Global Security Awareness
Global Privacy Awareness
Embracing our Differences
Welcome to Foundever
Prevention of Sexual Harassment
Peak Operating Standards
Our Brand History
Global Brand Adherence
Finance for Leaders
Bill To Pay
Being Global
Global Security Awareness
Security must be a part of our everyday work activities. Thus, in this course, we are going to explore key information and security concepts, examine threats and how to counter them, and review safe computing habits.
Welcome to the Global Security Awareness course!
At Foundever™ , we believe that security is one of the main tools to minimize and manage any danger or threats related to our people, business, operations, facilities, information, and technology.
We must keep in mind that taking care of our safety at work is also taking care of our company, our customers, our colleagues and ourselves.
When we don’t follow security best practices, everyone is impacted, as it can result in serious consequences and financial loss. Thus, every individual has a responsibility for security. We are only as strong as our weakest link!
Welcome to the Global Privacy Awareness course!
In this course, you will be able to study the contents related to the mandatory Global Privacy Awareness exam, which must be held annually. You don't have to worry about the completion rate for this course, although it is essential that all Sitel associates are aware of the content provided here. You can consult the course as many times as you like, but there is no obligation to complete it.
Because of this, the certification exam is found in a separate link. Once a year, you must access it and take the exam again, thus renewing your certificate.
To obtain the certificate, you must score at least 80% on the exam. You will have three attempts to complete.
The goal of this course is to raise awareness about Foundever’s security policies and reinforce our responsibility within the company and the clients, equipping all employees with knowledge and tools to maintain a safe and secure environment.
The objectives are:
- To identify our responsibilities, in line with the security and data privacy policies
- Describe information assets and how to protect them
- Explain acceptable and unacceptable use of internet and electronic communications
- Identify social engineering attacks and how to prevent them
- Define aspects that impact on physical security and how to report incidents
As part of the journey, there are individual responsibilities that we must assume so that everyone is safe and secure within Foundever. Click on the cards below to discover them:
-Follow Security and Data Privacy Policies on and off-site
-Follow Security Procedures for your area
-Report Security Incidents and Suspicious Behavior
EverConnect(opens in a new tab) is also here to help us! All Security and Data Privacy Policies and Procedures can be found under the KB Library menu. Whenever there is any doubt, do not hesitate to double-check the information!
Next, let's address Personal Accountability and Trust and understand, together, some of the personal actions we can take responsibility for to keep protecting ourselves.
Personal Accountability and Trust
In addition to following our policies and practices, we all need to demonstrate personal accountability and do the right thing. Do you know what personal accountability is?
Well, personal accountability is the belief that you are fully responsible for your own actions and consequences. It’s a choice, a mindset, and an expression of integrity.
Accountability in the workplace is linked to increased commitment to work and employee morale, which leads to higher performance.
Following Foundever policies and practices relies upon trust —one of our core values! We trust that you will do the right thing, communicate honestly and without fear, take ownership for your actions, and lead by example.
Accountability and Trust
When looking around our work environment, be it at home or in an actual office, it is possible to identify a variety of information assets.
What are information assets?
Information assets could be anything from confidential documents with client data, to verbal discussions about campaigns, to written customer information.
When seen and/or heard by others, they can compromise security and data privacy, so it is important to understand Foundever’s Global IT Asset Management Policy to avoid such situation.
What are information assets?
Information assets could be anything from confidential documents with client data, to verbal discussions about campaigns, to written customer information.
When seen and/or heard by others, they can compromise security and data privacy, so it is important to understand Foundever’s Global IT Asset Management Policy to avoid such situation.
Check out the appropriate actions according to Foundever's Managing Information Assets Policy.
Foundever is subject to multiple regulatory, security and client requirements (i.e., PCI, HIPAA, ISO, GDPR, etc.). Whether you work from home, in a brick-and-mortar location or a combination of the two, it is important to abide by the Security Best Practices to protect information assets and always inform your manager immediately of suspicious activity.
These Security Best Practices can be divided as Physical Safeguards and Data Protection, both being equally essential. Check them below:
Virus protection
Anti-Virus softwares are installed and operating across all PCs, laptops, and servers of Foundever. It is mandatory that it is all configured and approved for use by IT.
There are also some requirements that we must follow to help. Follow them below:
We must also be aware of the activities that are considered as violations of acceptable use guidelines so we can always avoid them. Check them below:
-
bullet
Use of personal e-mail including web mail to send work related communications.
