Notepad Online - Yhna 06231989 Wed

Created on:  • Updated on:  • 0 views

Global Security Awareness

Global Privacy Awareness

Embracing our Differences

Welcome to Foundever

Prevention of Sexual Harassment

Peak Operating Standards

Our Brand History

Global Brand Adherence

Finance for Leaders

Bill To Pay

Being Global


Global Security Awareness

Security must be a part of our everyday work activities. Thus, in this course, we are going to explore key information and security concepts, examine threats and how to counter them, and review safe computing habits. 

Welcome to the Global Security Awareness course! 

At Foundever™ , we believe that security is one of the main tools to minimize and manage any danger or threats related to our people, business, operations, facilities, information, and technology. 

We must keep in mind that taking care of our safety at work is also taking care of our company, our customers, our colleagues and ourselves.

When we don’t follow security best practices, everyone is impacted, as it can result in serious consequences and financial loss. Thus, every individual has a responsibility for security. We are only as strong as our weakest link!


Welcome to the Global Privacy Awareness course!

In this course, you will be able to study the contents related to the mandatory Global Privacy Awareness exam, which must be held annually. You don't have to worry about the completion rate for this course, although it is essential that all Sitel associates are aware of the content provided here. You can consult the course as many times as you like, but there is no obligation to complete it.

Because of this, the certification exam is found in a separate link. Once a year, you must access it and take the exam again, thus renewing your certificate.

To obtain the certificate, you must score at least 80% on the exam. You will have three attempts to complete.

The goal of this course is to raise awareness about Foundever’s security policies and reinforce our responsibility within the company and the clients, equipping all employees with knowledge and tools to maintain a safe and secure environment. 


The objectives are: 

  1. To identify our responsibilities, in line with the security and data privacy policies
  2. Describe information assets and how to protect them
  3. Explain acceptable and unacceptable use of internet and electronic communications
  4. Identify social engineering attacks and how to prevent them
  5. Define aspects that impact on physical security and how to report incidents

As part of the journey, there are individual responsibilities that we must assume so that everyone is safe and secure within Foundever. Click on the cards below to discover them: 

-Follow Security and Data Privacy Policies on and off-site

-Follow Security Procedures for your area

-Report Security Incidents and Suspicious Behavior

EverConnect(opens in a new tab) is also here to help us! All Security and Data Privacy Policies and Procedures can be found under the KB Library menu. Whenever there is any doubt, do not hesitate to double-check the information! 

Next, let's address Personal Accountability and Trust and understand, together, some of the personal actions we can take responsibility for to keep protecting ourselves. 

Personal Accountability and Trust

In addition to following our policies and practices, we all need to demonstrate personal accountability and do the right thing. Do you know what personal accountability is? 

Well, personal accountability is the belief that you are fully responsible for your own actions and consequences. It’s a choice, a mindset, and an expression of integrity.  

Accountability in the workplace is linked to increased commitment to work and employee morale, which leads to higher performance. 

Following Foundever policies and practices relies upon trust —one of our core values! We trust that you will do the right thing, communicate honestly and without fear, take ownership for your actions, and lead by example. 

Accountability and Trust

When looking around our work environment, be it at home or in an actual office, it is possible to identify a variety of information assets. 

What are information assets? 
Information assets could be anything from confidential documents with client data, to verbal discussions about campaigns, to written customer information.  

When seen and/or heard by others, they can compromise security and data privacy, so it is important to understand Foundever’s Global IT Asset Management Policy to avoid such situation.

What are information assets? 
Information assets could be anything from confidential documents with client data, to verbal discussions about campaigns, to written customer information.  

When seen and/or heard by others, they can compromise security and data privacy, so it is important to understand Foundever’s Global IT Asset Management Policy to avoid such situation.

Check out the appropriate actions according to Foundever's Managing Information Assets Policy.

Foundever is subject to multiple regulatory, security and client requirements (i.e., PCI, HIPAA, ISO, GDPR, etc.). Whether you work from home, in a brick-and-mortar location or a combination of the two, it is important to abide by the Security Best Practices to protect information assets and always inform your manager immediately of suspicious activity.

These Security Best Practices can be divided as Physical Safeguards and Data Protection, both being equally essential. Check them below: 

Virus protection

Anti-Virus softwares are installed and operating across all PCs, laptops, and servers of Foundever. It is mandatory that it is all configured and approved for use by IT. 


