April 27, 2015
MEMORANDUM CIRCULAR NO. 2015-_____
FOR: ALL HEADS OF THE NATIONAL GOVERNMENT DEPARTMENTS/AGENCIES/BUREAUS, GOVERNMENT-OWNED AND -CONTROLLED CORPORATIONS, GOVERNMENT FINANCIAL INSTITUTIONS, STATE COLLEGES AND UNIVERSITIES, LOCAL GOVERNMENT UNITS, CONSTITUTIONAL OFFICES, HOUSE OF REPRESENTATIVES, THE SENATE, AND THE JUDICIARY
SUBJECT: PRESCRIBING THE GOVMAIL SERVICE GUIDELINES FOR PHILIPPINE GOVERNMENT AGENCIES
Section 1. General Policy Statement
The GovMail is provided to government employees and officials to assist in the operation of the government and deliver effective and efficient service to the general public.
E-mail has reached a level of importance, from its speed and convenience, that there is a need to ensure that risks are minimized from either intentional or unintentional misuse. Hence, the Agency has opted to make use of the GovMail Service for the exchange of information and in other official communications, in order to ensure the safety and security during e-mail transactions.
This policy instrument shall ensure that the use of this system does not infringe on the rights of government employees and citizens; is not used for purposes prohibited under the laws, rules and regulations of the country; and does not legally compromise the Government of the Republic of the Philippines.
Section 2. Purpose
The purpose of this policy guidelines are as follows:
- To create a policy guideline that defines the proper use of the GovMail Service;
- To promote awareness of the benefits of a paperless communication system; and
- To provide the basis for appropriate disciplinary action on the prohibited use of the GovMail Service.
Section 3. Scope
- The provisions of this policy shall apply to all officials and employees of the Agency where GovMail is implemented, as well as other personnel that may be authorized by the Head of the Agency.
- It shall apply to all communications and exchanges, whether internal or external, within or outside the government, using GovMail. This policy shall also apply to any other acts using features or services provided by or attached to GovMail, such as the Calendar, Briefcase, and Contacts.
- It shall also apply to the use of the GovMail Service accessed through various devices including, but not limited to, computers, tablets, and mobile phones.
Section 4. Definition of Terms
- Account Holder – refers to one or more of the following: (1) government employees; and (2) individuals authorized by the Head of the Agency to use the GovMail Service for a specific purpose and duration.
- Attachments – textual, graphical, visual or executable files that are attached in e-mail messages.
- Bulk Mail – an e-mail message sent to a large list of recipients.
- Chief Information Officer (CIO) – a person responsible for information systems planning and implementation of the Agency’s strategic direction in ICT governance.
- Community Edition e-mail – GovMail accounts that have the following features: AJAX email, address book, calendar, tasks, briefcase application, desktop client for Windows, Mac and Linux, POP/IMAP email, and CardDAV, iCal, and CalDAV for contacts and calendars.
- Counterfeit or Forged e-mail – e-mail account that makes use or may contain invalid or forged headers, invalid or non-existent domain names or other names that are deceptive.
- E-mail – refers to the exchange of digital messages through a network using software and servers.
- E-mail Account Administrator – a person in charge with the agency e-mail account administration.
- Employees – refers to all current employees of Agency whose appointment may be permanent, casual or contractual in nature.
- HTTPS – a communications protocol for secure communication over a computer network.
- IMAP – a protocol for e-mail retrieval and storage.
- Internet – a system of linked computer networks, global in scope, that facilitates data communication services, such as remote log-in, file transfer, electronic mail and newsgroups. The Internet is a way of connecting computers and computer networks, greatly extending the reach of each participating system.
- Log-in – an operation that enables the Account Holder to access the mailbox, such as the act of typing information, which consists of the username and password or other mechanism to gain access to the GovMail Service.
- Log-Out – an operation that terminates access to the GovMail Service to prevent unauthorized access.
- Mailbox – a function unit that contains stored messages for a specific Account Holder.
- Mailing List, Distribution List, or Group List – e-mails that need to be distributed and made accessible to a set of people are sent to the mailing list, distribution list, or group list, which will not have its own account inbox.
- Password – a character string that is used as authentication to access GovMail Service.
- Personnel Head – a person in charge of the human resource management and development of the Agency.