-
bullet
Use of unapproved instant messaging tools.
-
bullet
Posting to online groups, bulletin boards, and chat rooms outside of EverConnect.
-
bullet
Using unapproved desktop or file sharing software or services.
-
bullet
Accessing unapproved social networking sites.
-
bullet
Viewing, sending or posting sexual, racial, or politically-related information.
-
bullet
Downloading unapproved software, including screen savers.
How strong is the password you have been using for the last few months?
A strong password is the most important tool we can use to protect computer systems and data. At Foundever, we take a passphrase approach to password management. A passphrase is a type of password that consists of multiple words that may form a sentence or other series of words that are easy to remember for the user. Since a passphrase tends to be longer than a password, it is more secure. Here is an overview of our password management policy:
–A passphrase must contain:- At least 15 characters
- At least three of the characteristics listed below:
- Upper-case letter
- Lower-case letter
- A number
- A special character: ~!#$%^&*_-+=`|\(){}[]:;"'<>,.?/
–Passphrases should not contain:- Personal phone number
- Social Security/personal Identification number
- Date of birth for either yourself or a family member
- Family or relative’s names, including pets
- Home address
–Avoid lazy passphrases that include:- Common phrases like those in nursery rhymes and popular song lyrics.
- A series like ABC, 123, bbb
- Basic words like “Password”, “Foundever” or even “drowssap” (Password spelled backwards)
- Character substitutions for basic dictionary words (e.g., P@$$$w0rd).
Even a strong passphrase can be compromised if it is frequently reused or shared with others. For that reason, multi-factor authentication (“MFA”) may also be used to safeguard against attacks. MFA is a way to verify a person’s identity with a passphrase and at least one other form of authentication. Examples can be something you know such as a PIN or an answer to a security question, or something you have such as a token.
While MFA can prevent attacks, motivated bad actors won’t let an extra layer of protection stop them. The best defense against a bad actor is to know how one might try to target you and take appropriate action. If you receive an MFA request that you did not initiate from logging into your system or tools do not accept it. If you suspect you have been the victim of an attack, inform your manager IMMEDIATELY and notify the Security Team.
These are some commonly used attack schemes:
Even a strong passphrase can be compromised if it is frequently reused or shared with others. For that reason, multi-factor authentication (“MFA”) may also be used to safeguard against attacks. MFA is a way to verify a person’s identity with a passphrase and at least one other form of authentication. Examples can be something you know such as a PIN or an answer to a security question, or something you have such as a token.
While MFA can prevent attacks, motivated bad actors won’t let an extra layer of protection stop them. The best defense against a bad actor is to know how one might try to target you and take appropriate action. If you receive an MFA request that you did not initiate from logging into your system or tools do not accept it. If you suspect you have been the victim of an attack, inform your manager IMMEDIATELY and notify the Security Team.
These are some commonly used attack schemes:
If you suspect a security incident or fraud, take one of the following steps immediately:
Report the situation to your line manager or security manager.
Call the Ethics Point (“EP”) hotline at 1-800-245-2514 (US Only) or the number for your region which can be found on the EP website once you enter Foundever as the organization and select the country in which you are located.
File a security report at www.ethicspoint.com
Send an email to [email protected]You have agreed to abide by Foundever's policies related to security, confidentiality, and the protection of client, customer and company information contained in the Company's Security Policies, Code of Conduct and Ethics, Associate Handbook, and Associate and Employment Agreements. This document does not replace other acknowledgements and commitments to abide by Company Policy.
Before beginning the Proof of Learning, please read the following information.
- You must earn a score of 90% or better to pass the Proof of Learning.
- If you do not earn at least 90%, ask your manager to check your understanding of the training materials and review the questions you answered incorrectly. Then retake the Proof of Learning.
- You may use any notes taken during the training to help you during the Proof of Learning, however, please ensure that your notes are disposed of properly once you are done with them.
_____________________________________________________________________________________
In addition to personal information, Sensitive Personal Information (SPI) is a special category of personal information that is treated differently under some privacy laws.
-Ethnicity or race
-Biometrics, Genetics
-Trade union membership
-Political views or personal beliefs
-DNA and medical records
Processing of sensitive personal information requires special clearance and a higher level of security than the personal information category as defined in various privacy laws.