There are also some requirements that we must follow to help. Follow them below: 

We must also be aware of the activities that are considered as violations of acceptable use guidelines so we can always avoid them. Check them below:



    Use of personal e-mail including web mail to send work related communications.



    Use of unapproved instant messaging tools.



    Posting to online groups, bulletin boards, and chat rooms outside of EverConnect.



    Using unapproved desktop or file sharing software or services.



    Accessing unapproved social networking sites.



    Viewing, sending or posting sexual, racial, or politically-related information.



    Downloading unapproved software, including screen savers.

    How strong is the password you have been using for the last few months? 

    A strong password is the most important tool we can use to protect computer systems and data. At Foundever, we take a passphrase approach to password management. A passphrase is a type of password that consists of multiple words that may form a sentence or other series of words that are easy to remember for the user. Since a passphrase tends to be longer than a password, it is more secure. Here is an overview of our password management policy:

    A passphrase must contain:
    • At least 15 characters
    • At least three of the characteristics listed below:
      • Upper-case letter
      • Lower-case letter
      • A number
      • A special character: ~!#$%^&*_-+=`|\(){}[]:;"'<>,.?/
    Passphrases should not contain:
    • Personal phone number
    • Social Security/personal Identification number
    • Date of birth for either yourself or a family member
    • Family or relative’s names, including pets
    • Home address
    Avoid lazy passphrases that include:​
    • Common phrases like those in nursery rhymes and popular song lyrics.
    • A series like ABC, 123, bbb
    • Basic words like “Password”, “Foundever” or even “drowssap” (Password spelled backwards)
    • Character substitutions for basic dictionary words (e.g., P@$$$w0rd).


    Even a strong passphrase can be compromised if it is frequently reused or shared with others. For that reason, multi-factor authentication (“MFA”) may also be used to safeguard against attacks. MFA is a way to verify a person’s identity with a passphrase and at least one other form of authentication. Examples can be something you know such as a PIN or an answer to a security question, or something you have such as a token. 

    While MFA can prevent attacks, motivated bad actors won’t let an extra layer of protection stop them. The best defense against a bad actor is to know how one might try to target you and take appropriate action. If you receive an MFA request that you did not initiate from logging into your system or tools do not accept it. If you suspect you have been the victim of an attack, inform your manager IMMEDIATELY and notify the Security Team. 

    These are some commonly used attack schemes:

    Even a strong passphrase can be compromised if it is frequently reused or shared with others. For that reason, multi-factor authentication (“MFA”) may also be used to safeguard against attacks. MFA is a way to verify a person’s identity with a passphrase and at least one other form of authentication. Examples can be something you know such as a PIN or an answer to a security question, or something you have such as a token. 

    While MFA can prevent attacks, motivated bad actors won’t let an extra layer of protection stop them. The best defense against a bad actor is to know how one might try to target you and take appropriate action. If you receive an MFA request that you did not initiate from logging into your system or tools do not accept it. If you suspect you have been the victim of an attack, inform your manager IMMEDIATELY and notify the Security Team. 

    These are some commonly used attack schemes:

     If you suspect a security incident or fraud, take one of the following steps immediately:
    Report the situation to your line manager or security manager.
    Call the Ethics Point (“EP”) hotline at 1-800-245-2514 (US Only) or the number for your region which can be found on the EP website once you enter Foundever as the organization and select the country in which you are located.
    File a security report at
    Send an email to [email protected]

    You have agreed to abide by Foundever's policies related to security, confidentiality, and the protection of client, customer and company information contained in the Company's Security Policies, Code of Conduct and Ethics, Associate Handbook, and Associate and Employment Agreements. This document does not replace other acknowledgements and commitments to abide by Company Policy. 


    Before beginning the Proof of Learning, please read the following information. 

    • You must earn a score of 90% or better to pass the Proof of Learning.
    • If you do not earn at least 90%, ask your manager to check your understanding of the training materials and review the questions you answered incorrectly. Then retake the Proof of Learning.
    • You may use any notes taken during the training to help you during the Proof of Learning, however, please ensure that your notes are disposed of properly once you are done with them.




In addition to personal information, Sensitive Personal Information (SPI) is a special category of personal information that is treated differently under some privacy laws.

-Ethnicity or race

-Biometrics, Genetics

-Trade union membership

-Political views or personal beliefs

-DNA and medical records

Processing of sensitive personal information requires special clearance and a higher level of security than the personal information category as defined in various privacy laws.