- Public Key Infrastructure (PKI) – refers to the system that uses digital certificates to identify, verify or sign documents and procedures.
- Spam – electronic junk mail or an unsolicited bulk e-mail received that is unrelated to work and not otherwise justified.
- Standard Edition e-Mail – GovMail accounts that have the following features: AJAX email, address book, calendar, task, briefcase application, advanced search and file indexing for large inboxes, S/MIME, integration with unified communication, POP/IMAP email, CardDAV, iCal, and CalDAV for contacts and calendars, real-time backup and restore, clustering/high availability, multi-tenancy, domain administration and role-based delegate, community support.
Section 5. Policy
- Division or Non-Personnel Account
a) Division or Non-Personnel Accounts shall be provided to divisions, sections, units, projects and the like, and shall be used as the means for communication between the government and the general public as a channel for first contact.
b) Heads of divisions, sections, units and projects shall submit a request for an e-mail account to the Agency Chief Information Officer (Agency CIO). Upon approval of the Agency CIO, the account shall be created by the Agency E-Mail Account Administrator.
c) The e-mail address shall be named in compliance with Section 5.4.b.i.
d) The Division or Non-Personnel Accounts shall be published in the government Agency website as part of its compliance to Republic Act 9485, otherwise known as the Anti-Red Tape Act of 2007.
- Employee E-mail Account
a) Employee E-mail Accounts shall be established and used for official purposes only to provide individual employees a faster, efficient, and transparent communication with other government employees, offices and the general public.
b) Employees shall submit to the Agency Personnel Head a request for the creation of an Employee E-mail Account.
c) The Agency Personnel Head shall prepare a list of the employees who have submitted requests for Agency E-mail Account and submit it to the Agency Chief Information Officer for confirmation.Upon confirmation of the Agency Chief Information Officer of the request, the Agency E-mail Account Administrator shall create the Employee E-mail Account.
d) Upon confirmation of the Agency Chief Information Officer of the request, the Agency E-mail Account Administrator shall create the Employee E-mail Account.
e) The e-mail account shall be named pursuant to Section 5.4.b.ii.
f) The Agency E-mail Account Administrator shall provide the instructions to the employee on how to access the e-mail account. A copy of this Policy shall be provided to the employee.
g) The Agency employees who shall use the GovMail Service shall be given a copy of this policy document to ensure awareness of the policies governing the use of the said facility.Before requesting for new e-mail accounts from the ICT Office, the Agency E-mail Account Administrator must issue certification that 100% of the e-mail accounts are active. E-mail accounts are considered active when the account holder logs in and accesses the account at least once a week.
h) Before requesting for new e-mail accounts from the ICT Office, the Agency E-mail Account Administrator must issue certification that 100% of the e-mail accounts are active. E-mail accounts are considered active when the account holder logs in and accesses the account at least once a week.
- Mailing Lists
a) Mailing lists or group distribution lists may be created in lieu of division or non-personnel e-mail accounts.
b) Division heads, project managers, component team leaders and employees who need mailing lists shall write a request containing:
i. the purpose of the mailing list;
ii. the desired mailing list name; andthe
iii. the e-mail addresses of the employees who shall be included in the mailing list.
c) The aforementioned request shall be sent to the Agency Chief Information Officer who shall approve the request and instruct the creation of the said mailing list to the E-mail Account Administrator.
d) The mailing list shall follow the naming policy prescribed in Section 5.4.b.i, by analogy.
- E-mail Naming Convention
a) The Official Agency E-mail domain shall be @_______.gov.ph;The naming convention for Office and Employee Account shall observe the following rules:
b) The naming convention for Office and Employee Account shall observe the following rules:
i. The general syntax of the e-mail address shall include the name of the division / section / unit / project of the Agency followed by the domain @_____.gov.ph.
|Component or Division||E-mail Address Name|
ii. In case of Employee E-mail Account, the general syntax of the e-mail address shall include the first name or nickname in which the government employee is professionally known, followed by a period (.) and the last name of the government employee, followed by the domain name of the Agency.