Developing
Developing privacy policies to ensure that personal information is being collected, stored, used and deleted in appropriate ways.
Training
Training those who collect, access/view and use personal information.
Monitoring
Monitoring how personal information is used, stored and destroyed.
Ensuring
Ensuring data owners know their rights
Working
Working to prevent data breaches.
Minimizing
Identifying and minimizing risks, and if a data breach occurs, minimizing the damage.
steps the company takes to keep client information private.
- When storing or processing client customer data in a data center outside of the country the data owner lives in, or when we use a third party vendor that may have access to personal information for which Sitel is responsible.
- We are required to protect personal information when answering phone calls.
- Also, when viewing, editing, or deleting client customer personal information.
Additional pprivacy agreements from basis to processing, accessing, viewing, and storing personal information.
-we are also required to protect clients data when using email to transfer information, collecting past due payments and with processing credit cards.
-Associates with management positions and above,also neeeds to protect personal information when storing, accessing and deleting call recording and when transferring data accross borders.
As a Sitel employee you have Roles, Responsibilities, and Rights when it comes to Privacy.
As a Sitel Associate, your Role is to:
- Follow all data privacy policies and procedures, including clients.
- Report any data breaches in order to protect yourself, Sitel, our clients and customers.
- Report any suspicious activity or potential or actual leak of personal information.
It is every Associate’s Responsibility to protect each other’s privacy and:
- Abide by the law
- Meet the expectations of our clients and their customers
- Meet the requirement of Sitel’s management
You have the Right to:
- Be informed about your personal information, how it is processed, and who is receiving data
- Correct incorrect personal information
- Delete personal information which is no longer needed
- Have your personal information protected
Keep in mind the email to report data breaches or suspicious activity is the following: [email protected]
- While you may not be exposed to or have access to personal information, it is important to understand the protections that are required:
- Collect only the information necessary to handle the customer query.
- Capture data correctly and precisely.
- Enter the data only in the tools authorized to process it.
- When using free text fields, such as comments fields, only enter facts, in a respectful way, without entering personal information.
- Carefully follow all processes as instructed and required.
- Share information only with the authorized persons.
- While on the phone, always verify with whom you are speaking and verify that you are speaking with an adult.
- Sensitive personal information requires the additional protection of being encrypted when not in use.
- Personal information must be: secured at all times and limited access to only those who have a need to view or use it.
- Securely transported, stored and accessed.
- Used only for the purpose collected.
- Securely deleted when it's no longer needed and as mandated by Sitel data retention policy.
- As Sitel associates were not allowed to:
- Share an individual's personal information with unauthorized third parties or anyone else who does not have the appropriate access
- authorization.
- Process personal information outside authorized environment.
- Process sensitive personal information except where expressly authorized by our clients.
how Personal Information and Sensitive Personal Information transfers occur.
- All data transfers within Sitel must first and foremost comply with our Security and Privacy policies. Transfers may require an inter-company agreement between Sitel subsidiaries in order to facilitate the movement of personal information and sensitive personal information from country to country.
- When moving Personal Information/Sensitive Personal Information, you must use an approved and authorized Sitel systems and the data must be encrypted when transmitted between sites (Sitel or third party).
- Moving Personal Information/Sensitive Personal Information can be done via the internet through a secure Virtual Private Network (VPN) for classified data.
- Sitel internal email can be used to transfer Personal Information/Sensitive Personal Information ONLY when the data is encrypted. Alternate ways to share data internally include secure SharePoint sites, secure VPN, and SFTP sites.
international transfers of Personal Information and Sensitive Personal Information.
- Cross-border transfers of personal information involve complicated compliance issues that may implicate more than one nation’s privacy laws.
- If you are involved in any business operation that may involve any cross-border transfer of personal information, first consult with the Privacy Team to identify the proper processes and protections to ensure compliance with the law.
- An example of cross border transfer: A call center agent in the Philippines takes a call and captures personal information which is stored on a server in Belgium.
- Knowing the country where the data is coming from and where it is going to will help identify the laws that govern the data movement, processing, access, and storage.
Today I will be talking about how to properly dispose of and/or destroy Personal Information
and Sensitive Personal Information.
It is important for you to note that confidential information disposed or destroyed improperly
can constitute a risk to Sitel, its clients and their customers.
The information owners of paper and electronic information are responsible to decide if and
when the information needs to be destroyed.