Developing privacy policies to ensure that personal information is being collected, stored, used and deleted in appropriate ways.


Training those who collect, access/view and use personal information.


Monitoring how personal information is used, stored and destroyed.


Ensuring data owners know their rights


Working to prevent data breaches.


Identifying and minimizing risks, and if a data breach occurs, minimizing the damage.


steps the company takes to keep client information private.

  • When storing or processing client customer data in a data center outside of the country the data owner lives in, or when we use a third party vendor that may have access to personal information for which Sitel is responsible.
  • We are required to protect personal information when answering phone calls.
  • Also, when viewing, editing, or deleting client customer personal information.

Additional pprivacy agreements from basis to processing, accessing, viewing, and storing personal information.

-we are also required to protect clients data when using email to transfer information, collecting past due payments and with processing credit cards.

-Associates with management positions and above,also neeeds to protect personal information when storing, accessing and deleting call recording and when transferring data accross borders.


As a Sitel employee you have Roles, Responsibilities, and Rights when it comes to Privacy.


As a Sitel Associate, your Role is to:      

  • Follow all data privacy policies and procedures, including clients.
  • Report any data breaches in order to protect yourself, Sitel, our clients and customers.
  • Report any suspicious activity or potential or actual leak of personal information.      

It is every Associate’s Responsibility to protect each other’s privacy and:

  • Abide by the law
  • Meet the expectations of our clients and their customers
  • Meet the requirement of Sitel’s management

You have the Right to:

  • Be informed about your personal information, how it is processed, and who is receiving data
  • Correct incorrect personal information
  • Delete personal information which is no longer needed
  • Have your personal information protected

Keep in mind the email to report data breaches or suspicious activity is the following: [email protected]

  1. While you may not be exposed to or have access to personal information, it is important to understand the protections that are required:
  2. Collect only the information necessary to handle the customer query.
  3. Capture data correctly and precisely.
  4. Enter the data only in the tools authorized to process it.
  5. When using free text fields, such as comments fields, only enter facts, in a respectful way, without entering personal information.
  6. Carefully follow all processes as instructed and required.
  7. Share information only with the authorized persons.
  8. While on the phone, always verify with whom you are speaking and verify that you are speaking with an adult.
  9. Sensitive personal information requires the additional protection of being encrypted when not in use.
  10. Personal information must be: secured at all times and limited access to only those who have a need to view or use it.
  11. Securely transported, stored and accessed.
  12. Used only for the purpose collected.
  13. Securely deleted when it's no longer needed and as mandated by Sitel data retention policy.
  14. As Sitel associates were not allowed to:
  15. Share an individual's personal information with unauthorized third parties or anyone else who does not have the appropriate access
  16. authorization.
  17. Process personal information outside authorized environment.
  18. Process sensitive personal information except where expressly authorized by our clients.

how Personal Information and Sensitive Personal Information transfers occur.

  • All data transfers within Sitel must first and foremost comply with our Security and Privacy policies. Transfers may require an inter-company agreement between Sitel subsidiaries in order to facilitate the movement of personal information and sensitive personal information from country to country.
  • When moving Personal Information/Sensitive Personal Information, you must use an approved and authorized Sitel systems and the data must be encrypted when transmitted between sites (Sitel or third party).
  • Moving Personal Information/Sensitive Personal Information can be done via the internet through a secure Virtual Private Network (VPN) for classified data.
  • Sitel internal email can be used to transfer Personal Information/Sensitive Personal Information ONLY when the data is encrypted. Alternate ways to share data internally include secure SharePoint sitessecure VPN, and SFTP sites.

international transfers of Personal Information and Sensitive Personal Information.

  • Cross-border transfers of personal information involve complicated compliance issues that may implicate more than one nation’s privacy laws.
  • If you are involved in any business operation that may involve any cross-border transfer of personal information, first consult with the Privacy Team to identify the proper processes and protections to ensure compliance with the law.  
  • An example of cross border transfer: A call center agent in the Philippines takes a call and captures personal information which is stored on a server in Belgium.
  • Knowing the country where the data is coming from and where it is going to will help identify the laws that govern the data movement, processing, access, and storage.

Today I will be talking about how to properly dispose of and/or destroy Personal Information

and Sensitive Personal Information.

It is important for you to note that confidential information disposed or destroyed improperly

can constitute a risk to Sitel, its clients and their customers.