Sample Employee Account: juan.delacruz@______.gov.ph
iii. In case of employees with the same first and last names, the employee hired first shall follow Section 184.108.40.206. The succeeding employees will have e-mail addresses named from the following options:
a) Spell out the first name + initial of middle name followed by a period (.) and the last name, followed by the domain name (delacruz@______.gov.ph);
b) Initial of the first name + spell out the middle name followed by a period (.) and the last name, followed by the domain name (delacruz@_____.gov.ph); and
c) Initial of the first and middle names followed by a period (.) and the last name, followed by the domain name (delacruz@______.gov.ph).
- Acceptable Use of the GovMail Service
a) As a rule, any e-mail sent using the GovMail Service is permitted for as long as the same is used in performance of official duties and responsibilities of the government employee. When using the GovMail Service, the Account Holders shall act professionally and shall be bound by the provisions of the Code of Conduct and Ethical Standards for Public Officials and Employees (R.A. 6713).
b) All e-mails sent through the GovMail Service not related to the performance of official duties and responsibilities of the government employee shall fall under Section 5.6, or the Prohibited Use of the GovMail Service, and may be subject to administrative and other actions.
c) Messages sent through the GovMail Service shall follow the government communication protocol or the rules stipulated in individual agency communication policies.
d) The E-mail Account Holders, in creating e-mails, shall observe E-mail etiquette attached in Annex 4.
- Prohibited Use of the GovMail Service
a) No e-mail shall be sent through the GovMail Service for purposes outside of the performance of official duties and responsibilities. It shall not be used to send out jokes, rumors, gossips or opinions that are not delivered in the performance of official duties and responsibilities.
b) E-mail Account Holders shall be prohibited from accessing, copying or deleting the e-mail of another Account Holder without the consent of the latter.
c) Account Holders shall not disclose their passwords to other persons, unless the Agency requires it.
d) The GovMail Service shall not be used for the creation or distribution of messages that are disruptive or offensive to other persons, including offensive comments and statements about race, gender, disabilities, age, sexual orientation, pornography, religious beliefs and practices, political beliefs or national origin.
e) The GovMail Service shall not be used for personal or commercial purposes and for the promotion of business or other matters outside of the government.
f) As a rule, the sending of bulk mail shall be prohibited unless such bulk mail is formally solicited. Users should send e-mail messages and copies thereof only to those with a legitimate need to read the message.Attaching files in the e-mail message is discouraged. File attachments shall be implemented through a file sending service, as specified in Section 5.10.
g) Attaching files in the e-mail message is discouraged. File attachments shall be implemented through a file sending service, as specified in Section 5.10.
h) Any document covered by Memorandum Circular No. 78, entitled “Security of Classified Matter in Government Departments and Instrumentalities,” issued on August 14, 1964 and amended by Memorandum Circular 196, issued on July 19, 1968, shall not be sent using e-mail until specific guidelines are issued by the National Security Council, Department of Defense or the Office of the President for e-mail messages.
i) The use of materials, procedures, devices or technologies that will enable unauthorized access to the GovMail Service is prohibited.
j) Authorized users are prohibited from using their Agency E-mail Account in registering or joining Social Networking Sites and other list groups that are for personal use in nature.
- Privacy and Monitoring
a) The contents of the GovMail Service are considered confidential government communication. To protect the confidentiality of e-mail messages, security measures such as HTTPS, IMAP and PKI digital certificates shall be used to encrypt or secure the connection and messages sent and received through the GovMail Service. Digital certificates shall be used in authenticating users and the e-mail messages. The certificates must be sourced from the Philippine National Public Key Infrastructure (PNPKI).
b) Pursuant to Section 2 of Presidential Decree 1445 (Government Auditing Code of the Philippines):
“It is the declared policy of the State that all resources of the government shall be managed, expended or utilized in accordance with law and regulations, and safeguard against loss or wastage through illegal or improper disposition, with a view to ensuring efficiency, economy and effectiveness in the operations of government. The responsibility to take care that such policy is faithfully adhered to rests directly with the chief or head of the government agency concerned.”
As such, all data, information, and communication sent, received, or archived in the GovMail Service belong to the government. It should be understood that in the use of GovMail Service, all messages or files sent through the GovMail Service may be accessed by the employee’s superior, head of agency, and other authorized officers, for work, administration, or disciplinary purposes.