Client data destruction should be governed by the client agreement(s).
If the data is to be returned to the client, it needs to be transferred back to the client
in a secure manner.
Once the data transfer is completed, confirm with the client that the data has arrived
safely, can be accessed, and is complete prior to destroying it on our systems.
Sitel specific data destruction must comply with our Global Data policy and Data Retention
schedule.
Rules vary by country; some local laws may apply also. Please consult with the Privacy
Team as needed.
Data must be disposed of in a secure manner so that the data is irretrievable, unreadable,
and unusable.
Only approved third party data destruction vendors should be used
Data destruction certificates should be retained in the site
Return of Personal Information/Sensitive Personal Information applies to Sitel, but
also to its vendors.
This has to be covered by contract.
Always take permission from the information owners before to deleting client or Sitel
information.
Always use a method of disposal appropriate to the classification level of the information.
Always destroy information approved for destruction immediately and efficiently.
Never take electronic or paper copies of information off-site or distribute outside
your team, even to a client, unless you are authorized to do so
due to the amount of information stored electronically, it is essential that any equipment is wiped clean of information before reuse or disposal."
When getting rid of old electronic equipment or when relocating equipment to a new client campaign, either on or off-site, it must have its hard disk and RAM wiped of all information or removed by IT.
All equipment movement and disposal must follow appropriate regional procedures to ensure asset management is maintained.
In many regions, there are legal requirements for the disposal of electronic equipment. Each region has procedures to be followed addressing safe disposal, gifting to schools or associates, etc.
leaving a workstation without logging off the computer can be considered a data breach. In addition, unauthorized use of cloud storage is not allowed and is also a breach of Sitel’s privacy policies. A security incident occurs when Personal Information/Sensitive Personal Information or protected or confidential data is copied, transmitted, viewed, stolen, used in an unauthorized manner, or used by an individual not authorized to do so. Breaches can be intentional or unintentional
Send an email to Sitel’s privacy team!
If you know or suspect that personal information or other confidential data is not being stored, used, or transmitted in accordance with Sitel’s privacy policies, even if a breach has not occurred, contact Sitel’s Privacy team at [email protected] with any questions or concerns.
Crimes and Consequences
Violations of these type are taken seriously because of the implications associated with being careless. Therefore, it’s important you familiarize yourself with Sitel’s Privacy Policy and rules associated with your workplace.
It is clear Beatriz didn’t mean any harm by leaving her computer unlocked, however, she’s now in her manager’s office getting an earful about the implications of violating data privacy laws and regulations.
Implications of violating data privacy laws and regulations which could include:
- Imprisonment
- Personal liability
- Failure to meet client contract requirements
- Class action law suits
- Regulatory fines
-Implications of violating data privacy laws and regulations
You, Elias and his co-wokers are now well-versed at Sitel's Privacy Policies and ready to handle any
interaction with Personal Information and Sensitive Personal Information
in a professional and appropriate manner. Just to recap a few highlights covered during today's training, includinding reviewing Sitel's policies
your key responsibilities for mantaining data privacy, how to identify
privacy risks associated with your role, how to correctly handle and dispose personal information and
finally, you are now familiar with the process to report a data breach. As I mentioned at the start of this course,
Privacy must be a part of our everyday work activities and by joining together, we assure a private and secure environment
Thank you for completing this course and playing a key role in mantaining Sitel's high privacy standards. Good luck on your final assessment!
Embracing Our Differences
The great obstacle to progress is prejudice. -Christian Nestell Bovee
Discrimination is a vast and controversial topic and we are not going to discuss every inch of it. Here, we will only focus on how we can overcome it in the workplace.
Before we can overcome this hurdle toward a more forward-thinking society, we must first acknowledge that workplace discrimination does exist. But how many of you are aware of what is happening?
- Age Discrimination
- race discrimination
- religion discrimination
When you hear the words prejudice, discrimination, bigotry, or bias, what do they mean to you? What do these words remind you of?
prejudice and discrimination.
