentiality of the Federation’s internal information, and not communicate to any person any internal correspondence or information known to them by reason of their official position which has not been made public, except in the course of their official duties or by authorisation of the Secretary General. Staff shall not at any time use the Federation’s internal information to private advantage.
This can be used for a scenario
Scenario question 1 ->
You organise an international event. People from around the globe come for a week, many will need a visa. How do you proceed?
You send an email to all participants and request them to provide a copy of their passport, their personal details and their credit card details.
Before collecting personal information like this, it is essential to review what purpose the information will serve. Collecting and storing credit card information is against IFRC policies. The security of the tools used to collect such information must align with the sensitivity of the information. EMails are not secure in general, must be used accordingly.
You request the participants to send a copy of their passport, and their personal details by email, you address them in BCC, and you make sure nothing unnecessary is collected.
If collecting this kind of information by email is unavoidable, using BCC to communicate with a wide audience that does not need to know about each other is always a good idea, especially if an eventual reply-all would expose sensitive information.
You request the participants to send a copy of their passport and their personal details by email, you address them in BCC, and you make sure nothing unnecessary is collected. You also include guidance on how to protect their submission with encryption.
If collecting this kind of data by email is unavoidable, using BCC to communicate with a wide audience that does not need to know about each other is always a good idea, especially if an eventual reply-all would expose sensitive information. Adding an advise about how they can protect their data that they share using not secure channels like email shows how much the organisation cares while handling personal information.
Scenario question 2 ->
While collecting the information, you realise you need to store it somewhere. What do you do?
You open an Excel file, you place it in a folder where only you can access it to protect the information.
While it sounds like a good solution, it does add a business continuity risk, with you falling sick for example, no one can replace you while you are unable to perform your duties.
You open an Excel file, you place it in a folder where your colleagues who need to know have access to it, and you classify it as confidential/protected.
While Excel is not an ideal tool for such information, this is the best you can do with it for storing such information temporarily.
You open an Excel file and you record every response there. You place the file in a department folder, so your colleagues can see how participation grows.
This is not a good idea, you are sharing potentially sensitive information with people who have nothing to do with it.
Scenario question 3 ->
You are done with the conference, what do you do with the files, agenda, proceedings, statements, presentations?
I just leave them there, we may need that next year to contact them same people who attended this year.
While this seems like a legitimate reason to keep personal information on records, every individual must have agreed with this purpose prior to sharing their personal information.
I delete them right after the conference, done and dusted!
This might be a good solution, but there are potentially valuable information related to the event that are worth preserving.
I review the files, I delete the personal information collected and I involve the Library and Archive unit to see if the rest will have any historic value for the organisation.
Personal information we don't have the consent to keep shall be indeed deleted, the rest can be preserved if it adds value to the department, but must be reviewed before deletion to make sure valuable information is archived.
Exercise the utmost discretion in regard to all matters of official business and handle all confidential and sensitive information with the greatest care (refer to Information and communications technologies acceptable use policy).