- E-mail Archiving, Back-up and Retention
All official e-mails shall be archived in accordance with mechanisms and policies to be issued by the ICT Office or the National Archives of the Philippines.
a) The Account Holders shall be responsible for their respective passwords. It should not be written down, stored or shared with other persons.
b) In cases falling under Annex 3b, the account holders must disclose their password.
c) Ten (10) consecutive failed log-in attempts within ten (10) minutes shall result in an automatic e-mail account lock-out for thirty (30) minutes.
d) Passwords used must have a specified minimum length of at least eight (8) characters.
e) The password must be composed of a combination of: a) upper case letters; b) lower case letters; c) numbers; and d) any of the following symbols (= ? < > @ # $ * ! ).
f) Every six (6) months, the GovMail Service shall send out an automatic prompt for a password change.
- File Sending Service
a) For e-mails with attachments exceeding 25 megabytes, the Account Holder shall use the FileSender, a web based application that allows authenticated users to securely send large files to other users. The service may be accessed through https://pakete.gov.ph.
b) For files below 25 megabytes, the file may be attached directly to the e-mail message, but shall constitute a deduction in the e-mail account’s storage space.
c) The same e-mail account and password is used in accessing the FileSender.All files sent using FileSender shall automatically be deleted within fourteen (14) days.
d) All files sent using FileSender shall automatically be deleted within fourteen (14) days.
- Suspension or Termination of the use of GovMail Service
a) This provision regarding the suspension or termination of the Employee E-mail Account shall be implemented: (1) in cases of disciplinary action; (2) transfer of the Account Holder from the current Agency to another government agency or to a private company; (3) when the government employee retires; or (4) when the employee is declared dead.
b) In case of suspension or termination of E-mail Account, the Agency Personnel Head shall prepare a report stating that the Account Holder can no longer use the GovMail Service, either permanently or temporarily, as the case may be. The report shall also state the reason for such suspension or termination, which shall be submitted to the Agency CIO for evaluation.
c) Upon the confirmation of suspension or termination of E-mail Account, the Agency CIO shall direct the Agency E-mail Account Administrator to suspend or terminate the e-mail account involved.
d) When an Agency Employee resigns or retires, a 30-day notice shall be given before the Account Holder’s access to GovMail Service is terminated.
e) When an Agency Employee is separated from the service for cause, access to GovMail Service shall immediately be blocked. After thirty (30) days, the E-mail Account shall automatically be terminated.
- Spam and Counterfeit or Forged E-mail
In case there are occurrences of Spam and Counterfeit or Forged e-mails, the Account Holder shall send to the Agency E-mail Account Administrator a copy of the Spam or Counterfeit e-mail so that an immediate investigation can be done. In submitting a report, the Account Holder shall make sure that the following information are present:
a) The subject line “SPAM” together with the subject of the Spam or Counterfeit e-mail (ex. SPAM: pornography).
b) The e-mail address of the sender of the Spam or Counterfeit e-mail should be in the body of the mail.
c) The complete headers must be sent to the Agency E-Mail Account Administrator. This is done by sending the entire e-mail as an attachment, instead of forwarding the e-mail (See Annex 5).
- Standard E-mail Signature, Event Promotion or Notification, and Disclaimer
a) All Agency E-mail shall use a standard E-mail Signature with the following format (See Annex 6):
Complete Employee Name
Position / Designation
Unit / Section / Division / Office
Complete Agency Address
Telephone / Fax Number
Juan B. Dela Cruz
Planning Officer II
Internal Planning and Monitoring Office
C.P. Garcia Avenue
U.P. Campus, Diliman
1101 Quezon City
b) As a form of public information dissemination, event promotion or notification may be included, just below the E-mail Signature, as illustrated below:
[http://ccs.su.edu.ph/pcsc2009] 9th Philippine Computing Science Congress
March 2-3, 2009
Dumaguete City, PHILIPPINES
COMPUTING SOCIETY OF THE PHILIPPINES (CSP)
FINAL CALL FOR PAPERS / PARTICIPATION
The Computing Society of the Philippines (CSP) invites you to participate and submit papers in the 9th Philippine Computing Science Congress (PCSC 2009). The CSP organizes this conference to enable local and neighboring computing educators, researchers, and ICT professionals and students to interact and to share their work in computing, computer science, computer engineering, computational science, and information and communications technology (ICT).