The information owners of paper and electronic information are responsible to decide if and

when the information needs to be destroyed.

Client data destruction should be governed by the client agreement(s).

If the data is to be returned to the client, it needs to be transferred back to the client

in a secure manner.

Once the data transfer is completed, confirm with the client that the data has arrived

safely, can be accessed, and is complete prior to destroying it on our systems.

Sitel specific data destruction must comply with our Global Data policy and Data Retention


Rules vary by country; some local laws may apply also. Please consult with the Privacy

Team as needed.

Data must be disposed of in a secure manner so that the data is irretrievable, unreadable,

and unusable.

Only approved third party data destruction vendors should be used

Data destruction certificates should be retained in the site

Return of Personal Information/Sensitive Personal Information applies to Sitel, but

also to its vendors.

This has to be covered by contract.

Always take permission from the information owners before to deleting client or Sitel


Always use a method of disposal appropriate to the classification level of the information.

Always destroy information approved for destruction immediately and efficiently.

Never take electronic or paper copies of information off-site or distribute outside

your team, even to a client, unless you are authorized to do so


due to the amount of information stored electronically, it is essential that any equipment is wiped clean of information before reuse or disposal."

When getting rid of old electronic equipment or when relocating equipment to a new client campaign, either on or off-site, it must have its hard disk and RAM wiped of all information or removed by IT.


All equipment movement and disposal must follow appropriate regional procedures to ensure asset management is maintained.

In many regions, there are legal requirements for the disposal of electronic equipment. Each region has procedures to be followed addressing safe disposalgifting to schools or associates, etc.

 leaving a workstation without logging off the computer can be considered a data breach. In addition, unauthorized use of cloud storage is not allowed and is also a breach of Sitel’s privacy policies. A security incident occurs when Personal Information/Sensitive Personal Information or protected or confidential data is copiedtransmitted, viewedstolenused in an unauthorized manner, or used by an individual not authorized to do so. Breaches can be intentional or unintentional

Send an email to Sitel’s privacy team!

If you know or suspect that personal information or other confidential data is not being stored, used, or transmitted in accordance with Sitel’s privacy policies, even if a breach has not occurred, contact Sitel’s Privacy team at [email protected] with any questions or concerns.


Crimes and Consequences


Violations of these type are taken seriously because of the implications associated with being careless. Therefore, it’s important you familiarize yourself with Sitel’s Privacy Policy and rules associated with your workplace.

It is clear Beatriz didn’t mean any harm by leaving her computer unlocked, however, she’s now in her manager’s office getting an earful about the implications of violating data privacy laws and regulations.

Implications of violating data privacy laws and regulations which could include:

  • Imprisonment
  • Personal liability
  • Failure to meet client contract requirements
  • Class action law suits
  • Regulatory fines

-Implications of violating data privacy laws and regulations


You, Elias and his co-wokers are now well-versed at Sitel's Privacy Policies and ready to handle any

interaction with Personal Information and Sensitive Personal Information

in a professional and appropriate manner. Just to recap a few highlights covered during today's training, includinding reviewing Sitel's policies

your key responsibilities for mantaining data privacy, how to identify

privacy risks associated with your role, how to correctly handle and dispose personal information and

finally, you are now familiar with the process to report a data breach. As I mentioned at the start of this course,

Privacy must be a part of our everyday work activities and by joining together, we assure a private and secure environment

Thank you for completing this course and playing a key role in mantaining Sitel's high privacy standards. Good luck on your final assessment!

Embracing Our Differences

The great obstacle to progress is prejudice. -Christian Nestell Bovee

Discrimination is a vast and controversial topic and we are not going to discuss every inch of it. Here, we will only focus on how we can overcome it in the workplace.

Before we can overcome this hurdle toward a more forward-thinking society, we must first acknowledge that workplace discrimination does exist. But how many of you are aware of what is happening?

  • Age Discrimination
  • race discrimination
  • religion discrimination

When you hear the words prejudice, discrimination, bigotry, or bias, what do they mean to you? What do these words remind you of?

prejudice and discrimination.