Prejudice - prejudgement - an unjustified, typically negative attitude toward a person or group.
gender, ethnic, socioeconomic status, culture
*prejudice, stereotyping and discrimination are 3 different things
Stereotype - an overgeneralized belief about a particular group of people (it doesn't require to be negative. it can be true sometimes)
When stereotypic beliefs combined with prejudice attitude and emotions like fear and hostility. They can drive the behavior called Discrimination
Dual Process Theories
- Implicit thoughts
- Explicit thoughts
Sitel is committed to continuously cultivating a diverse and inclusive workforce by promoting awareness and driving equity.
diversity, equity, and inclusion
Understanding Biases
The ABS's of Bias
Psychology Today defines bias as "a natural inclination for or against an idea, object, group, or individual. It is often learned and is highly dependent on variables like a person’s socioeconomic status, race, ethnicity, educational background, etc."
To have a better understanding of bias, let’s find out its ABCs.
-
- Affective Component - Prejudice or negative feelings toward a person that are based on his or her group membership.
- Behavioral Component - Discrimination, or the actual actions taken against a person based on their group membership
- Cognitive Component - Stereotypes, or generalizations about a group.
What causes people to be biased?
People are naturally biased. We like certain things and dislike others -- a lot of times, without being fully conscious of our prejudice. We acquire this at a young age, often resulting from our upbringing.
We tend to discriminate between people who are like us (“ingroup”) and those who aren’t (“outgroup.")
We all have some degree of bias, and not all of them are bad.
unconscious biases and discrimination
12 common biases
- anchoring biases (first info)
- availability heuristic bias (news)
- bandwagon effect (group)
- choice support bias (brand)
- confirmation bias (focus on confirming the info he already know)
- ostrich bias (ignoring negative info)
- outcome bias (decide if its wrong or right based on outcome)
- overconfidence (solely rely on your opinion)
- placebo (belief certain thing will heal you even if you wont)
- survivor bias (believe on people who succeed already)
- selective perception
- blind spot bias (you are biased because you think you are less bias)
Ageism
Age discrimination is based on the belief that older employees aren't as competent or capable of performing a job as younger employees. This idea could be a result of a person's belief that a person's age is related to their work abilities, knowledge, or skill. The bias tends to favor young driven employees.
Conformity
Conformity bias is similar to peer pressure in the sense that a group's opinion can affect the opinion or decision-making of another person.
This is most common during meetings and other team gatherings. For example, members of a team can sway the opinion of another person which can affect the behavior or actions of the team as a whole
Weight
Weight bias is the judgment of another person because they are heavier or lighter than the average weight. This bias affects people of all backgrounds, both male and female employees, regardless of the person's workability.
Affinity
Affinity bias is based on the idea that people are naturally drawn to like other people who are similar to themselves. These similarities can be based on criteria such as age, race, gender, and more.
This is most common during interviews. This unconscious bias can lead to a less diverse workplace if it has an influence on whether certain candidates are hired or not.
Confirmation
This bias happens when a person wants to confirm information or ideas that they made prior to a situation. This means that they are simply looking to feel like they are right, even if that means ignoring the truth or good ideas.
This bias can negatively affect people's decision-making. For example, if you think that your business has been doing well in the past, you may think that the company is ready for success in the future. This can blind you to the fact that you may need to adjust your business strategies if you want your company to survive and continue to grow.
Beauty
This bias is an unconscious bias where a person judges another person based on how attractive they seem to be. This can have a negative effect on a company as it ignores the work capabilities of an employee for their attractiveness. This affects both male and female employees.
Gender
Gender bias is when one particular sex is treated more favorably than the other sex. This means that a person can receive better treatment in the form of hiring, getting promotions, or other work perks without involving harassment like "quid pro quo".
Gender bias notably affects women more than men. Despite having the same capabilities, women are typically treated less favorably, resulting in an imbalance in the workforce.
LGBTQIA+ is an inclusive term that includes people of all genders and sexualities, such as lesbian, gay, bisexual, transgender, questioning, queer, intersex, asexual, pansexual, and allies.
Cissexism - Negative attitude toward people who don’t identify with the sex they were assigned at birth
Homophobia - Negative attitudes toward members of the 2SLGBTQ+(opens in a new tab) community.
Sexism - Negative attitudes based on gender identity, gender expression, and/or sex assigned at birth
Philippine Corporate SOGIE Diversity and Inclusiveness (CSDI) Index
-
Feminine - Expresses qualities and characteristics typically associated with femininity.
-
22
Masculine - Expresses qualities and characteristics typically associated with masculinity.
-
33
Androgynous - Expresses both typically feminine and typically masculine qualities ambiguously, or expresses typically neither.