The conference features special lectures by prominent researchers and educators in the field of information and communications technology (including computing, computer science, computer engineering, computational science, and related disciplines). It also features contributed research papers on computing and ICT.
c) All Agency E-mail shall use a standard disclaimer, such as:
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and other parties authorized to receive it. It may contain confidential or legally privileged communication. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this e-mail and then immediately delete it from your system. Opinions contained in this e-mail or any of its attachments do not necessarily reflect the opinions of the Agency.
Section 6. Types of GovMail Accounts
- Standard edition accounts will be made available to Level 2 and 3 government employees.
- Community edition accounts will be made available to Level 1 government employees and non-personnel.
Section 7. Roles and Responsibilities
- Information and Communication Technology Office
a) To communicate the GovMail Service Policy to the government agencies and other stakeholders involved.
b) To establish the naming convention for e-mail addresses under the GovMail Service.
c) To provide maintenance and technical support during GovMail downtimes or disruptions, including disruptions affecting related services, such as Chat and File Sender.
d) To provide system updates, patches, bug fixes, and other processes or operations affecting the GovMail Service.
e) To orient the Agency Personnel Head, E-mail Administrator, Account Administrator and Chief Information Officer who shall be responsible for the administration of the GovMail Service within a government agency.
f) To provide administrator and account management support through its GovMail team. Account management support shall be limited to the creation, deletion, and editing of GovMail accounts.
g) To monitor the GovMail Service provisions and legal agreements related to the provisioning of the GovMail Service.
h) To communicate with the agency CIOs or their delegates in case administrative matters relating to the GovMail Service arises.
i) To regulate and make the necessary investigation on matters relating to Anti-Spam and Counterfeit or Forged E-Mail.
j) To issue other policy documents relating to the GovMail service, as may be necessary.
- Agency Personnel Head
a) To ensure that the GovMail service is provided to government employees for fast, efficient and reliable communication.
b) To ensure that every Office GovMail Account is posted in accordance with RA 9485.
c) To ensure that the e-mail addresses adhere to the provisions of this policy document on e-mail naming convention as provided in Section 5.5.
d) To store all relevant information of the Account Holders, whether personal or technical, which is related to GovMail Accounts, and to be able to reproduce such information as may be required.
e) To ensure that all GovMail Account Holders within the agency are trained in the use of GovMail Service.
f) To prepare a detailed report in case of suspension or termination of a GovMail Account.
g) To ensure that the GovMail Account Holder agrees to the terms and conditions of the GovMail Service Policy, and has signed the GovMail Policy Acknowledgment Form, found in Annex C.
- Agency Chief Information Officer
a) To confirm or reject any request for the creation of GovMail Account as the Agency CIO may deem necessary.
b) To direct the E-mail Administrator in cases where the creation, suspension or termination of GovMail Account is needed.
- E-Mail Account Administrator
The E-Mail Account Administrator shall provide assistance to all authorized users of the GovMail Service and shall be tasked with the following responsibilities:
a) To act on any report with regard to Spam and Counterfeit or Forged E-mail.
b) To administer, manage and make the necessary documentation of the activities related to the use of GovMail Service.
c) To verify if the e-mail names submitted comply with the provisions of this Policy regarding e-mail naming.
d) To create, suspend or terminate an account as may be directed by the Agency Chief Information Officer.
e) To establish a technical support team for the operation of the GovMail Service.
f) To administer and manage procedures in the creation, suspension, or termination of GovMail Accounts.
g) To provide technical support to Account Holders.
h) To establish a support team that will assist the Administrator in resolving any technical difficulties encountered by Account Holders.
i) To inform the Agency Personnel Head in case there is a temporary unavailability of the GovMail Service.
j) To regularly update Agency Personnel Head about the progress in resolving the temporary unavailability.
k) To ensure that every e-mail received from the Office GovMail Account is read, forwarded and acted upon by the member of the component, division, or unit of the government agency.
l) To sign the non-disclosure agreement regarding the operation of the GovMail Service.
m) To develop the GovMail Service operations manual and implement the same.
n) To implement the e-mail service policy consistently and uniformly at all times.
o) To monitor and keep the e-mail facility available twenty four (24) hours a day, seven (7) days a week.
p) To conduct routine back-up of the e-mail facility.
q) To develop and conduct periodic test of the disaster recovery plan for the e-mail facility.
r) To update the e-mail facility software when necessary.
s) To submit the usage statistics and compliance monitoring report every month to the Agency Head.
t) To deactivate and archive the e-mail of authorized users who have resigned, retired, separated from the service and those whose e-mail privilege has been suspended.
u) To ensure that GovMail accounts issued to the agency are properly used in accordance with Section 5.2.h.
v) To sign the Employee Clearance required for resigning, retiring or separated employees.