Prejudice - prejudgement - an unjustified, typically negative attitude toward a person or  group.

gender, ethnic, socioeconomic status, culture

*prejudice, stereotyping and discrimination are 3 different things

Stereotype - an overgeneralized belief about a particular group of people (it doesn't require to be negative. it can be true sometimes)

When stereotypic beliefs combined with prejudice attitude and emotions like fear and hostility. They can drive the behavior called Discrimination

Dual Process Theories

  • Implicit thoughts
  • Explicit thoughts

Sitel is committed to continuously cultivating a diverse and inclusive workforce by promoting awareness and driving equity.

 diversity, equity, and inclusion


Understanding Biases

The ABS's of Bias

Psychology Today defines bias as "a natural inclination for or against an idea, object, group, or individual. It is often learned and is highly dependent on variables like a person’s socioeconomic status, race, ethnicity, educational background, etc."

To have a better understanding of bias, let’s find out its ABCs.

    • Affective Component - Prejudice or negative feelings toward a person that are based on his or her group membership.
    • Behavioral Component - Discrimination, or the actual actions taken against a person based on their group membership
    • Cognitive Component - Stereotypes, or generalizations about a group.

What causes people to be biased? 

People are naturally biased. We like certain things and dislike others -- a lot of times, without being fully conscious of our prejudice. We acquire this at a young age, often resulting from our upbringing.  

We tend to discriminate between people who are like us (“ingroup”) and those who aren’t (“outgroup.")  

We all have some degree of bias, and not all of them are bad.

unconscious biases and discrimination

12 common biases

  1. anchoring biases (first info)
  2. availability heuristic bias (news)
  3. bandwagon effect (group)
  4. choice support bias (brand)
  5. confirmation bias (focus on confirming the info he already know)
  6. ostrich bias (ignoring negative info)
  7. outcome bias (decide if its wrong or right based on outcome)
  8. overconfidence (solely rely on your opinion)
  9. placebo (belief certain thing will heal you even if you wont)
  10. survivor bias (believe on people who succeed already)
  11. selective perception 
  12. blind spot bias (you are biased because you think you are less bias)


Age discrimination is based on the belief that older employees aren't as competent or capable of performing a job as younger employees. This idea could be a result of a person's belief that a person's age is related to their work abilities, knowledge, or skill. The bias tends to favor young driven employees.


Conformity bias is similar to peer pressure in the sense that a group's opinion can affect the opinion or decision-making of another person.

This is most common during meetings and other team gatherings. For example, members of a team can sway the opinion of another person which can affect the behavior or actions of the team as a whole


Weight bias is the judgment of another person because they are heavier or lighter than the average weight. This bias affects people of all backgrounds, both male and female employees, regardless of the person's workability.


Affinity bias is based on the idea that people are naturally drawn to like other people who are similar to themselves. These similarities can be based on criteria such as age, race, gender, and more.


This is most common during interviews. This unconscious bias can lead to a less diverse workplace if it has an influence on whether certain candidates are hired or not.


This bias happens when a person wants to confirm information or ideas that they made prior to a situation. This means that they are simply looking to feel like they are right, even if that means ignoring the truth or good ideas.


This bias can negatively affect people's decision-making. For example, if you think that your business has been doing well in the past, you may think that the company is ready for success in the future. This can blind you to the fact that you may need to adjust your business strategies if you want your company to survive and continue to grow.


This bias is an unconscious bias where a person judges another person based on how attractive they seem to be. This can have a negative effect on a company as it ignores the work capabilities of an employee for their attractiveness. This affects both male and female employees.


Gender bias is when one particular sex is treated more favorably than the other sex. This means that a person can receive better treatment in the form of hiring, getting promotions, or other work perks without involving harassment like "quid pro quo".


Gender bias notably affects women more than men. Despite having the same capabilities, women are typically treated less favorably, resulting in an imbalance in the workforce.

LGBTQIA+ is an inclusive term that includes people of all genders and sexualities, such as lesbian, gay, bisexual, transgender, questioning, queer, intersex, asexual, pansexual, and allies. 


Cissexism - Negative attitude toward people who don’t identify with the sex they were assigned at birth

Homophobia - Negative attitudes toward members of the 2SLGBTQ+(opens in a new tab) community.

Sexism - Negative attitudes based on gender identity, gender expression, and/or sex assigned at birth

Philippine Corporate SOGIE Diversity and Inclusiveness (CSDI) Index

  • Feminine - Expresses qualities and characteristics typically associated with femininity.

  • 2



    Masculine - Expresses qualities and characteristics typically associated with masculinity. 

  • 3



    Androgynous - Expresses both typically feminine and typically masculine qualities ambiguously, or expresses typically neither.