- Authorized Users
All authorized users of the GovMail Service are required to fulfill the following responsibilities:
a) To sign the form entitled “Authorized User Acknowledgment Form” provided in Annex 1 before using the GovMail Service.
b) To be accountable for e-mails emanating from their account.
c) To report immediately any instance of violation of this e-mail policy to their immediate supervisor.
d) To read the e-mail service policy and confirm to the E-mail Account Administrator that he or she has read and understood the said policy and will abide by it.
e) To provide all information relating to the creation of GovMail Account and ensure that they are correct.
f) To make use of GovMail Service as a means of communication with other government employees and the general public.
g) To keep their respective passwords secure.
h) To log-out of the GovMail Account and refrain from leaving the account unattended.
i) To adhere to the e-mail naming convention for Employee GovMail Account as stated in Section 5.4.b.i.
j) To report any occurrence of spam, counterfeit or forged e-mail to the E-mail Administrator.
Section 8. Technical Support and User Awareness Training
- A technical support team, established by the Agency E-mail Account Administrator, shall be responsible for providing technical support to all authorized users regarding the use of official e-mail account.
- The technical support team shall assist the E-mail Account Administrator in carrying out his or her functions.
- All Account Holders are required to undergo an Annual User Awareness Training for the responsible and efficient use of the GovMail Service. New Account Holders shall undergo the User Awareness Training before being granted access to the e-mail facility as part of their orientation program.
Section 9. Scheduled Maintenance
- The ICT Office shall inform the Agency of any scheduled maintenance in the GovMail service.
- The ICT Office shall assist the agency e-mail administrator in restoring e-mail files lost during a service interruption.
Section 10. Enforcement
- Any reported abuse, misuse or inappropriate use of the GovMail Service shall be subject to disciplinary action in accordance with the Civil Service Commission’s prescribed Uniform Rules on Administrative Cases in the Civil Service (See Annex 3 for the list of possible Violations and Equivalent Administrative Offenses and Sanctions).
- All disciplinary actions and proceedings shall follow the Civil Service Commission’s Uniform Rules on Administrative Cases in the Civil Service without prejudice to the filing in court of any other applicable charges that may be filed by the aggrieved party.
Section 11. Policy Review and Evaluation
This e-mail policy shall be reviewed and evaluated by the ICT Office at least once a year based on its effectiveness, cost to maintain and impact on technical processes. This e-mail policy shall be revised as needed based on newly discovered risks, security incidents involving e-mail or any major changes to the Agency’s organizational setup or information systems.
Section 12. GovMail Service Audit
At least once a year, the GovMail Service shall be audited by a certified information security auditor using applicable, relevant standards.
Section 13. Related Laws, Policies, and Documents
A list of laws, policies, and documents related to the GovMail are found in Annex 7.
Section 14. Directive to the ICT Office Records Officer
ICT Office Records Office records officer is hereby ordered to furnish three certified true copies of this MC and the attachments to the University of the Philippines law center.
Section 15. Repealing Clause
All issuances, orders, rules, and regulations or parts thereof that are inconsistent with the provisions of this Memorandum Circular are hereby repealed, amended, or modified accordingly.
Section 16. Separability Clause
Should any provision of this Memorandum Circular be declared invalid or unconstitutional, the other provisions not affected thereby hall remain valid and subsisting.
Section 17. Effectivity
This Memorandum Circular shall take effect immediately.
(Sgd.) DENIS F. VILLORENTE
Deputy Executive Director for eGovernment
(Sgd.) LOUIS NAPOLEON C. CASAMBRE
DOWNLOAD a copy of the GovMail Service Policy.